CWE-319: CWE-319

The General Industrial Controls Lynx+ Gateway transmits sensitive data including credentials in cleartext, allowing attackers to intercept network tra...

This vulnerability allows unauthorized remote attackers to intercept login credentials transmitted in cleartext to affected products' Web-UI. Attacker...

IBM Aspera HTTP Gateway versions 2.0.0 through 2.3.1 store sensitive information in plain text files that can be accessed by unauthenticated users. Th...

This vulnerability allows remote unauthenticated attackers to intercept SLMP communication messages in Mitsubishi Electric MELSEC iQ-F Series CPU modu...

Ecovacs Deebot T10 robot vacuum transmits Wi-Fi credentials in unencrypted plaintext during device pairing, allowing attackers on the same network to ...

This vulnerability allows attackers to intercept unencrypted network traffic and steal authentication credentials from affected servers. It affects sy...

This vulnerability exposes REST API communications to interception by using unencrypted HTTP instead of HTTPS. Attackers can eavesdrop on traffic betw...

This vulnerability allows unencrypted transmission of Server Name Indication (SNI) data even when encrypted DNS is enabled, potentially exposing which...

SaTECH BCU firmware version 2.1.3 transmits sensitive data including credentials over unencrypted HTTP, allowing attackers to intercept and use this i...

This vulnerability allows network-adjacent attackers to perform man-in-the-middle attacks against Bitdefender Box devices during updates, potentially ...

This vulnerability allows attackers to intercept unencrypted sensitive data transmitted over networks, potentially exposing credentials, configuration...

The Forever KidsWatch Call Me KW-50 smartwatch transmits sensitive information without encryption, allowing attackers to intercept communications betw...

This vulnerability allows attackers to intercept sensitive information transmitted in cleartext by the acep-collector service in Acronis Cyber Protect...

The AI ChatBot with ChatGPT and Content Generator WordPress plugin before version 2.1.0 exposes OpenAI API keys to unauthenticated users. This allows ...

This vulnerability in SyroTech SY-GPON-1110-WDONT routers allows attackers to intercept passwords transmitted in plain text during HTTP sessions. Succ...

This vulnerability in TARGIT Decision Suite exposes session tokens in URLs during HTTP sessions, allowing attackers to intercept and hijack user sessi...

This vulnerability in NASA AIT-Core's Python Pickle library allows attackers to execute arbitrary code through deserialization of untrusted data. It a...

This vulnerability in NASA AIT-Core's API wait function allows attackers to execute arbitrary code by sending a specially crafted string. It affects N...

IBM Security Verify Access versions 10.0.0.0 through 10.0.6.1 use insecure protocols in some instances, allowing attackers on the same network to pote...

This vulnerability in EBYTE E880-IR01-V1.1 devices allows attackers to retrieve sensitive information, likely including passwords, by sending speciall...

This vulnerability in Skyworth Router CM5100 allows attackers to intercept authentication credentials transmitted in plaintext over the network. By ea...

This vulnerability in Stormshield Network Security (SNS) logs user passwords containing equals signs or spaces in cleartext when processed by the serv...

LOYTEC LINX Configurator transmits authentication credentials in base64-encoded cleartext over HTTP, allowing attackers to intercept and decode userna...

LOYTEC LINX Configurator transmits admin credentials as unencrypted URL parameters, allowing attackers to intercept and steal passwords. This vulnerab...

This vulnerability in Botan's bcrypt implementation incorrectly handles passwords between 57-72 characters, allowing attackers to more easily crack ha...

ASUS RT-AC66U B1 routers transmit sensitive information without encryption, allowing attackers on the same network to intercept credentials and config...

This vulnerability in SICK ICR890-4 industrial cameras allows attackers to intercept unencrypted network traffic containing sensitive information. Any...

This Android kernel vulnerability allows unencrypted data transmission over cellular networks due to insecure default settings, potentially exposing s...

The Hitron CODA-5310 router's Telnet service transmits sensitive data like user credentials in plaintext without encryption. Unauthenticated remote at...

Snap One OvrC Pro devices prior to version 7.3 download programs over unencrypted HTTP connections instead of HTTPS, making them vulnerable to man-in-...

This vulnerability affects SAUTER Controls Nova 200-220 Series building automation controllers and BACnetstac software, allowing attackers to intercep...

CVE-2022-45546 is an information disclosure vulnerability in ScreenCheck BadgeMaker 2.6.2.0 that allows internal attackers to capture authentication c...

LS ELECTRIC XBC-DN32U programmable logic controllers transmit sensitive information like user credentials in cleartext over the XGT protocol. This all...

CVE-2022-40693 is a cleartext transmission vulnerability in Moxa SDS-3008 industrial switches that allows attackers to intercept sensitive information...

Couchbase Server versions before 6.6.6, 7.0.5, and 7.1.2 expose sensitive information to unauthorized actors. This vulnerability allows attackers to a...

Omron PLCs transmit passwords in cleartext when setting or clearing UM Protection, allowing attackers to intercept credentials. This affects Omron CS,...

This vulnerability allows adjacent attackers to intercept cleartext credentials and configuration data transmitted by STARDOM FCN and FCJ industrial c...

CVE-2022-26077 is a cleartext transmission vulnerability in Open Automation Software OAS Platform that exposes sensitive configuration data during net...

CVE-2022-30993 allows attackers to intercept sensitive information transmitted in cleartext between Acronis Cyber Protect components. This affects Acr...

CVE-2021-40392 is an information disclosure vulnerability in Moxa MXView network management software where unencrypted network traffic exposes sensiti...

Automation Direct CLICK PLC CPU modules with vulnerable firmware transmit passwords in plaintext during unlocking and project transfers. This allows a...

This vulnerability allows unauthorized actors to intercept sensitive medical data transmitted in cleartext by Philips Vue PACS systems. Attackers can ...

This vulnerability allows attackers to intercept administrator credentials for TOTOLINK X5000R routers because the admin interface uses unencrypted HT...

This vulnerability in MediaTek modem EMM (Evolved Mobility Management) allows remote attackers to access sensitive information without authentication ...

This vulnerability exposes Netgear Nighthawk R6700 router credentials to interception by using unencrypted HTTP instead of HTTPS for web interface com...

Trendnet AC2600 TEW-827DRU routers transmit sensitive information like passwords in cleartext because HTTPS is disabled by default. This affects users...

The ksmbd SMB server in Linux kernels up to 5.15.8 incorrectly sets encryption flags when using SMB 3.1.1, causing Windows 10 clients to disable encry...

This vulnerability in Datalust Seq.App.EmailPlus allows email notifications to be sent via unencrypted SMTP on port 25 when encryption on port 465 was...

LaraCMS v1.0.1 transmits sensitive information in cleartext, allowing attackers to intercept credentials, session tokens, and other confidential data....

This vulnerability in Arm Mbed TLS allows a remote attacker to recover plaintext from encrypted communications due to an incomplete Lucky 13 counterme...