CWE-319: CWE-319

Quassel IRC client versions through 0.13.1 fail to enforce SSL/TLS when started with the --require-ssl flag if a valid X.509 certificate is not availa...

CVE-2020-27185 allows attackers to intercept authentication data, device configurations, and other sensitive information transmitted in cleartext via ...

CVE-2021-31671 is an information disclosure vulnerability in pgsync that can expose sensitive database connection parameters. When using --schema-firs...

This vulnerability in Advantech Spectre RT ERT351 routers allows attackers to intercept login credentials transmitted in clear text. Affected systems ...

IBM API Connect V10 uses unencrypted database replication traffic, allowing attackers to intercept and view sensitive data. This affects organizations...

This vulnerability allows unauthenticated attackers on the same network to intercept sensitive data transmitted to the web interface due to HTTP being...

The Pixmeo Osirix MD Web Portal transmits user credentials in cleartext without encryption, allowing attackers to intercept and steal login informatio...

The Cloudflare WARP client for Windows incorrectly assigns Unique Local IPv6 addresses instead of loopback addresses for DNS servers when connected ov...

CVE-2022-1524 affects LRM (Logistics Resource Management) versions 2.4 and lower, which lack TLS encryption for data transmission. This allows attacke...

This vulnerability in HTCondor allows attackers who can intercept network traffic to interfere with user jobs and data. It affects HTCondor installati...

The Meross Smart Wi-Fi 2 Way Wall Switch (MSS550X) creates an open Wi-Fi access point without encryption during initial setup, allowing remote attacke...

CVE-2021-23018 is a cleartext communication vulnerability in NGINX Controller where intra-cluster services communicate without TLS encryption. This al...

This vulnerability allows attackers on the same network to intercept and view sensitive information transmitted by affected Apple devices. It affects ...

Dell PowerScale OneFS versions 8.2.2.x through 9.7.0.x transmit sensitive information in cleartext, allowing a local low-privileged attacker to interc...

This vulnerability in Avira Phantom VPN for macOS allows attackers to bypass VPN encryption and redirect traffic to arbitrary IP addresses in plaintex...

The Amazon SageMaker Python SDK before v3.2.0 and v2.256.0 exposes the ModelBuilder HMAC signing key in cleartext via the DescribeTrainingJob API. Thi...

The Process Optimization application suite uses unencrypted communication channels by default, allowing attackers to intercept, modify, or steal sensi...

This vulnerability in goTenna v1 devices allows attackers to intercept command channels containing next-hop information, which can be used to break fr...

This vulnerability involves cloud infrastructure transmitting sensitive data without encryption, allowing attackers to intercept, manipulate, or expos...

This CVE describes a cleartext transmission vulnerability in MOD3 command traffic between monitoring applications and inverters. Attackers on the loca...

This CVE describes a physical attack vulnerability in Moxa industrial computers where an attacker with invasive physical access can capture TPM commun...

Kerlink gateways running KerOS versions before 5.10 expose their web interface over unencrypted HTTP only, without HTTPS support. This allows man-in-t...

SAP Commerce Cloud (Public Cloud) has a vulnerability where HTTP port 80 cannot be fully disabled, only redirected to HTTPS port 443. This exposes the...

This privilege escalation vulnerability allows authenticated Lenovo XClarity Administrator (LXCA) users to gain elevated permissions on connected XCla...

This privilege escalation vulnerability in Lenovo XClarity Controller Administrator (LXCA) with Single Sign-On enabled allows attackers to hijack auth...

This vulnerability allows attackers with brief physical access to Netun Solutions HelpFlash IoT devices to execute arbitrary code by exploiting the in...

A vulnerability in TeamViewer DEX Client's Content Distribution Service (NomadBranch.exe) allows attackers on adjacent networks to force encrypted UDP...

Dell ECS and ObjectScale systems transmit sensitive information in cleartext via Fabric Syslog, allowing unauthenticated attackers with network access...

Open WebUI transmits credentials in plaintext, allowing network-adjacent attackers to intercept authentication data without authentication. This affec...

CVE-2025-27457 is a cleartext transmission vulnerability in VNC communications that allows attackers to intercept unencrypted traffic between VNC serv...

This vulnerability allows network-adjacent attackers to intercept and tamper with TrueNAS firmware update files transmitted in cleartext. Attackers ca...

This vulnerability in .NET and Visual Studio allows attackers to read sensitive information from memory that should be protected. It affects applicati...

Octopus Server versions before 2024.2.10998 may expose sensitive variables like passwords and API keys in task logs in clear-text under certain circum...

This vulnerability allows authenticated malicious users to retrieve SMTP passwords in cleartext from systems where passwords are masked with asterisks...

This vulnerability exposes Netgear C7800 router administrative credentials to eavesdropping attacks. Attackers can intercept base64-encoded credential...

CVE-2024-32864 is a security misconfiguration vulnerability in exacqVision Web Services where HTTPS enforcement fails under certain circumstances, all...

SkyScrape version 1.0.0 transmits API requests over unsecured HTTP instead of HTTPS, exposing temporary AWS credentials and sensitive infrastructure d...

The Flock Safety Pisco Android application contains a hardcoded Auth0 client secret in its codebase, allowing attackers to extract this credential thr...

IBM App Connect Enterprise Certified Container transmits sensitive data in clear text without encryption, allowing attackers to intercept information ...

HCL DevOps Deploy transmits sensitive information in cleartext over HTTP instead of redirecting to HTTPS as intended. This allows attackers with netwo...

IBM DevOps Deploy versions 8.1 through 8.1.2.3 transmit sensitive data in unencrypted plain text, allowing attackers to intercept and read confidentia...

This CVE describes a cleartext transmission vulnerability in Socomec DIRIS Digiware M-70's WEBVIEW-M functionality, allowing attackers to intercept un...

IBM Guardium Data Protection transmits sensitive credential information in cleartext, allowing remote attackers to intercept and obtain authentication...

IBM Security Verify Access Appliance and Container versions 10.0.0 through 10.0.8 transmit sensitive data in cleartext over network channels, allowing...

IBM Security Verify Governance 10.0.2 Identity Manager transmits user credentials in clear text during communication, allowing attackers to intercept ...

CVE-2021-29892 is an information disclosure vulnerability in IBM Cognos Controller where HTTP Strict Transport Security (HSTS) is not properly enabled...

CVE-2024-37183 allows attackers to capture plain text credentials and session IDs using network sniffing tools. This affects industrial control system...

This vulnerability allows unprivileged users on the local network to view live video streams transmitted in cleartext. It affects Gallagher NxWitness ...

This vulnerability in Foreseer Reporting Software (FRS) allows session cookies to be transmitted over unencrypted HTTP connections due to missing Secu...

This vulnerability in ThinkPlus configuration software allows local authenticated users to access sensitive device information they shouldn't normally...