| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| IBM Guardium Data Protection could allow a remote attacker to obtain sensitive information due to cleartext transmission of sensitive credential information. |
| The TeleMessage service through 2025-05-05 stores certain cleartext information in memory, even though memory content may be accessible to an adversary through various avenues. |
| The D-Link DIR-300 router stores cleartext passwords, which allows context-dependent attackers to obtain sensitive information via unspecified vectors. |
| A cleartext transmission of sensitive information vulnerability in the affected products allows an unauthorized remote attacker to gain login credentials and access the Web-UI. |
| Intelbras IWR 3000N 1.9.8 exposes the Wi-Fi password in plaintext via the /api/wireless endpoint. Any unauthenticated user on the local network can directly obtain the Wi-Fi network password by querying this endpoint. |
| The Sante PACS Server Web Portal sends credential information without encryption. |
| Cleartext Transmission of Sensitive Information vulnerability in Dolusoft Omaspot allows Interception, Privilege Escalation.This issue affects Omaspot: before 12.09.2025. |
| Cleartext Storage of Sensitive Information, Exposure of Sensitive Information Through Data Queries vulnerability in Finrota Netahsilat allows Retrieve Embedded Sensitive Data, Authentication Bypass, IMAP/SMTP Command Injection, Collect Data from Common Resource Locations.
This issue solved in versions 1.21.10, 1.23.01, 1.23.08, 1.23.11 and 1.24.03. |
| Sensys Networks VSN240-F and VSN240-T sensors VDS before 2.10.1 and TrafficDOT before 2.10.3 do not use encryption, which allows remote attackers to interfere with traffic control by replaying transmissions on a wireless network. |
| Ecava IntegraXor before 4.1.4393 allows remote attackers to read cleartext credentials for administrative accounts via SELECT statements that leverage the guest role. |
| SaTECH BCU in its firmware version 2.1.3 uses the HTTP protocol. The use of the HTTP protocol for web browsing has the problem that information is exchanged in unencrypted text. Since sensitive data such as credentials are exchanged, an attacker could obtain them and log in legitimately. |
| Insecure key exchange between Delinea PAM Secret Server 11.4 and the Distributed Engine 8.4.3 allows a PAM administrator to obtain the Symmetric Key (used to encrypt RabbitMQ messages) via crafted payloads to the /pre-authenticate, /authenticate, and /execute-and-respond REST API endpoints. This makes it possible for a PAM administrator to impersonate the Engine and exfiltrate sensitive information from the messages published in the RabbitMQ exchanges, without being audited in the application. |
| HCL IEM is affected by an authorization token sent in cookie vulnerability. A token used for authentication and authorization is being handled in a manner that may increase its exposure to security risks. |
| HCL IEM is affected by a password in cleartext vulnerability. Sensitive information is transmitted without adequate protection, potentially exposing it to unauthorized access during transit. |
| Insecure Data Storage of credentials has been found in /api_vedo/configuration/config.yml file in Vedo Suite version 2024.17. This file contains clear-text credentials, secret keys, and database information. |
| Cleartext Storage of Sensitive Information in Memory vulnerability in ABB MConfig.This issue affects MConfig: through 1.4.9.21. |
| An insecure implementation of the proprietary protocol DNET in Product CGM MEDICO allows attackers within the intranet to eavesdrop and manipulate data on the protocol because encryption is optional for this connection. |
| The YoSmart YoLink Smart Hub firmware 0382 is unencrypted, and data extracted from it can be used to determine network access credentials. |
| PrinterShare Android application allows the capture of Gmail authentication tokens that can be reused to access a user's Gmail account without proper authorization. |
| upAdminPg.asp in Advantech WebAccess before 7.2 allows remote authenticated users to discover credentials by reading HTML source code. |
