Cleartext Transmission of Sensitive Information

The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

CVEs (882)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-35495 - - Oct 30, 2024 Sep 30, 2024 N/A· v4 4.3 MEDIUM· v3 N/A· v2 An Information Disclosure vulnerability in the Telemetry component in TP-Link Kasa KP125M V1.0.0 and Tapo P125M 1.0.0 Build 220930 Rel.143947 allows attackers to observe device state via observing network traffic.
CVE-2024-7713 1Ays Pro 1Chatgpt Assistant Mar 18, 2025 Sep 27, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 The AI ChatBot with ChatGPT and Content Generator by AYS WordPress plugin before 2.1.0 discloses the Open AI API Key, allowing unauthenticated users to obtain it
CVE-2024-47124 1Gotenna 1Gotenna Pro Oct 17, 2024 Sep 26, 2024 2.3 LOW· v4 6.5 MEDIUM· v3 N/A· v2 The goTenna Pro App does not encrypt callsigns in messages. It is recommended to not use sensitive information in callsigns when using this and previous versions of the app and update your app to the current app versi...Show more The goTenna Pro App does not encrypt callsigns in messages. It is recommended to not use sensitive information in callsigns when using this and previous versions of the app and update your app to the current app version which uses AES-256 encryption for callsigns in encrypted operation.Show less
CVE-2024-45838 1Gotenna 1Gotenna Oct 17, 2024 Sep 26, 2024 2.3 LOW· v4 4.3 MEDIUM· v3 N/A· v2 The goTenna Pro ATAK Plugin does not encrypt callsigns in messages. It is advised to not use sensitive information in callsigns when using this and previous versions of the plugin. Update to current plugin version whi...Show more The goTenna Pro ATAK Plugin does not encrypt callsigns in messages. It is advised to not use sensitive information in callsigns when using this and previous versions of the plugin. Update to current plugin version which uses AES-256 encryption for callsigns in encrypted operationShow less
CVE-2024-8059 - - Sep 14, 2024 Sep 13, 2024 N/A· v4 4.3 MEDIUM· v3 N/A· v2 IPMI credentials may be captured in XCC audit log entries when the account username length is 16 characters.
CVE-2024-45101 - - Sep 14, 2024 Sep 13, 2024 N/A· v4 6.8 MEDIUM· v3 N/A· v2 A privilege escalation vulnerability was discovered when Single Sign On (SSO) is enabled that could allow an attacker to intercept a valid, authenticated LXCA user’s XCC session if they can convince the user to click on...Show more A privilege escalation vulnerability was discovered when Single Sign On (SSO) is enabled that could allow an attacker to intercept a valid, authenticated LXCA user’s XCC session if they can convince the user to click on a specially crafted URL.Show less
CVE-2024-43180 1Ibm 1Concert Sep 20, 2024 Sep 13, 2024 N/A· v4 4.3 MEDIUM· v3 N/A· v2 IBM Concert 1.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user...Show more IBM Concert 1.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic.Show less
CVE-2024-44105 1Ivanti 1Workspace Control Jun 12, 2025 Sep 10, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 Cleartext transmission of sensitive information in the management console of Ivanti Workspace Control before version 2025.2 (10.19.0.0) allows a local authenticated attacker to obtain OS credentials.
CVE-2024-41927 1Idec 91Ft1a B12ra Firmware Ft1a B24ra FirmwareFt1a H12ra Firmware+88 more Jul 2, 2025 Sep 4, 2024 N/A· v4 4.6 MEDIUM· v3 N/A· v2 Cleartext transmission of sensitive information vulnerability exists in multiple IDEC PLCs. If an attacker sends a specific command to PLC's serial communication port, user credentials may be obtained. As a result, the p...Show more Cleartext transmission of sensitive information vulnerability exists in multiple IDEC PLCs. If an attacker sends a specific command to PLC's serial communication port, user credentials may be obtained. As a result, the program of the PLC may be obtained, and the PLC may be manipulated.Show less
CVE-2024-39746 1Ibm 1Sterling Connect Direct Web Services Sep 29, 2025 Aug 22, 2024 N/A· v4 5.9 MEDIUM· v3 N/A· v2 IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could ex...Show more IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques.Show less
CVE-2024-31905 1Ibm 1Qradar Network Packet Capture Sep 29, 2025 Aug 15, 2024 N/A· v4 5.9 MEDIUM· v3 N/A· v2 IBM QRadar Network Packet Capture 7.5 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability t...Show more IBM QRadar Network Packet Capture 7.5 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques.Show less
CVE-2024-31799 1Gncchome 1Gncc C2 Firmware Aug 16, 2024 Aug 15, 2024 N/A· v4 4.6 MEDIUM· v3 N/A· v2 Information Disclosure in GNCC's GC2 Indoor Security Camera 1080P allows an attacker with physical access to read the WiFi passphrase via the UART Debugging Port.
CVE-2024-38167 1Microsoft 2.net Visual Studio 2022 Aug 16, 2024 Aug 13, 2024 N/A· v4 6.5 MEDIUM· v3 N/A· v2 .NET and Visual Studio Information Disclosure Vulnerability
CVE-2024-7408 1Airveda 1Pm2.5 Pm10 Monitor Firmware Aug 13, 2024 Aug 12, 2024 8.6 HIGH· v4 6.5 MEDIUM· v3 N/A· v2 This vulnerability exists in Airveda Air Quality Monitor PM2.5 PM10 due to transmission of sensitive information in plain text during AP pairing mode. An attacker in close proximity could exploit this vulnerability by ca...Show more This vulnerability exists in Airveda Air Quality Monitor PM2.5 PM10 due to transmission of sensitive information in plain text during AP pairing mode. An attacker in close proximity could exploit this vulnerability by capturing Wi-Fi traffic of Airveda-AP. Successful exploitation of this vulnerability could allow the attacker to cause Evil Twin attack on the targeted system.Show less
CVE-2024-38891 1Horizoncloud 1Caterease Feb 24, 2026 Aug 2, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a remote attacker to perform a Sniffing Network Traffic attack due to the cleartext transmission of...Show more An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a remote attacker to perform a Sniffing Network Traffic attack due to the cleartext transmission of sensitive information.Show less
CVE-2024-32864 1Johnsoncontrols 1Exacqvision Web Service Aug 9, 2024 Aug 1, 2024 N/A· v4 8.1 HIGH· v3 N/A· v2 Under certain circumstances exacqVision Web Services will not enforce secure web communications (HTTPS)
CVE-2024-41262 1Codenotary 1Immudb Jul 10, 2025 Jul 31, 2024 N/A· v4 7.4 HIGH· v3 N/A· v2 mmudb v1.9.3 was discovered to use the HTTP protocol in the ShowMetricsRaw and ShowMetricsAsText functions, possibly allowing attackers to intercept communications via a man-in-the-middle attack.
CVE-2024-41687 1Syrotech 1Sy Gpon 1110 Wdont Firmware Nov 21, 2024 Jul 26, 2024 8.6 HIGH· v4 7.5 HIGH· v3 N/A· v2 This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to transmission of password in plain text. A remote attacker could exploit this vulnerability by intercepting transmission within an HTTP session on the...Show more This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to transmission of password in plain text. A remote attacker could exploit this vulnerability by intercepting transmission within an HTTP session on the vulnerable system. Successful exploitation of this vulnerability could allow the attacker to gain unauthorized access to the targeted system.Show less
CVE-2024-6972 1Octopus 1Octopus Server Jul 2, 2025 Jul 25, 2024 N/A· v4 6.5 MEDIUM· v3 N/A· v2 In affected versions of Octopus Server under certain circumstances it is possible for sensitive variables to be printed in the task log in clear-text.
CVE-2024-41124 - - Nov 21, 2024 Jul 19, 2024 N/A· v4 6.3 MEDIUM· v3 N/A· v2 Puncia is the Official CLI utility for Subdomain Center & Exploit Observer. `API_URLS` is utilizing HTTP instead of HTTPS for communication that can lead to issues like Eavesdropping, Data Tampering, Unauthorized Data Ac...Show more Puncia is the Official CLI utility for Subdomain Center & Exploit Observer. `API_URLS` is utilizing HTTP instead of HTTPS for communication that can lead to issues like Eavesdropping, Data Tampering, Unauthorized Data Access & MITM Attacks. This issue has been addressed in release version 0.21 by using https rather than http connections. All users are advised to upgrade. There is no known workarounds for this vulnerability. Show less

Previous 1...111213...45 Next