| CVE-2026-45432 |
2026-06-04 |
This vulnerability exists in GX Earth ONT models due to the transmission of user credentials in plaintext over HTTP in its web management interface. A remote attacker could exploit this vulnerability … |
| CVE-2026-8874 |
2026-06-03 |
Version 3.0.7 of the Securly Chrome Extension downloads JSON files containing crisis alert keywords and filtering rules over unencrypted HTTP via the Fetch API. Other endpoints in the same extension c… |
| CVE-2026-36610 |
2026-06-03 |
Mercusys AC12G (EU) V1 with firmware AC12G(EU)_V1_200909 transmits DDNS credentials over plaintext HTTP with only Base64 encoding. The firmware contains no TLS implementation, allowing man-in-the-midd… |
| CVE-2026-7666 |
2026-06-03 |
An issue was discovered in Django 6.0 before 6.0.6 and 5.2 before 5.2.15.
`django.core.mail.backends.smtp.EmailBackend` in Django fails to prevent reuse of a partially-initialized connection after a f… |
| CVE-2023-52951 |
2026-06-03 |
A cleartext transmission of sensitive information vulnerability in Synology Note Station Client before 2.2.4-703 allows man-in-the-middle attackers to obtain user credential. |
| CVE-2026-10584 |
2026-06-02 |
Proxy server in Graph Explorer before 3.0.1 falls back to HTTP when certificate files are missing, which might allow remote threat actors to obtain sensitive information via interception of requests i… |
| CVE-2026-43625 |
2026-06-01 |
CodexBar prior to 0.32.0 contains a session cookie leakage vulnerability that allows network attackers to intercept imported browser session cookies by exploiting improper redirect handling for Amp an… |
| CVE-2026-25599 |
2026-06-01 |
Missing authentication and clear‑text transmission of data from the heat pumps to the control server, combined with the absence of input validation on aggregated data, can lead to stored XSS that enab… |
| CVE-2026-34126 |
2026-05-28 |
TP-Link has identified a vulnerability in Tapo L535E v1.0 and v3.0, Tapo P300 v1.0, and Tapo D100C v1.0, where Bluetooth communication during the initial setup phase is transmitted in cleartext withou… |
| CVE-2024-47269 |
2026-05-27 |
Cleartext transmission of sensitive information vulnerability in Export Key functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with admi… |
| CVE-2026-48902 |
2026-05-26 |
The password and username reset features created plain http links for https connections if the "Force SSL" flag wasn't explicitly set. |
| CVE-2026-24212 |
2026-05-26 |
NVIDIA Isaac Launchable for Linux contains a vulnerability where sensitive information is transmitted in clear text. A successful exploit of this vulnerability might lead to code execution, escalation… |
| CVE-2026-25608 |
2026-05-22 |
STER uses unencrypted TCP traffic to transmit data over the network. It allows an attacker to conduct a Man-In-The-Middle attack and obtain sensitive data such as passwords, personal data, or authent… |
| CVE-2026-38740 |
2026-05-14 |
Foscam VD1 Video Doorbell before V5.3.13_1072 is vulnerable to Cleartext Transmission of Sensitive Information. The device transmits sensitive Session Description Protocol (SDP), including ICE credent… |
| CVE-2025-62311 |
2026-05-14 |
HCL AION is affected by a vulnerability where backend service details may be transmitted over insecure HTTP channels. This may expose sensitive information to potential interception or unauthorized ac… |
| CVE-2025-62310 |
2026-05-14 |
HCL AION is affected by a vulnerability where encryption is not enforced for certain data transmissions or operations. This may expose sensitive information to potential interception or unauthorized a… |
| CVE-2026-41281 |
2026-05-14 |
Android App "あんしんフィルター for au" provided by KDDI CORPORATION contains Cleartext Transmission of Sensitive Information (CWE-319) vulnerability. A man-in-the-middle attacker may access and modify communi… |
| CVE-2026-6276 |
2026-05-13 |
Using libcurl, when a custom `Host:` header is first set for an HTTP request
and a second request is subsequently done using the same *easy handle* but
without the custom `Host:` header set, the secon… |
| CVE-2026-4873 |
2026-05-13 |
A vulnerability exists where a connection requiring TLS incorrectly reuses an
existing unencrypted connection from the same connection pool. If an initial
transfer is made in clear-text (via IMAP, SMT… |
| CVE-2026-45180 |
2026-05-10 |
Catalyst::Plugin::Statsd versions through 0.10.0 for Perl may leak session ids.
If the communication channel to the statsd daemon is not secured (for example, by sending UDP packets to a host on anot… |