Export limit exceeded: 362865 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 362865 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (4593 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-59448 1 Yosmart 3 Yolink Hub, Yolink Mobile Application, Yolink Mqtt Broker 2026-04-15 4.7 Medium
Components of the YoSmart YoLink ecosystem through 2025-10-02 leverage unencrypted MQTT to communicate over the internet. An attacker with the ability to monitor network traffic could therefore obtain sensitive information or tamper with the traffic to control affected devices. This affects YoLink Hub 0382, YoLink Mobile Application 1.40.41, and YoLink MQTT Broker. NOTE: The vendor states that the vulnerability described (related to insecure transmission) only impacts the legacy mobile application logic, not the Hub hardware or firmware. The Hub functions solely as a pass-through (transparent gateway) for LoRa wireless data and does not inspect or process the application layer data.
CVE-2025-48428 1 Gallagher 1 Command Centre 2026-04-15 6.7 Medium
Cleartext Storage of Sensitive Information (CWE-312) in the Gallagher Morpho integration could allow an authenticated user with access to the Command Centre Server to export a specific signing key while in use allowing them to deploy a compromised or counterfeit device on that site. This issue affects Command Centre Server: 9.20 prior to vEL9.20.2819 (MR4), 9.10 prior to vEL9.10.3672 (MR7), 9.00 prior to vEL9.00.3831 (MR8), all versions of 8.90 and prior.
CVE-2025-7215 1 Fnkvision 1 Fnk-gu2 2026-04-15 1.6 Low
A vulnerability, which was classified as problematic, has been found in FNKvision FNK-GU2 up to 40.1.7. Affected by this issue is some unknown functionality of the file /rom/wpa_supplicant.conf. The manipulation leads to cleartext storage of sensitive information. It is possible to launch the attack on the physical device. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used.
CVE-2025-7214 1 Fnkvision 1 Fnk-gu2 2026-04-15 1.6 Low
A vulnerability classified as problematic was found in FNKvision FNK-GU2 up to 40.1.7. Affected by this vulnerability is an unknown functionality of the file /etc/shadow of the component MD5. The manipulation leads to risky cryptographic algorithm. It is possible to launch the attack on the physical device. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used.
CVE-2025-8863 1 Yugabyte 1 Yugabytedb 2026-04-15 3.7 Low
YugabyteDB diagnostic information was transmitted over HTTP, which could expose sensitive data during transmission
CVE-2025-8763 2 Ruijie, Strongswan 3 Eg306mg, Rg-eg, Strongswan 2026-04-15 3.7 Low
A vulnerability was found in Ruijie EG306MG 3.0(1)B11P309. It has been rated as problematic. This issue affects some unknown processing of the file /etc/strongswan.conf of the component strongSwan. The manipulation of the argument i_dont_care_about_security_and_use_aggressive_mode_psk leads to missing encryption of sensitive data. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-9970 1 Abb 1 Mconfig 2026-04-15 7.4 High
Cleartext Storage of Sensitive Information in Memory vulnerability in ABB MConfig.This issue affects MConfig: through 1.4.9.21.
CVE-2024-12094 1 Mogify Infotech 1 Tinxy Mobile App 2026-04-15 N/A
This vulnerability exists in the Tinxy mobile app due to storage of logged-in user information in plaintext on the device database. An attacker with physical access to the rooted device could exploit this vulnerability by accessing its database leading to unauthorized access of user information such as username, email address and mobile number. Note: To exploit this vulnerability, the device must be rooted/jailbroken.
CVE-2025-27532 2026-04-15 6.5 Medium
A vulnerability in the “Backup & Restore” functionality of the web application of ctrlX OS allows a remote authenticated (lowprivileged) attacker to access secret information via multiple crafted HTTP requests.
CVE-2025-61481 1 Mikrotik 2 Routeros, Switchos 2026-04-15 10 Critical
An issue in MikroTik RouterOS v.7.14.2 and SwOS v.2.18 exposes the WebFig management interface over cleartext HTTP by default, allowing an on-path attacker to execute injected JavaScript in the administrator’s browser and intercept credentials.
CVE-2025-11009 1 Mitsubishielectric 1 Gt Designer3 2026-04-15 5.1 Medium
Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric GT Designer3 Version1 (GOT2000) all versions and Mitsubishi Electric GT Designer3 Version1 (GOT1000) all versions allows a local unauthenticated attacker to obtain plaintext credentials from the project file for GT Designer3. This could allow the attacker to operate illegally GOT2000 series or GOT1000 series by using the obtained credentials.
CVE-2025-3442 2026-04-15 N/A
This vulnerability exists in TP-Link Tapo H200 V1 IoT Smart Hub due to storage of Wi-Fi credentials in plain text within the device firmware. An attacker with physical access could exploit this by extracting the firmware and analyzing the binary data to obtain the Wi-Fi credentials stored on the vulnerable device.
CVE-2025-26654 2026-04-15 6.8 Medium
SAP Commerce Cloud (Public Cloud) does not allow to disable unencrypted HTTP (port 80) entirely, but instead allows a redirect from port 80 to 443 (HTTPS). As a result, Commerce normally communicates securely over HTTPS. However, the confidentiality and integrity of data sent on the first request before the redirect may be impacted if the client is configured to use HTTP and sends confidential data on the first request before the redirect.
CVE-2025-44251 2026-04-15 7.5 High
Ecovacs Deebot T10 1.7.2 transmits Wi-Fi credentials in cleartext during the pairing process.
CVE-2025-41718 1 Murrelektronik 4 Firmware Impact67 Pro 54620, Firmware Impact67 Pro 54630, Firmware Impact67 Pro 54631 and 1 more 2026-04-15 7.5 High
A cleartext transmission of sensitive information vulnerability in the affected products allows an unauthorized remote attacker to gain login credentials and access the Web-UI.
CVE-2025-41708 1 Bender 5 Cc612, Cc613, Icc13xx and 2 more 2026-04-15 7.4 High
Due to an unsecure default configuration HTTP is used instead of HTTPS for the web interface. An unauthenticated attacker on the same network could exploit this to learn sensitive data during transmission.
CVE-2025-4394 2026-04-15 6.8 Medium
Medtronic MyCareLink Patient Monitor uses an unencrypted filesystem on internal storage, which allows an attacker with physical access to read and modify files. This issue affects MyCareLink Patient Monitor models 24950 and 24952: before June 25, 2025
CVE-2025-41647 2026-04-15 5.5 Medium
A local, low-privileged attacker can learn the password of the connected controller in PLC Designer V4 due to an incorrect implementation that results in the password being displayed in plain text under special conditions.
CVE-2025-7731 1 Mitsubishi Electric 1 Melsec Iq-f Series 2026-04-15 7.5 High
Cleartext Transmission of Sensitive Information vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series CPU module allows a remote unauthenticated attacker to obtain credential information by intercepting SLMP communication messages, and read or write the device values of the product and stop the operations of programs by using the obtained credential information.
CVE-2025-40680 2026-04-15 N/A
Lack of sensitive data encryption in CapillaryScope v2.5.0 of Capillary io, which stores both the proxy credentials and the JWT session token in plain text within different registry keys on the Windows operating system. Any authenticated local user with read access to the registry can extract these sensitive values.