CVE-2026-8673

CVE-2026-8673 describes an unprotected transport of credentials in Avantra from syslink software AG on Linux and Windows, allowing sniffing of credentials. The affected line is Avantra before version 25.3.0. Documented impacts emphasize confidentiality and integrity risks, with CVSS v3.1 indicati...

CVE-2026-33569

Anviz CX2 Lite and CX7 administrative sessions occur over HTTP, enabling on‑path attackers to sniff credentials and session data, which can be used to compromise the device...

CVE-2026-33569

Anviz CX2 Lite and CX7 administrative sessions occur over HTTP, enabling on‑path attackers to sniff credentials and session data, which can be used to compromise the device...

PT-2026-33491

CVE-2026-33569 Anviz CX2 Lite and CX7 administrative sessions occur over HTTP, enabling on‑path attackers to sniff credentials and session data, which can be used to compromise th… https://t.co/VidnnJfRzA...

CVE-2025-69271

CVE-2025-69271 affects Broadcom DX NetOps Spectrum (Windows and Linux) up to version 24.3.13. The issue is described as insufficiently protected credentials that enable sniffing attacks. Multiple sources in connected documents corroborate the affected product and versions. Practical impact center...

EUVD-2014-2895

Malware in sbrugna...

EUVD-2016-6721

Malware in sbrugna...

EUVD-2022-3772

Malicious code in bioql PyPI...

CVE-2021-20597

Insufficiently Protected Credentials vulnerability in Mitsubishi Electric MELSEC iQ-R series Safety CPU modules R08/16/32/120SFCPU firmware versions "26" and prior and Mitsubishi Electric MELSEC iQ-R series SIL2 Process CPU modules R08/16/32/120PSFCPU firmware versions "11" and prior allows a...

CVE-2019-1020002

Pterodactyl before 0.7.14 with 2FA allows credential sniffing...

SUSE CVE-2009-4302

login/indexform.html in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 links to an index page on the HTTP port even when the page is served from an HTTPS port, which might cause login credentials to be sent in cleartext, even when SSL is intended, and allows remote attackers to obtain these...

SUSE CVE-2018-18074

The Requests package before 2.20.0 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to discover credentials by sniffing the network...

CVE-2022-33321

Cleartext Transmission of Sensitive Information vulnerability due to the use of Basic Authentication for HTTP connections in Mitsubishi Electric consumer electronics products PHOTOVOLTAIC COLOR MONITOR ECO-GUIDE, HEMS adapter, Wi-Fi Interface, Air Conditioning, Induction hob, Mitsubishi Electric...

CVE-2019-17393

The Customer's Tomedo Server in Version 1.7.3 communicates to the Vendor Tomedo Server via HTTP in cleartext that can be sniffed by unauthorized actors. Basic authentication is used for the authentication, making it possible to base64 decode the sniffed credentials and discover the username and...

CVE-2019-1020002

Pterodactyl before 0.7.14 with 2FA allows credential sniffing...

CVE-2019-1020002

Pterodactyl before 0.7.14 with 2FA allows credential sniffing...

Design/Logic Flaw

Pterodactyl before 0.7.14 with 2FA allows credential sniffing...

CVE-2019-1020002

Pterodactyl before 0.7.14 with 2FA allows credential sniffing...

CVE-2019-1020002

CVE-2019-1020002 affects the Pterodactyl Panel before 0.7.14, where a logic error causes credentials/sniffing of 2FA credentials by delaying password verification until after 2FA input. Reported as enabling an attacker to infer account existence under certain login flows (0.7.13 and earlier). The...

CVE-2017-11579

In the most recent firmware for Blipcare, the device provides an open Wireless network called "Blip" for communicating with the device. The user connects to this open Wireless network and uses the web management interface of the device to provide the user's Wi-Fi credentials so that the device ca...