PT-2026-1997

Name of the Vulnerable Software and Affected Versions Open WebUI affected versions not specified Description A flaw exists in Open WebUI that allows network-adjacent attackers to disclose sensitive information. The issue stems from transmitting credentials in plaintext through an unspecified...

CVE-2025-41718 Murrelektronik: Unprotected Transport of Credentials

A cleartext transmission of sensitive information vulnerability in the affected products allows an unauthorized remote attacker to gain login credentials and access the Web-UI...

EUVD-2005-2846

Malware in sbrugna...

EUVD-2012-3003

Malware in sbrugna...

EUVD-2024-20989

Malicious code in bioql PyPI...

IBM Guardium Data Protection 安全漏洞

IBM Guardium Data Protection is a comprehensive data security platform from International Business Machines IBM. A security vulnerability exists in IBM Guardium Data Protection that stems from the explicit transmission of sensitive credential information, which could lead to information disclosur...

CVE-2025-46634

Cleartext transmission of sensitive information in the web management portal of the Tenda RX2 Pro 16.03.30.14 may allow an unauthenticated attacker to authenticate to the web management portal by collecting credentials from observed/collected traffic. It implements encryption, but not until after...

MedDream WEB DICOM Viewer Cleartext Transmission of Credentials Information Disclosure Vulnerability

This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of MedDream WEB DICOM Viewer. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Web Portal. The issue results from the lack of encryptio...

CVE-2024-46340

TL-WR845NUNV4201214, TP-Link TL-WR845NUNV4200909, and TL-WR845NUNV4190219 was discovered to transmit user credentials in plaintext after executing a factory reset...

CVE-2024-46341

TP-Link TL-WR845NUNV4190219 was discovered to transmit credentials in base64 encoded form, which can be easily decoded by an attacker executing a man-in-the-middle attack...

CVE-2024-46341

The CVE-2024-46341 entry concerns TP-Link TL-WR845N(UN)_V4_190219, where credentials are transmitted in base64-encoded form. Multiple connected sources corroborate that this weak encoding can be decoded by an attacker performing a man-in-the-middle attack, exposing sensitive information. The avai...

PT-2023-23270 · Unknown · Piigab M-Bus

Name of the Vulnerable Software and Affected Versions: PiiGAB M-Bus affected versions not specified Description: The issue concerns the transmission of credentials in plaintext format. This means that when credentials are sent over the network, they are not encrypted, potentially allowing...

CVE-2021-29753

IBM Business Automation Workflow 18. 19, 20, 21, and IBM Business Process Manager 8.5 and d8.6 transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval...

PT-2021-4361 · Moxa · Moxa Mxview

Name of the Vulnerable Software and Affected Versions: Moxa MXView versions 3.x through 3.2.2 Description: The issue is related to an insecure transmission of credentials in the Moxa MXView network management software. It also involves a path traversal vulnerability that may allow an attacker to...

Philips Vue PACS 安全漏洞

Philips Vue PACS is an image management solution from Philips Europe. Philips Vue PACS suffers from a security vulnerability that arises from the product's use of insecure methods for transmitting or storing authentication credentials that are susceptible to unauthorized interception or retrieval...

CVE-2020-12061

An issue was discovered in Nitrokey FIDO U2F firmware through 1.1. Communication between the microcontroller and the secure element transmits credentials in plain. This allows an adversary to eavesdrop the communication and derive the secrets stored in the microcontroller. As a result, the attack...

Design/Logic Flaw

BIOTRONIK CardioMessenger II, The affected products transmit credentials in clear-text prior to switching to an encrypted communication channel. An attacker can disclose the product’s client credentials for connecting to the BIOTRONIK Remote Communication infrastructure...

PT-2020-15372 · Jenkins · Jenkins Openshift Deployer Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins OpenShift Deployer Plugin versions 1.2.0 and earlier Description: The issue is related to the transmission of configured credentials in plain text as part of the global Jenkins configuration form. This potentially results in their...

Code injection

IBM Integration Bus 9.0 and 10.0 transmits user credentials in plain in clear text which can be read by an attacker using man in the middle techniques. IBM X-Force ID: 134165...

CVE-2017-6028

An Insufficiently Protected Credentials issue was discovered in Schneider Electric Modicon PLCs Modicon M241, all firmware versions, and Modicon M251, all firmware versions. Log-in credentials are sent over the network with Base64 encoding leaving them susceptible to sniffing. Sniffed credentials...