113 matches found
EUVD-2025-18665
Malicious code in bioql PyPI...
CVE-2025-48463 Unencrypted HTTP Communication
Successful exploitation of the vulnerability could allow an attacker to intercept data and conduct session hijacking on the exposed data as the vulnerable product uses unencrypted HTTP communication, potentially leading to unauthorised access or data tampering...
CVE-2025-26199
CloudClassroom-PHP-Project v1.0 is affected by an insecure credential transmission vulnerability. The application transmits passwords over unencrypted HTTP during the login process, exposing sensitive credentials to potential interception by network-based attackers. A remote attacker with access ...
CVE-2025-32880
An issue was discovered on COROS PACE 3 devices through 3.0808.0. It implements a function to connect the watch to a WLAN. With WLAN access, the COROS Pace 3 downloads firmware files via HTTP. However, the communication is not encrypted and allows sniffing and machine-in-the-middle attacks...
CVE-2024-41589
DrayTek Vigor310 devices through 4.3.2.6 use unencrypted HTTP for authentication requests...
CVE-2023-0346
Akuvox E11 cloud login is performed through an unencrypted HTTP connection. An attacker could gain access to the Akuvox cloud and device if the MAC address of a device if known...
CVE-2020-8809
Gurux GXDLMS Director prior to 8.5.1905.1301 downloads updates to add-ins and OBIS code over an unencrypted HTTP connection. A man-in-the-middle attacker can prompt the user to download updates by modifying the contents of gurux.fi/obis/files.xml and gurux.fi/updates/updates.xml. Then, the attack...
CVE-2019-16274
DTEN D5 before 1.3 and D7 before 1.3 devices transfer customer data files via unencrypted HTTP...
CVE-2007-1169
The web interface in Trend Micro ServerProtect for Linux SPLX 1.25, 1.3, and 2.5 before 20070216 accepts logon requests through unencrypted HTTP, which might allow remote attackers to obtain credentials by sniffing the network...
CVE-2025-26654
SAP Commerce Cloud Public Cloud does not allow to disable unencrypted HTTP port 80 entirely, but instead allows a redirect from port 80 to 443 HTTPS. As a result, Commerce normally communicates securely over HTTPS. However, the confidentiality and integrity of data sent on the first request befor...
CVE-2025-26654
SAP Commerce Cloud Public Cloud does not allow to disable unencrypted HTTP port 80 entirely, but instead allows a redirect from port 80 to 443 HTTPS. As a result, Commerce normally communicates securely over HTTPS. However, the confidentiality and integrity of data sent on the first request befor...
CVE-2025-26654 Potential information disclosure vulnerability in SAP Commerce Cloud (Public Cloud)
SAP Commerce Cloud Public Cloud does not allow to disable unencrypted HTTP port 80 entirely, but instead allows a redirect from port 80 to 443 HTTPS. As a result, Commerce normally communicates securely over HTTPS. However, the confidentiality and integrity of data sent on the first request befor...
CVE-2025-26654
CVE-2025-26654 refers to SAP Commerce Cloud (Public Cloud) where HTTP traffic on port 80 is redirected to HTTPS (port 443) rather than being fully disabled. The vulnerability arises because the first request may be sent in plaintext before the redirect occurs, potentially compromising confidentia...
CVE-2025-2861
SaTECH BCU in its firmware version 2.1.3 uses the HTTP protocol. The use of the HTTP protocol for web browsing has the problem that information is exchanged in unencrypted text. Since sensitive data such as credentials are exchanged, an attacker could obtain them and log in legitimately...
CVE-2025-2861
SaTECH BCU in its firmware version 2.1.3 uses the HTTP protocol. The use of the HTTP protocol for web browsing has the problem that information is exchanged in unencrypted text. Since sensitive data such as credentials are exchanged, an attacker could obtain them and log in legitimately...
CVE-2025-2861 Cleartext Transmission of Sensitive Information vulnerability in saTECH BCU
SaTECH BCU in its firmware version 2.1.3 uses the HTTP protocol. The use of the HTTP protocol for web browsing has the problem that information is exchanged in unencrypted text. Since sensitive data such as credentials are exchanged, an attacker could obtain them and log in legitimately...
CVE-2025-22493
Secure flag not set and SameSIte was set to Lax in the Foreseer Reporting Software FRS. Absence of this secure flag could lead into the session cookie being transmitted over unencrypted HTTP connections. This security issue has been resolved in the latest version of FRS v1.5.100...
CVE-2025-22493
Secure flag not set and SameSIte was set to Lax in the Foreseer Reporting Software FRS. Absence of this secure flag could lead into the session cookie being transmitted over unencrypted HTTP connections. This security issue has been resolved in the latest version of FRS v1.5.100...
CVE-2024-41589
DrayTek Vigor310 devices through 4.3.2.6 use unencrypted HTTP for authentication requests...
CVE-2024-41589
DrayTek Vigor310 devices through 4.3.2.6 use unencrypted HTTP for authentication requests...