394 matches found
PT-2026-21978
Name of the Vulnerable Software and Affected Versions Devolutions Server versions 2025.3.14 and earlier Description Sensitive user account information is not encrypted in the database. An attacker gaining access to the database can obtain this sensitive information through direct database access...
PT-2026-8234
The RF communication protocol in the Micca KE700 car alarm system does not encrypt its data frames. An attacker with a radio interception tool e.g., SDR can capture the random number and counters transmitted in cleartext, which is sensitive information required for authentication...
CVE-2026-0620
When configured as L2TP/IPSec VPN server, Archer AXE75 V1 may accept connections using L2TP without IPSec protection, even when IPSec is enabled. This allows VPN sessions without encryption, exposing data in transit and compromising confidentiality...
CVE-2026-0620
When configured as L2TP/IPSec VPN server, Archer AXE75 V1 may accept connections using L2TP without IPSec protection, even when IPSec is enabled. This allows VPN sessions without encryption, exposing data in transit and compromising confidentiality...
CVE-2025-69418
Issue summary: When using the low-level OCB API directly with AES-NI orother hardware-accelerated code paths, inputs whose length is not a multipleof 16 bytes can leave the final partial block unencrypted and unauthenticated.Impact summary: The trailing 1-15 bytes of a message may be exposed...
MiracleLinux 7 : rh-postgresql13-postgresql-13.5-1.el7 (AXSA:2021-2786:01)
The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-2786:01 advisory. postgresql: memory disclosure in certain queries CVE-2021-3677 postgresql: server processes unencrypted bytes from man-in-the-middle CVE-2021-23214...
CVE-2025-52435
J2EE Misconfiguration: Data Transmission Without Encryption vulnerability in Apache NimBLE. Improper handling of Pause Encryption procedure on Link Layer results in a previously encrypted connection being left in un-encrypted state allowing an eavesdropper to observe the remainder of the exchange...
CVE-2021-22997
On all 7.x and 6.x versions fixed in 8.0.0, BIG-IQ HA ElasticSearch service does not implement any form of authentication for the clustering transport services, and all data used by ElasticSearch for transport is unencrypted. Note: Software versions which have reached End of Software Development...
PT-2026-1813
Name of the Vulnerable Software and Affected Versions Apache NimBLE versions through 1.8.0 Description A configuration issue exists where data transmission occurs without encryption. Specifically, improper handling of the Pause Encryption procedure on the Link Layer can result in a previously...
CVE-2019-25279
The CVE-2019-25279 entry applies to the FaceSentry Access Control System version 6.4.8. The vulnerability stems from cleartext password storage inside the device’s SQLite database, allowing an attacker to read credentials directly from /faceGuard/database/FaceSentryWeb.sqlite without authenticati...
CVE-2019-16063
NETSAS Enigma NMS 65.0.0 and prior does not encrypt sensitive data rendered within web pages. It is possible for an attacker to expose unencrypted sensitive data...
IBM DevOps Deploy 安全漏洞
IBM DevOps Deploy is an application release solution from International Business Machines IBM, Inc. Standardizes and simplifies the process of deploying software components to each environment during the development cycle. A security vulnerability exists in IBM DevOps Deploy versions 8.1 through...
CVE-2025-13053
The CVE-2025-13053 issue affects ASUSTOR ADM NAS: vulnerable in versions 4.1.0–4.3.3.RKD2 and 5.0.0–5.1.0.RN42. Root cause is non-enforced TLS certificate verification when configuring NAS to retrieve UPS status or control the UPS, enabling a network MITM attack to intercept traffic and potential...
CVE-2025-65297
Aqara Hub devices including Camera Hub G3 4.1.90027, Hub M2 4.3.60027, and Hub M3 4.3.60025 automatically collect and upload unencrypted sensitive information. Note that this occurs without disclosure or consent from the manufacturer...
EUVD-2025-202635
Aqara Hub devices including Camera Hub G3 4.1.90027, Hub M2 4.3.60027, and Hub M3 4.3.60025 automatically collect and upload unencrypted sensitive information. Note that this occurs without disclosure or consent from the manufacturer...
CVE-2025-65297
Aqara Hub devices including Camera Hub G3 4.1.90027, Hub M2 4.3.60027, and Hub M3 4.3.60025 automatically collect and upload unencrypted sensitive information. Note that this occurs without disclosure or consent from the manufacturer...
CVE-2025-65297
Aqara Hub devices including Camera Hub G3 4.1.90027, Hub M2 4.3.60027, and Hub M3 4.3.60025 automatically collect and upload unencrypted sensitive information. Note that this occurs without disclosure or consent from the manufacturer...
CVE-2025-65297
Aqara Hub devices including Camera Hub G3 4.1.90027, Hub M2 4.3.60027, and Hub M3 4.3.60025 automatically collect and upload unencrypted sensitive information. Note that this occurs without disclosure or consent from the manufacturer...
CVE-2025-65297
The CVE-2025-65297 entry covers Aqara Hub devices (Camera Hub G3 4.1.9_0027; Hub M2 4.3.6_0027; Hub M3 4.3.6_0025) that automatically collect and upload unencrypted sensitive information without disclosure or consent. The connected sources corroborate the same description across Red Hat/CIRA ENIS...
PT-2025-50548
Name of the Vulnerable Software and Affected Versions Aqara Hub Camera Hub G3 version 4.1.9 0027 Aqara Hub M2 version 4.3.6 0027 Aqara Hub M3 version 4.3.6 0025 Description Aqara Hub devices automatically collect and upload sensitive information in an unencrypted format. This data collection and...