355 matches found
net-imap: ruby: Net::IMAP: Information disclosure via man-in-the-middle attack bypassing TLS
A flaw was found in the Ruby net-imap library. When upgrading a cleartext IMAP connection to TLS using the Net::IMAPstarttls method, the library improperly handles certain responses received during STARTTLS negotiation. A man-in-the-middle MITM attacker can inject a predicted tagged OK response...
net-imap: ruby: Net::IMAP: Information disclosure via man-in-the-middle attack bypassing TLS
A flaw was found in the Ruby net-imap library. When upgrading a cleartext IMAP connection to TLS using the Net::IMAPstarttls method, the library improperly handles certain responses received during STARTTLS negotiation. A man-in-the-middle MITM attacker can inject a predicted tagged OK response...
net-imap: ruby: Net::IMAP: Information disclosure via man-in-the-middle attack bypassing TLS
A flaw was found in the Ruby net-imap library. When upgrading a cleartext IMAP connection to TLS using the Net::IMAPstarttls method, the library improperly handles certain responses received during STARTTLS negotiation. A man-in-the-middle MITM attacker can inject a predicted tagged OK response...
net-imap: ruby: Net::IMAP: Information disclosure via man-in-the-middle attack bypassing TLS
A flaw was found in the Ruby net-imap library. When upgrading a cleartext IMAP connection to TLS using the Net::IMAPstarttls method, the library improperly handles certain responses received during STARTTLS negotiation. A man-in-the-middle MITM attacker can inject a predicted tagged OK response...
CVE-2023-52951
A cleartext transmission of sensitive information vulnerability in Synology Note Station Client before 2.2.4-703 allows man-in-the-middle attackers to obtain user credential...
CVE-2026-0857
Cleartext Storage of Sensitive Information in Memory vulnerability in Mesalvo Meona Client Launcher Component, Mesalvo Meona Server Component. This issue affects Meona Client Launcher Component: through 19.06.2020 15:11:49; Meona Server Component: through 2025.04 5+323020...
Multiple TP-Link products vulnerable to cleartext transmission of sensitive information
Overview Multiple TP-Link products provided by TP-Link Systems Inc. contain the following vulnerability. Cleartext transmission of sensitive information CWE-319 - CVE-2026-34126 eyegrep and izurina of L Plus LLC reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...
CVE-2026-25599
Missing authentication and clear‑text transmission of data from the heat pumps to the control server, combined with the absence of input validation on aggregated data, can lead to stored XSS that enables theft of cookies from the pump’s web control interface. Older Orca heat pump devices...
CVE-2024-47269
Cleartext transmission of sensitive information vulnerability in Export Key functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administrator privileges to obtain sensitive information via unspecified vectors...
CVE-2024-47269
CVE-2024-47269 affects Synology Surveillance Station prior to 9.2.2-11575 and 9.2.2-9575, where the Export Key functionality transmits sensitive information in cleartext. The root cause is cleartext transmission allowing remote authenticated users with administrator privileges to obtain sensitive...
Astra Linux – Vulnerability in curl
A user can specify that curl = 7.20.0 and = 7.78.0 requires a successful upgrade to TLS when communicating with IMAP, POP3, or FTP servers. This is achieved by using the --ssl-reqd option on the command line, or setting CURLOPT USESSL to CURLUSESSLCONTROL or CURLUSESSLALL with licurl. This...
CVE-2026-41281
Android App "あんしんフィルター for au" provided by KDDI CORPORATION contains Cleartext Transmission of Sensitive Information CWE-319 vulnerability. A man-in-the-middle attacker may access and modify communications transmitted in plaintext, potentially resulting in information disclosure or data tampering...
MAXHUB Pivot client application
ADVISORY SUMMARY Successful exploitation of this vulnerability may enable an attacker to access tenant email addresses and associated information in cleartext or cause a denial-of-service condition. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of...
CVE-2026-7610
A vulnerability has been found in TRENDnet TEW-821DAP 1.12B01. This affects an unknown function of the file /www/cgi/ssi of the component Firmware Update. Such manipulation leads to cleartext transmission of sensitive information. The attack can be executed remotely. This attack is characterized ...
EUVD-2026-26774
A vulnerability has been found in TRENDnet TEW-821DAP 1.12B01. This affects an unknown function of the file /www/cgi/ssi of the component Firmware Update. Such manipulation leads to cleartext transmission of sensitive information. The attack can be executed remotely. This attack is characterized ...
CVE-2026-7610 TRENDnet TEW-821DAP Firmware Update ssi cleartext transmission
A vulnerability has been found in TRENDnet TEW-821DAP 1.12B01. This affects an unknown function of the file /www/cgi/ssi of the component Firmware Update. Such manipulation leads to cleartext transmission of sensitive information. The attack can be executed remotely. This attack is characterized ...
CVE-2026-43824
In Argo CD 3.2.0 before 3.2.11 and 3.3.0 before 3.3.9, ServerSideDiff allows reading cleartext Kubernetes Secret data...
CVE-2026-43824
Argo CD vulnerable via ServerSideDiff: versions 3.2.0–3.2.10 and 3.3.0–3.3.8 expose cleartext Kubernetes Secret data. Root cause is the ServerSideDiff endpoint returning raw Secret data when IncludeMutationWebhook is enabled, effectively leaking sensitive information in responses. Upstream fixes ...
EUVD-2026-25361
A vulnerability exists in SenseLive X3050’s web management interface due to its reliance on unencrypted HTTP for all administrative communication. Because management traffic, including authentication attempts and configuration data, is transmitted in cleartext, an attacker with access to the same...
CVE-2026-40431
A vulnerability exists in SenseLive X3050’s web management interface due to its reliance on unencrypted HTTP for all administrative communication. Because management traffic, including authentication attempts and configuration data, is transmitted in cleartext, an attacker with access to the same...