71 matches found
guzzlehttp/guzzle: Silent HTTPS-Proxy Downgrade to Cleartext
Impact The built-in cURL handlers GuzzleHttp\Handler\CurlHandler and GuzzleHttp\Handler\CurlMultiHandler, used by default whenever the PHP cURL extension is available accept an https:// proxy — a proxy reached over a TLS-encrypted connection — through the proxy request option, client-level proxy...
GHSA-WPWQ-4J6V-78M3 guzzlehttp/guzzle: Silent HTTPS-Proxy Downgrade to Cleartext
Impact The built-in cURL handlers GuzzleHttp\Handler\CurlHandler and GuzzleHttp\Handler\CurlMultiHandler, used by default whenever the PHP cURL extension is available accept an https:// proxy — a proxy reached over a TLS-encrypted connection — through the proxy request option, client-level proxy...
CVE-2024-47269
Cleartext transmission of sensitive information vulnerability in Export Key functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administrator privileges to obtain sensitive information via unspecified vectors...
EUVD-2024-55595
Cleartext transmission of sensitive information vulnerability in Export Key functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administrator privileges to obtain sensitive information via unspecified vectors...
PT-2026-43580
Name of the Vulnerable Software and Affected Versions Synology Surveillance Station versions prior to 9.2.2-11575 Synology Surveillance Station versions prior to 9.2.2-9575 Description The Export Key functionality contains a flaw that allows the cleartext transmission of sensitive information. Th...
EUVD-2026-22227
Cleartext Transmission of Sensitive Information vulnerability in Apache APISIX. tencent-cloud-cls log export uses plaintext HTTP This issue affects Apache APISIX: from 2.99.0 through 3.15.0. Users are recommended to upgrade to version 3.16.0, which fixes the issue...
CVE-2025-27903 Multiple vulnerabilities in IBM Java SDK affecting Db2 Recovery Expert for Linux, Unix and Windows
IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 IBM Db2 Recovery Expert for Linux, UNIX and Windows transmits data in a cleartext communication channel that could allow an attacker to obtain sensitive information using man in the middle techniques...
CVE-2026-1966
CVE-2026-1966 affects YugabyteDB Anywhere. An authenticated user with access to the configuration view can see LDAP bind passwords configured via gflags in cleartext in the web UI, enabling potential unauthorized access to external directory services. The issue is described consistently across so...
CVE-2026-1966 YugabyteDB Anywhere Exposes LDAP Credentials in Cleartext in Web UI
YugabyteDB Anywhere displays LDAP bind passwords configured via gflags in cleartext within the web UI. An authenticated user with access to the configuration view could obtain LDAP credentials, potentially enabling unauthorized access to external directory services...
CVE-2026-24933
The API communication component fails to validate the SSL/TLS certificate when sending HTTPS requests to the server. An improper certificates validation vulnerability allows an unauthenticated remote attacker can perform a Man-in-the-Middle MitM attack to intercept the cleartext communication,...
CVE-2026-1777 Cleartext transmission of sensitive materials in aws/sagemaker-python-sdk
The Amazon SageMaker Python SDK before v3.2.0 and v2.256.0 includes the ModelBuilder HMAC signing key in the cleartext response elements of the DescribeTrainingJob function. A third party with permissions to both call this API and permissions to modify objects in the Training Jobs S3 output...
CVE-2026-1777 Cleartext transmission of sensitive materials in aws/sagemaker-python-sdk
The Amazon SageMaker Python SDK before v3.2.0 and v2.256.0 includes the ModelBuilder HMAC signing key in the cleartext response elements of the DescribeTrainingJob function. A third party with permissions to both call this API and permissions to modify objects in the Training Jobs S3 output...
CVE-2026-23564
A vulnerability in TeamViewer DEX Client former 1E Client - Content Distribution Service NomadBranch.exe prior version 26.1 for Windows allows an attacker on the adjacent network to cause normally encrypted UDP traffic to be sent in cleartext. This can result in disclosure of sensitive informatio...
CVE-2026-22271
Dell ECS, versions 3.8.1.0 through 3.8.1.7, and Dell ObjectScale versions prior to 4.2.0.0, contains a Cleartext Transmission of Sensitive Information vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to information exposure...
CVE-2025-36154
IBM Concert 1.0.0 through 2.1.0 stores sensitive information in cleartext during recursive docker builds which could be obtained by a local user...
Siemens SIMATIC S7-1500 Cleartext Transmission of Sensitive Information (CVE-2021-22946)
A user can tell curl = 7.20.0 and = 7.20.0 and = 7.78.0 to require a successful upgrade to TLS when speaking to an IMAP, POP3 or FTP server --ssl- reqd on the command line orCURLOPTUSESSL set to CURLUSESSLCONTROL or CURLUSESSLALL withlibcurl. This requirement...
EUVD-2020-17285
Malware in sbrugna...
EUVD-2012-6549
Malware in sbrugna...
EUVD-2018-6515
Malware in sbrugna...
EUVD-2020-7365
Malware in sbrugna...