CVE-2026-43625

CodexBar vulnerability CVE-2026-43625 affects versions prior to 0.32.0. Affected component: CodexBar session handling for Amp and Ollama provider sessions. Root cause: improper redirect handling allows an on-path attacker to observe imported browser session cookies in cleartext HTTP requests when...

CVE-2026-6429

A flaw was found in libcurl. When configured to use a .netrc file for credentials and follow HTTP redirects, libcurl can inadvertently send the password from the initial connection to the redirected host. This sensitive information disclosure occurs when both the original and redirect URLs use...

curl: HTTP/2 server push accepts a non-authoritative :scheme=https over cleartext h2c, enabling HTTPS cache-key poisoning

Summary: I found that libcurl 8.19.0 accepts an HTTP/2 pushed stream on a cleartext h2c connection even when the server sends :scheme=https in PUSHPROMISE. In lib/http2.c, settransferurl builds the pushed handle URL from the server-supplied :scheme, :authority, and :path, but PUSHPROMISE validati...

CVE-2026-32838

Edimax GS-5008PL firmware version 1.00.54 and prior use cleartext HTTP for the web management interface without implementing TLS or SSL encryption. Attackers on the same network can intercept management traffic to capture administrator credentials and sensitive configuration data...

EUVD-2014-2396

Malware in sbrugna...

CVE-2024-40595

An authentication-bypass issue in the RDP component of One Identity Safeguard for Privileged Sessions SPS On Premise before 7.5.1 and LTS before 7.0.5.1 allows man-in-the-middle attackers to obtain access to privileged sessions on target resources by intercepting cleartext RDP protocol informatio...

CVE-2024-40595

An authentication-bypass issue in the RDP component of One Identity Safeguard for Privileged Sessions SPS On Premise before 7.5.1 and LTS before 7.0.5.1 allows man-in-the-middle attackers to obtain access to privileged sessions on target resources by intercepting cleartext RDP protocol informatio...

CVE-2024-40595

One Identity Safeguard for Privileged Sessions (SPS) On Premise prior to 7.5.1 (and LTS prior to 7.0.5.1) contains an authentication-bypass in the RDP component that could let an MITM attacker access privileged sessions by intercepting cleartext RDP traffic. Affected component/file is the SPS RDP...

CVE-2021-32612

The VeryFitPro com.veryfit2hr.second application 3.2.8 for Android does all communication with the backend API over cleartext HTTP. This includes logins, registrations, and password change requests. This allows information theft and account takeover via network sniffing...

VulnCheck KEV: CVE-2017-8221

Wireless IP Camera P2P WIFICAM devices rely on a cleartext UDP tunnel protocol aka the Cloud feature for communication between an Android application and a camera device, which allows remote attackers to obtain sensitive information by sniffing the network...

CVE-2019-16067

NETSAS Enigma NMS 65.0.0 and earlier versions use basic authentication over HTTP to enforce access to the web application. The cleartext authentication traffic can allow an attacker to intercept and steal usernames and passwords. The connected documents corroborate this entry across multiple sour...

CVE-2019-14959

JetBrains Toolbox before 1.15.5605 resolves an internal URL over cleartext HTTP, enabling potential exposure of data via a MITM-like scenario (CONF: partial confidentiality). The issue is documented across multiple sources (NVD entry CVE-2019-14959; Red Hat and Microsoft advisories; JetBrains Sec...

Design/Logic Flaw

OleumTech Wireless Sensor Network devices allow remote attackers to obtain sensitive information about sensor nodes or spoof devices by reading cleartext protocol data...

CVE-2014-2359

OleumTech Wireless Sensor Network devices allow remote attackers to obtain sensitive information about sensor nodes or spoof devices by reading cleartext protocol data...

CVE-2014-2359

OleumTech Wireless Sensor Network devices allow remote attackers to obtain sensitive information about sensor nodes or spoof devices by reading cleartext protocol data...