Lucene search
+L

8367 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:22 p.m.11 views

CVE-2026-34126

TP-Link has identified a vulnerability in Tapo L535E v1.0 and v3.0, Tapo P300 v1.0, and Tapo D100C v1.0, where Bluetooth communication during the initial setup phase is transmitted in cleartext without encryption. Bluetooth is only used during initialization. An attacker within the Bluetooth rang...

7.5CVSS5.5AI score0.00097EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:19 p.m.10 views

CVE-2026-49200

The acercgi.log file in the device firmware is accessible without authentication via the web interface. This file contains cleartext login credentials for web and Telnet, leading to unauthorized system access...

10CVSS5.5AI score0.00518EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:17 p.m.11 views

CVE-2026-6553

Changing backend users' passwords via the user settings module results in storing the cleartext password in the uc and usersettings fields of the beusers database table. This issue affects TYPO3 CMS version 14.2.0...

7.5CVSS5.4AI score0.00167EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:15 p.m.14 views

CVE-2026-46446

SOGo before 5.12.7, when PostgreSQL or MariaDB is used, and cleartext passwords are stored, allows SQL injection. This is related to cpassword = '%@' in changePasswordForLogin...

7.1CVSS5.6AI score0.00239EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 6:49 p.m.10 views

CVE-2024-47269

Cleartext transmission of sensitive information vulnerability in Export Key functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administrator privileges to obtain sensitive information via unspecified vectors...

4.9CVSS5.5AI score0.0023EPSS
Exploits0References1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2026/06/05 5:5 a.m.19 views

Multiple TP-Link products vulnerable to cleartext transmission of sensitive information

Overview Multiple TP-Link products provided by TP-Link Systems Inc. contain the following vulnerability. Cleartext transmission of sensitive information CWE-319 - CVE-2026-34126 eyegrep and izurina of L Plus LLC reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...

7.5CVSS5.4AI score0.00097EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/04 12:7 p.m.41 views

CVE-2026-45432 Cleartext Transmission of Credentials Vulnerability in GX Earth ONT Models

This vulnerability exists in GX Earth ONT models due to the transmission of user credentials in plaintext over HTTP in its web management interface. A remote attacker could exploit this vulnerability by intercepting network traffic to obtain sensitive authentication information, which could lead ...

8.7CVSS0.00244EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/04 12:7 p.m.12 views

CVE-2026-45432 Cleartext Transmission of Credentials Vulnerability in GX Earth ONT Models

This vulnerability exists in GX Earth ONT models due to the transmission of user credentials in plaintext over HTTP in its web management interface. A remote attacker could exploit this vulnerability by intercepting network traffic to obtain sensitive authentication information, which could lead ...

8.7CVSS5.8AI score0.00244EPSS
Exploits0References1
Snyk
Snyk
added 2026/06/03 4:23 p.m.12 views

Cleartext Transmission of Sensitive Information

Overview Affected versions of this package are vulnerable to Cleartext Transmission of Sensitive Information in the EmailBackend function when a failed STARTTLS handshake occurs and failsilently=True is set. An attacker can intercept and read email content by performing a man-in-the-middle attack...

7.4CVSS5.4AI score0.0015EPSS
Exploits0References2
OSV
OSV
added 2026/06/03 3:30 p.m.3 views

GHSA-MM6V-Q8Q9-PGCF Django fails to prevent reuse of a partially-initialized connection after a failed `STARTTLS` handshake

An issue was discovered in Django 6.0 before 6.0.6 and 5.2 before 5.2.15. django.core.mail.backends.smtp.EmailBackend in Django fails to prevent reuse of a partially-initialized connection after a failed STARTTLS handshake when failsilently=True, which allows on-path network attackers to read ema...

3.1CVSS6AI score0.0015EPSS
Exploits0References6
PyPA
PyPA
added 2026/06/03 2:16 p.m.27 views

PYSEC-2026-200

An issue was discovered in Django 6.0 before 6.0.6 and 5.2 before 5.2.15.django.core.mail.backends.smtp.EmailBackend in Django fails to prevent reuse of a partially-initialized connection after a failed STARTTLS handshake when failsilently=True, which allows on-path network attackers to read emai...

3.1CVSS5.4AI score0.0015EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2026/06/03 2:16 p.m.17 views

CVE-2026-7666

An issue was discovered in Django 6.0 before 6.0.6 and 5.2 before 5.2.15. django.core.mail.backends.smtp.EmailBackend in Django fails to prevent reuse of a partially-initialized connection after a failed STARTTLS handshake when failsilently=True, which allows on-path network attackers to read ema...

3.1CVSS0.0015EPSS
Exploits0References3
NVD
NVD
added 2026/06/03 2:16 p.m.25 views

CVE-2023-52951

A cleartext transmission of sensitive information vulnerability in Synology Note Station Client before 2.2.4-703 allows man-in-the-middle attackers to obtain user credential...

5.9CVSS0.0013EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/03 1:16 p.m.13 views

EUVD-2026-34087

An issue was discovered in Django 6.0 before 6.0.6 and 5.2 before 5.2.15. django.core.mail.backends.smtp.EmailBackend in Django fails to prevent reuse of a partially-initialized connection after a failed STARTTLS handshake when failsilently=True, which allows on-path network attackers to read ema...

3.1CVSS5.8AI score0.0015EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/03 1:11 p.m.8 views

CVE-2023-52951

A cleartext transmission of sensitive information vulnerability in Synology Note Station Client before 2.2.4-703 allows man-in-the-middle attackers to obtain user credential...

5.9CVSS5.8AI score0.0013EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/03 1:11 p.m.6 views

CVE-2023-52951

A cleartext transmission of sensitive information vulnerability in Synology Note Station Client before 2.2.4-703 allows man-in-the-middle attackers to obtain user credential...

5.9CVSS5.8AI score0.0013EPSS
Exploits0References2
CVE
CVE
added 2026/06/03 1:11 p.m.21 views

CVE-2023-52951

CVE-2023-52951 affects the Synology Note Station Client prior to version 2.2.4-703, where sensitive data is transmitted in cleartext. This enables network-level (MITM) attackers to obtain user credentials. The CVE lists a CVSS v3.1 base score of 5.9 (MEDIUM) with high confidentiality impact and n...

5.9CVSS5.8AI score0.0013EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/06/03 1:11 p.m.11 views

EUVD-2023-60579

A cleartext transmission of sensitive information vulnerability in Synology Note Station Client before 2.2.4-703 allows man-in-the-middle attackers to obtain user credential...

5.9CVSS5.8AI score0.0013EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/03 1:11 p.m.45 views

CVE-2023-52951

A cleartext transmission of sensitive information vulnerability in Synology Note Station Client before 2.2.4-703 allows man-in-the-middle attackers to obtain user credential...

5.9CVSS0.0013EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/06/03 9:30 a.m.26 views

libsoup: libsoup: Information disclosure via cleartext transmission of cookies during HTTPS tunnel establishment

A flaw was found in libsoup. When establishing HTTPS tunnels through a configured HTTP proxy, sensitive session cookies are transmitted in cleartext within the initial HTTP CONNECT request. A network-positioned attacker or a malicious HTTP proxy can intercept these cookies, leading to potential...

8.2CVSS5.8AI score0.00254EPSS
Exploits1References5
Rows per page
Query Builder