Lucene search
+L

8367 matches found

Cvelist
Cvelist
added 2026/06/18 11:47 p.m.47 views

CVE-2026-50034 Apollo Pharmacy Blood Glucose Monitoring System APG-01 BT Cleartext Transmission of Sensitive Information

An attacker within BLE communication range can passively intercept wireless traffic and obtain sensitive health-related information, including glucose measurement values...

7.1CVSS0.00145EPSS
Exploits0References4
CVE
CVE
added 2026/06/18 11:47 p.m.73 views

CVE-2026-50034

The CVE-2026-50034 entry concerns Apollo Pharmacy’s APG-01 BT Blood Glucose Monitoring System. Affected component: the device’s BLE wireless channel, where the root cause is cleartext transmission of sensitive health data. An attacker inside BLE range can passively eavesdrop traffic, potentially ...

7.1CVSS5.2AI score0.00145EPSS
Exploits0References4
Friends Of PHP
Friends Of PHP
added 2026/06/18 2:12 p.m.9 views

Silent HTTPS proxy downgrade to cleartext

Impact The built-in cURL handlers GuzzleHttp\Handler\CurlHandler and GuzzleHttp\Handler\CurlMultiHandler, used by default whenever the PHP cURL extension is available accept an https:// proxy — a proxy reached over a TLS-encrypted connection — through the proxy request option, client-level proxy...

5.9CVSS5.9AI score0.00106EPSS
Exploits0Affected Software1
Snyk
Snyk
added 2026/06/18 12:20 a.m.9 views

Cleartext Storage of Sensitive Information

Overview Affected versions of this package are vulnerable to Cleartext Storage of Sensitive Information in the process that handles service bindings from VCAPSERVICES containing TLS client credentials. An attacker can access sensitive private key material by reading temporary files created with...

5.7CVSS5.9AI score0.00065EPSS
Exploits0References2
NVD
NVD
added 2026/06/12 7:16 p.m.17 views

CVE-2026-50099

During WiFi association, Naxclow device firmware prints the host network’s SSID, PSK, and negotiated WPA keys in cleartext to an exposed UART console on production hardware. The UART pads are labeled, run with default serial settings, and drop to an interactive RT-Thread shell that permits...

5.1CVSS0.00171EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/12 6:24 p.m.43 views

CVE-2026-50099 Naxclow IoT Platform Insertion of sensitive information into Externally-Accessible file or directory

During WiFi association, Naxclow device firmware prints the host network’s SSID, PSK, and negotiated WPA keys in cleartext to an exposed UART console on production hardware. The UART pads are labeled, run with default serial settings, and drop to an interactive RT-Thread shell that permits...

5.1CVSS0.00171EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/12 6:24 p.m.15 views

CVE-2026-50099 Naxclow IoT Platform Insertion of sensitive information into Externally-Accessible file or directory

During WiFi association, Naxclow device firmware prints the host network’s SSID, PSK, and negotiated WPA keys in cleartext to an exposed UART console on production hardware. The UART pads are labeled, run with default serial settings, and drop to an interactive RT-Thread shell that permits...

5.1CVSS5.3AI score0.00171EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.25 views

PT-2026-48956

During WiFi association, Naxclow device firmware prints the host network’s SSID, PSK, and negotiated WPA keys in cleartext to an exposed UART console on production hardware. The UART pads are labeled, run with default serial settings, and drop to an interactive RT-Thread shell that permits...

5.1CVSS5.3AI score0.00171EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/09 8:59 p.m.10 views

CVE-2026-10786

Improper access control in the ticketing integration settings in Devolutions Server allows an authenticated low-privileged user to obtain cleartext credentials for configured ticketing integrations via a crafted API request. This issue affects : Devolutions Server 2026.2.4.0 Devolutions Server...

6.5CVSS5.5AI score0.00148EPSS
Exploits0References1
NVD
NVD
added 2026/06/09 2:16 p.m.18 views

CVE-2026-11792

A heap buffer overflow flaw was found in 389 Directory Server. When audit logging is enabled, the createmaskedentrystring function in auditlog.c copies a fixed-length password mask into a precisely-sized heap buffer without checking available space. If a short cleartext password is logged requiri...

3.3CVSS0.00258EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.18 views

PT-2026-47781

Name of the Vulnerable Software and Affected Versions 389 Directory Server affected versions not specified Description A heap buffer overflow occurs when audit logging is enabled. The create masked entry string function in auditlog.c copies a fixed-length password mask into a heap buffer without...

3.3CVSS6.2AI score0.00258EPSS
Exploits0References12
Tenable Nessus
Tenable Nessus
added 2026/06/09 12:0 a.m.12 views

RHEL 7 : libsoup (RHSA-2026:24722)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:24722 advisory. The libsoup packages provide an HTTP client and server library for GNOME. Security Fixes: libsoup: libsoup: Information disclosure via cleartext...

8.2CVSS5.6AI score0.00254EPSS
Exploits1References5
NVD
NVD
added 2026/06/08 7:16 p.m.12 views

CVE-2026-10786

Improper access control in the ticketing integration settings in Devolutions Server allows an authenticated low-privileged user to obtain cleartext credentials for configured ticketing integrations via a crafted API request. This issue affects : Devolutions Server 2026.2.4.0 Devolutions Server...

6.5CVSS0.00148EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/08 6:26 p.m.39 views

CVE-2026-10786

Improper access control in the ticketing integration settings in Devolutions Server allows an authenticated low-privileged user to obtain cleartext credentials for configured ticketing integrations via a crafted API request. This issue affects : Devolutions Server 2026.2.4.0 Devolutions Server...

0.00148EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/08 6:26 p.m.8 views

CVE-2026-10786

Improper access control in the ticketing integration settings in Devolutions Server allows an authenticated low-privileged user to obtain cleartext credentials for configured ticketing integrations via a crafted API request. This issue affects : Devolutions Server 2026.2.4.0 Devolutions Server...

6.5CVSS5.5AI score0.00148EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/08 6:26 p.m.9 views

CVE-2026-10786

Improper access control in the ticketing integration settings in Devolutions Server allows an authenticated low-privileged user to obtain cleartext credentials for configured ticketing integrations via a crafted API request. This issue affects : Devolutions Server 2026.2.4.0 Devolutions Server...

5.5AI score0.00148EPSS
Exploits0References1
CVE
CVE
added 2026/06/08 6:26 p.m.26 views

CVE-2026-10786

CVE-2026-10786 affects Devolutions Server 2026.2.4.0 and 2026.1.20.0 and earlier. The issue is improper access control in the ticketing integration settings that allows an authenticated low-privilege user to obtain cleartext credentials for configured ticketing integrations via a crafted API requ...

6.5CVSS5.5AI score0.00148EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/06/08 6:26 p.m.13 views

EUVD-2026-35182

Improper access control in the ticketing integration settings in Devolutions Server allows an authenticated low-privileged user to obtain cleartext credentials for configured ticketing integrations via a crafted API request. This issue affects : Devolutions Server 2026.2.4.0 Devolutions Server...

6.5CVSS5.5AI score0.00148EPSS
Exploits0References1
NVD
NVD
added 2026/06/08 5:16 p.m.15 views

CVE-2026-46481

OpenMetadata is a unified metadata platform. Prior to version 1.12.4, a non-admin SSO user can trigger a TESTCONNECTION workflow for a Database Service and receive, in the HTTP 201 response of POST /api/v1/automations/workflows, both the cleartext database password in...

8.3CVSS0.00241EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/08 4:51 p.m.15 views

EUVD-2026-35136

OpenMetadata is a unified metadata platform. Prior to version 1.12.4, a non-admin SSO user can trigger a TESTCONNECTION workflow for a Database Service and receive, in the HTTP 201 response of POST /api/v1/automations/workflows, both the cleartext database password in...

8.3CVSS5.4AI score0.00241EPSS
Exploits0References1
Rows per page
Query Builder