PT-2026-1997

Name of the Vulnerable Software and Affected Versions Open WebUI affected versions not specified Description A flaw exists in Open WebUI that allows network-adjacent attackers to disclose sensitive information. The issue stems from transmitting credentials in plaintext through an unspecified...

CVE-2025-41718 Murrelektronik: Unprotected Transport of Credentials

A cleartext transmission of sensitive information vulnerability in the affected products allows an unauthorized remote attacker to gain login credentials and access the Web-UI...

EUVD-2012-3003

Malware in sbrugna...

EUVD-2005-2846

Malware in sbrugna...

EUVD-2024-20989

Malicious code in bioql PyPI...

IBM Guardium Data Protection 安全漏洞

IBM Guardium Data Protection is a comprehensive data security platform from International Business Machines IBM. A security vulnerability exists in IBM Guardium Data Protection that stems from the explicit transmission of sensitive credential information, which could lead to information disclosur...

CVE-2025-46634

Cleartext transmission of sensitive information in the web management portal of the Tenda RX2 Pro 16.03.30.14 may allow an unauthenticated attacker to authenticate to the web management portal by collecting credentials from observed/collected traffic. It implements encryption, but not until after...

CVE-2024-46341

TP-Link TL-WR845NUNV4190219 was discovered to transmit credentials in base64 encoded form, which can be easily decoded by an attacker executing a man-in-the-middle attack...

CVE-2024-46340

TL-WR845NUNV4201214, TP-Link TL-WR845NUNV4200909, and TL-WR845NUNV4190219 was discovered to transmit user credentials in plaintext after executing a factory reset...

CVE-2024-46341

The CVE-2024-46341 entry concerns TP-Link TL-WR845N(UN)_V4_190219, where credentials are transmitted in base64-encoded form. Multiple connected sources corroborate that this weak encoding can be decoded by an attacker performing a man-in-the-middle attack, exposing sensitive information. The avai...

PT-2023-23270 · Unknown · Piigab M-Bus

Name of the Vulnerable Software and Affected Versions: PiiGAB M-Bus affected versions not specified Description: The issue concerns the transmission of credentials in plaintext format. This means that when credentials are sent over the network, they are not encrypted, potentially allowing...

CVE-2021-29753

IBM Business Automation Workflow 18. 19, 20, 21, and IBM Business Process Manager 8.5 and d8.6 transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval...

PT-2021-4361 · Moxa · Moxa Mxview

Name of the Vulnerable Software and Affected Versions: Moxa MXView versions 3.x through 3.2.2 Description: The issue is related to an insecure transmission of credentials in the Moxa MXView network management software. It also involves a path traversal vulnerability that may allow an attacker to...

CVE-2020-12061

An issue was discovered in Nitrokey FIDO U2F firmware through 1.1. Communication between the microcontroller and the secure element transmits credentials in plain. This allows an adversary to eavesdrop the communication and derive the secrets stored in the microcontroller. As a result, the attack...

Design/Logic Flaw

BIOTRONIK CardioMessenger II, The affected products transmit credentials in clear-text prior to switching to an encrypted communication channel. An attacker can disclose the product’s client credentials for connecting to the BIOTRONIK Remote Communication infrastructure...

Code injection

IBM Integration Bus 9.0 and 10.0 transmits user credentials in plain in clear text which can be read by an attacker using man in the middle techniques. IBM X-Force ID: 134165...

CVE-2017-6028

An Insufficiently Protected Credentials issue was discovered in Schneider Electric Modicon PLCs Modicon M241, all firmware versions, and Modicon M251, all firmware versions. Log-in credentials are sent over the network with Base64 encoding leaving them susceptible to sniffing. Sniffed credentials...

CVE-2012-3025

The default configuration of Tridium Niagara AX Framework through 3.6 uses a cleartext base64 format for transmission of credentials in cookies, which allows remote attackers to obtain sensitive information by sniffing the network...