EUVD-2018-17171

Malware in sbrugna...

EUVD-2020-19708

Malware in sbrugna...

EUVD-2022-40724

Malicious code in bioql PyPI...

CVE-2025-53703

DuraComm SPM-500 DP-10iN-100-MU transmits sensitive data without encryption over a channel that could be intercepted by attackers...

File Browser allows sensitive data to be transferred in URL

Summary URLs that are accessed by a user are commonly logged in many locations, both server- and client-side. It is thus good practice to never transmit any secret information as part of a URL. The Filebrowser violates this practice, since access tokens are used as GET parameters. Impact The JSON...

CVE-2021-45447

Hitachi Vantara Pentaho Business Analytics Server versions before 9.3.0.0, 9.2.0.2 and 8.3.0.25 with the Data Lineage feature enabled transmits database passwords in clear text. The transmission of sensitive data in clear text allows unauthorized actors with access to the network to sniff and...

IBM Security Verify Access Information Disclosure Vulnerability (CNVD-2025-06210)

IBM Security Verify Access ISAM is a service from International Business Machines IBM that improves user access security. The service enables secure and simple access to platforms such as web, mobile, IoT and cloud technologies through the use of risk-based access, single sign-on, integrated acce...

DeepSeek App Transmits Sensitive User and Device Data Without Encryption

A new audit of DeepSeek's mobile app for the Apple iOS operating system has found glaring security issues, the foremost being that it sends sensitive data over the internet sans any encryption, exposing it to interception and manipulation attacks. The assessment comes from NowSecure, which also...

CVE-2024-43187

IBM Security Verify Access Appliance and Container 10.0.0 through 10.0.8 transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors...

CVE-2024-43187

IBM Security Verify Access Appliance and Container versions 10.0.0–10.0.8 transmit sensitive/security-critical data in cleartext over a network channel, enabling potential information disclosure. Root cause: cleartext transmission. Affected products: IBM Security Verify Access Appliance and IBM S...

Rspack npm Packages Compromised with Crypto Mining Malware in Supply Chain Attack

The developers of Rspack have revealed that two of their npm packages, @rspack/core and @rspack/cli, were compromised in a software supply chain attack that allowed a malicious actor to publish malicious versions to the official package registry with cryptocurrency mining malware. Following the...

PT-2024-10287 · Unknown · File Entity

Name of the Vulnerable Software and Affected Versions: File Entity versions 7.X- before 7.X-2.39 Description: The issue allows for the insertion of sensitive information into sent data, enabling forceful browsing. This can lead to the disclosure of protected information. The estimated number of...

CVE-2024-31200

A “CWE-201: Insertion of Sensitive Information Into Sent Data” affecting the administrative account allows an attacker with physical access to the machine to retrieve the password in cleartext when an administrative session is open in the browser...

Code injection

B&R Automation Studio Upgrade Service and B&R Technology Guarding use insufficient cryptography for communication to the upgrade and the licensing servers. A network-based attacker could exploit the vulnerability to execute arbitrary code on the products or sniff sensitive data. Missing Encryptio...

Design/Logic Flaw

Phoenix Hemodialysis Delivery System SW 3.36 and 3.40, The Phoenix Hemodialysis device does not support data-in-transit encryption e.g., TLS/SSL when transmitting treatment and prescription data on the network between the Phoenix system and the Exalis dialysis data management tool. An attacker wi...

Baxter ExactaMix (Update A)

1. EXECUTIVE SUMMARY CVSS v3 8.1 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Baxter Equipment: Baxter ExactaMix EM 2400 & EM 1200 Vulnerabilities: Use of Hard-coded Password, Cleartext Transmission of Sensitive Data, Missing Encryption of Sensitive Data, Improper Access...

CVE-2019-16672

An issue was discovered on Weidmueller IE-SW-VL05M 3.6.6 Build 16102415, IE-SW-VL08MT 3.5.2 Build 16102415, and IE-SW-PL10M 3.3.16 Build 16102416 devices. Sensitive Credentials data is transmitted in cleartext...

Adobe Creative Cloud Security Update (APSB19-39) - Mac OS X

Adobe Creative cloud is prone to multiple vulnerabilities SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:adobe:creativecloud";...

CVE-2016-0238

IBM Security Guardium 9.0, 9.1, 9.5, 10.0, and 10.1 transmits sensitive data in cleartext in the query of the request. This could allow an attacker to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 110409...

ownCloud: apps.owncloud.com: SSL Session cookie without secure flag set

URL: https://apps.owncloud.com/usermanager/login.php Issue detail The following cookie was issued by the application and does not have the secure flag set: PHPSESSID=27caghhkfjvuso3mmiqajqt2n4; path=/; HttpOnly The cookie appears to contain a session token, which may increase the risk associated...