Search Results (4602 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-1936 3 Debian, Mozilla, Redhat 7 Debian Linux, Thunderbird, Enterprise Linux and 4 more 2025-06-30 7.5 High
The encrypted subject of an email message could be incorrectly and permanently assigned to an arbitrary other email message in Thunderbird's local cache. Consequently, when replying to the contaminated email message, the user might accidentally leak the confidential subject to a third-party. While this update fixes the bug and avoids future message contamination, it does not automatically repair existing contaminations. Users are advised to use the repair folder functionality, which is available from the context menu of email folders, which will erase incorrect subject assignments. This vulnerability affects Thunderbird < 115.8.1.
CVE-2018-8849 1 Medtronic 4 N\'vision 8840, N\'vision 8840 Firmware, N\'vision 8870 and 1 more 2025-06-27 4.6 Medium
Medtronic N'Vision Clinician Programmer 8840 N'Vision Clinician Programme and 8870 N'Vision removable Application Card do not encrypt PII and PHI while at rest.
CVE-2025-4227 2 Palo Alto Networks, Paloaltonetworks 2 Globalprotect App, Globalprotect 2025-06-27 3.5 Low
An improper access control vulnerability in the Endpoint Traffic Policy Enforcement https://docs.paloaltonetworks.com/globalprotect/6-0/globalprotect-app-new-features/new-features-released-in-gp-app/endpoint-traffic-policy-enforcement feature of the Palo Alto Networks GlobalProtectâ„¢ app allows certain packets to remain unencrypted instead of being properly secured within the tunnel. An attacker with physical access to the network can inject rogue devices to intercept these packets. Under normal operating conditions, the GlobalProtect app automatically recovers from this interception within one minute.
CVE-2024-10718 1 Phpipam 1 Phpipam 2025-06-27 7.5 High
In phpipam/phpipam version 1.5.1, the Secure attribute for sensitive cookies in HTTPS sessions is not set. This could cause the user agent to send those cookies in plaintext over an HTTP session, potentially exposing sensitive information. The issue is fixed in version 1.7.0.
CVE-2012-1977 1 Wellintech 1 Kingview 2025-06-26 N/A
WellinTech KingSCADA 3.0 uses a cleartext base64 format for storage of passwords in user.db, which allows context-dependent attackers to obtain sensitive information by reading this file.
CVE-2024-56428 1 Itech-gmbh 1 Ilabclient 2025-06-25 5.5 Medium
The local iLabClient database in itech iLabClient 3.7.1 allows local attackers to read cleartext credentials (from the CONFIGS table) for their servers configured in the client.
CVE-2025-32752 1 Dell 1 Thinos 2025-06-24 5.7 Medium
Dell ThinOS 2502 and prior contain a Cleartext Storage of Sensitive Information vulnerability. A high privileged attacker with physical access could potentially exploit this vulnerability, leading to Information Disclosure.
CVE-2025-27622 1 Jenkins 1 Jenkins 2025-06-24 4.3 Medium
Jenkins 2.499 and earlier, LTS 2.492.1 and earlier does not redact encrypted values of secrets when accessing `config.xml` of agents via REST API or CLI, allowing attackers with Agent/Extended Read permission to view encrypted values of secrets.
CVE-2025-27623 1 Jenkins 1 Jenkins 2025-06-24 4.3 Medium
Jenkins 2.499 and earlier, LTS 2.492.1 and earlier does not redact encrypted values of secrets when accessing `config.xml` of views via REST API or CLI, allowing attackers with View/Read permission to view encrypted values of secrets.
CVE-2025-45001 1 Numan 1 React-native-keys 2025-06-23 7.5 High
react-native-keys 0.7.11 is vulnerable to sensitive information disclosure (remote) as encryption cipher and Base64 chunks are stored as plaintext in the compiled native binary. Attackers can extract these secrets using basic static analysis tools.
CVE-2023-46447 1 Popsdiabetes 1 Rebel 2025-06-20 4.3 Medium
The POPS! Rebel application 5.0 for Android, in POPS! Rebel Bluetooth Glucose Monitoring System, sends unencrypted glucose measurements over BLE.
CVE-2023-42144 1 Shelly 2 Trv, Trv Firmware 2025-06-20 5.5 Medium
Cleartext Transmission during initial setup in Shelly TRV 20220811-15234 v.2.1.8 allows a local attacker to obtain the Wi-Fi password.
CVE-2024-46340 1 Tp-link 2 Tl-wr845n, Tl-wr845n Firmware 2025-06-20 9.8 Critical
TL-WR845N(UN)_V4_201214, TP-Link TL-WR845N(UN)_V4_200909, and TL-WR845N(UN)_V4_190219 was discovered to transmit user credentials in plaintext after executing a factory reset.
CVE-2023-50129 1 Flient 2 Smart Lock Advanced, Smart Lock Advanced Firmware 2025-06-20 6.5 Medium
Missing encryption in the NFC tags of the Flient Smart Door Lock v1.0 allows attackers to create a cloned tag via brief physical proximity to the original tags, which results in an attacker gaining access to the perimeter.
CVE-2025-32881 1 Gotenna 3 Gotenna, Mesh, Mesh Firmware 2025-06-20 4.3 Medium
An issue was discovered on goTenna v1 devices with app 5.5.3 and firmware 0.25.5. By default, the GID is the user's phone number unless they specifically opt out. A phone number is very sensitive information because it can be tied back to individuals. The app does not encrypt the GID in messages.
CVE-2025-32884 1 Gotenna 3 Gotenna, Mesh, Mesh Firmware 2025-06-20 4.3 Medium
An issue was discovered on goTenna Mesh devices with app 5.5.3 and firmware 1.1.12. By default, a GID is the user's phone number unless they specifically opt out. A phone number is very sensitive information because it can be tied back to individuals. The app does not encrypt the GID in messages.
CVE-2025-32887 1 Gotenna 3 Gotenna, Mesh, Mesh Firmware 2025-06-20 7.1 High
An issue was discovered on goTenna v1 devices with app 5.5.3 and firmware 0.25.5. A command channel includes the next hop. which can be intercepted and used to break frequency hopping.
CVE-2025-5136 1 Project Team 1 Tmall Demo 2025-06-19 3.7 Low
A vulnerability, which was classified as problematic, was found in Tmall Demo up to 20250505. This affects an unknown part of the file /tmall/order/pay/ of the component Payment Identifier Handler. The manipulation leads to insufficiently random values. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2023-27098 1 Tp-link 2 Tapo, Tapo C200 2025-06-18 7.5 High
TP-Link Tapo APK up to v2.12.703 uses hardcoded credentials for access to the login panel.
CVE-2022-47560 1 Ormazabal 4 Ekorccp, Ekorccp Firmware, Ekorrci and 1 more 2025-06-18 5.7 Medium
The lack of web request control on ekorCCP and ekorRCI devices allows a potential attacker to create custom requests to execute malicious actions when a user is logged in.