CWE:

	Tytuł	Data	Autor
Med.	VeryFitPro 3.2.8 Insecure Transit	19.06.2021	Nick Decker
Med.	Real Estate 7 WordPress v2.9.4 Multiple Vulnerabilities	13.01.2020	m0ze
High	Across DR-810 ROM-0 - Backup File Disclosure	12.01.2019	SajjadBnz
Med.	MensaMax 4.3 Hardcoded Encryption Key Disclosure	02.10.2018	Stefan Pietsch
Med.	Trend Micro ServerProtect Disclosure / CSRF / XSS	26.05.2017	Multiple
Med.	QNAP QTS 4.2.x XSS / Command Injection / Transport Issues	18.02.2017	Harry Sintonen
Med.	Intel Driver Update Utility 2.2.0.5 Man-In-The-Middle	20.01.2016	Core
Med.	ElasticSearch Cloud-Azure Insecure Transit	20.09.2015	Pedro Andujar

---

Common Weakness Enumeration (CWE)

CVE

Szczegóły

Opis

2024-10-15

CVE-2024-49387

Updating...

Cleartext transmission of sensitive information in acep-collector service. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 38690.

2024-10-04

CVE-2024-47789

Updating...

** UNSUPPORTED WHEN ASSIGNED ** This vulnerability exists in D3D Security IP Camera due to usage of weak authentication scheme of the HTTP header protocol where authorization tag contain a Base-64 encoded username and password. A remote attacker could exploit this vulnerability by crafting a HTTP packet leading to exposure of user credentials of the targeted device. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

2024-09-26

	CVE-2024-45838	Updating...	The goTenna Pro ATAK Plugin does not encrypt the callsigns of its users. These callsigns reveal information about the users and can also be leveraged for other vulnerabilities.
	CVE-2024-47124	Updating...	The goTenna pro series does not encrypt the callsigns of its users. These callsigns reveal information about the users and can also be leveraged for other vulnerabilities.

2024-08-13

CVE-2024-38167

Updating...

.NET and Visual Studio Information Disclosure Vulnerability

2024-06-20

CVE-2024-37183

Updating...

Plain text credentials and session ID can be captured with a network sniffer.

2024-06-14

CVE-2024-5996

Updating...

The notification emails sent by Soar Cloud HR Portal contain a link with a embedded session. These emails are sent without using an encrypted transmission protocol. If an attacker intercepts the packets, they can obtain the plaintext session information and use it to log into the system.

2024-06-11

CVE-2024-35210

Updating...

A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V1.2). The affected web server is not enforcing HSTS. This could allow an attacker to perform downgrade attacks exposing confidential information.

2024-05-14

	CVE-2024-28134	Updating...	An unauthenticated remote attacker can extract a session token with a MitM attack and gain web-based management access with the privileges of the currently logged in user due to cleartext transmission of sensitive information. No additional user interaction is required. The access is limited as only non-sensitive information can be obtained but the availability can be seriously affected.
	CVE-2024-30209	Updating...	A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA30) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA30) (All versions < V3.0.1.1). Affected systems transmit client-side resources without proper cryptographic protection. This could allow an attacker to eavesdrop on and modify resources in transit. A successful exploit requires an attacker to be in the network path between the RTLS Locating Manager server and a client (MitM).

 

---

Copyright 2025, cxsecurity.com