CWE-319 · Cleartext Transmission of Sensitive Information

892 CVEs classified under CWE-319 (Cleartext Transmission of Sensitive Information). Browse by severity and year.

Top CVEs for CWE-319
CVESeverityScorePublishedSummary
CVE-2025-61481Critical10.02025-10-27An issue in MikroTik RouterOS v.7.14.2 and SwOS v.2.18 exposes the WebFig management interface over cleartext HTTP by default, allowing an on-path attacker to…
CVE-2025-4378Critical10.02025-06-24Cleartext Transmission of Sensitive Information, Use of Hard-coded Credentials vulnerability in Ataturk University ATA-AOF Mobile Application allows Authentica…
CVE-2023-6248Critical10.02023-11-21The Syrus4 IoT gateway utilizes an unsecured MQTT server to download and execute arbitrary commands, allowing a remote unauthenticated attacker to execute code…
CVE-2015-0987Critical10.02015-10-06Omron CX-One CX-Programmer before 9.6, CJ2M PLC devices before 2.1, and CJ2H PLC devices before 1.5 rely on cleartext password transmission, which allows remot…
CVE-2026-48902Critical9.82026-05-26The password and username reset features created plain http links for https connections if the "Force SSL" flag wasn't explicitly set.
CVE-2025-34271Critical9.82025-10-30Nagios Log Server versions prior to 2024R2.0.2 contain a vulnerability in the cluster manager component when requesting sensitive credentials from peer nodes o…
CVE-2025-56447Critical9.82025-10-22TM2 Monitoring v3.04 contains an authentication bypass and plaintext credential disclosure.
CVE-2025-32880Critical9.82025-06-20An issue was discovered on COROS PACE 3 devices through 3.0808.0. It implements a function to connect the watch to a WLAN. With WLAN access, the COROS Pace 3 d…
CVE-2025-26199Critical9.82025-06-18CloudClassroom-PHP-Project v1.0 is affected by an insecure credential transmission vulnerability. The application transmits passwords over unencrypted HTTP dur…
CVE-2023-39245Critical9.82024-02-15 DELL ESI (Enterprise Storage Integrator) for SAP LAMA, version 10.0, contains an information disclosure vulnerability in EHAC component. An remote unauthentic…
CVE-2023-31410Critical9.82023-06-19A remote unprivileged attacker can intercept the communication via e.g. Man-In-The-Middle, due to the absence of Transport Layer Security (TLS) in the SICK Eve…
CVE-2023-33730Critical9.82023-05-31Privilege Escalation in the "GetUserCurrentPwd" function in Microworld Technologies eScan Management Console 14.0.1400.2281 allows any remote attacker to retri…
CVE-2023-30354Critical9.82023-05-10Shenzen Tenda Technology IP Camera CP3 V11.10.00.2211041355 does not defend against physical access to U-Boot via the UART: the Wi-Fi password is shown, and th…
CVE-2022-47714Critical9.82023-02-01Last Yard 22.09.8-1 does not enforce HSTS headers
CVE-2022-43724Critical9.82022-12-13A vulnerability has been identified in SICAM PAS/PQS (All versions < V7.0). Affected software transmits the database credentials for the inbuilt SQL server in…
CVE-2022-33321Critical9.82022-11-08Cleartext Transmission of Sensitive Information vulnerability due to the use of Basic Authentication for HTTP connections in Mitsubishi Electric consumer elect…
CVE-2022-21829Critical9.82022-06-24Concrete CMS Versions 9.0.0 through 9.0.2 and 8.5.7 and below can download zip files over HTTP and execute code from those zip files which could lead to an RCE…
CVE-2021-4161Critical9.82021-12-27The affected products contain vulnerable firmware, which could allow an attacker to sniff the traffic and decrypt login credential details. This could give an…
CVE-2021-20623Critical9.82021-02-05Video Insight VMS versions prior to 7.8 allows a remote attacker to execute arbitrary code with the system user privilege by sending a specially crafted reques…
CVE-2020-5426Critical9.82020-11-11Scheduler for TAS prior to version 1.4.0 was permitting plaintext transmission of UAA client token by sending it over a non-TLS connection. This also depended…