Monthly
Sensitive information disclosure affects Cisco RoomOS software running on Cisco collaboration room endpoints, where missing encryption (CWE-311) exposes data to an attacker positioned on the adjacent network. An adjacent, unauthenticated attacker who can intercept or manipulate traffic could access confidential information and potentially tamper with it, though successful exploitation carries high attack complexity. There is no public exploit identified at time of analysis and it is not listed in CISA KEV; the issue was internally discovered by Cisco's RoomOS engineering team during a proactive hardening review.
Authenticated principal impersonation in CoreWCF (versions >=1.9.0, <1.9.1) occurs because the SPNEGO SecurityContextToken proof key returned in the RequestSecurityTokenResponse (RSTR) is wrapped without confidentiality protection, allowing any on-path observer to recover it. An attacker who captures the unprotected handshake can impersonate the authenticated Windows principal for the SCT lifetime (~10 hours) and decrypt or forge subsequent WS-SecureConversation traffic. No public exploit identified at time of analysis, but the vendor-confirmed advisory (GHSA-2288-8h3r-cqgg) and CVSS 7.4 indicate a meaningful confidentiality/integrity exposure for affected .NET WCF replacement deployments.
Silent TLS downgrade in Guzzle's built-in cURL handlers exposes proxy credentials and tunneled connection metadata to network interception when the application is configured to use an https:// proxy but runs against libcurl older than 7.50.2. Affected deployments see proxy authentication headers (Proxy-Authorization, CURLOPT_PROXYUSERPWD), CONNECT target host/port for tunneled HTTPS, and full request headers and bodies for plain HTTP requests transmitted without encryption - with no runtime error or warning from Guzzle or libcurl. No public exploit identified at time of analysis and no CISA KEV listing; however, the CVSS confidentiality impact is rated High (C:H) due to full credential exposure on the proxy leg.
Unencrypted secret storage in Jenkins 2.567 and earlier (LTS 2.555.2 and earlier) exposes credentials submitted via POST config.xml to any user holding Item/Extended Read permission or with read access to the Jenkins controller filesystem. Secrets that should be encrypted at rest are written as plaintext into job config.xml files, making them directly readable through Jenkins' built-in permission model or OS-level file access. No public exploit code has been identified and this CVE is not listed in the CISA KEV catalog, but the privileged insider and lateral-movement risk is significant for organizations embedding CI/CD credentials in job configurations.
Encryption bypass in Apache Tomcat 11.0.20, 10.1.53, and 9.0.116 allows unauthenticated remote attackers to circumvent the EncryptInterceptor component, exposing sensitive data in cleartext. The vulnerability stems from an incomplete fix for CVE-2026-29146, enabling network-accessible adversaries to access confidential information without authentication. CVSS 7.5 (High severity) reflects network-based exploitation with low complexity and high confidentiality impact. No public exploit identified at time of analysis; low observed exploitation activity (EPSS <1%).
IPv6 Pod traffic in Antrea dual-stack Kubernetes clusters transmits in plaintext despite IPsec encryption configuration, exposing inter-node communication to network eavesdropping. Affects Antrea versions prior to 2.6.0, 2.5.2, and 2.4.5 when dual-stack networking is enabled with trafficEncryptionMode: ipsec. Vendor-released patches are available across multiple stable branches. No public exploit identified at time of analysis, though the vulnerability bypasses intended encryption controls and could enable passive network monitoring in multi-tenant or untrusted network environments.
DSA Study Hub stores JWT authentication tokens in unencrypted HTTP cookies, allowing attackers to extract and replay user credentials to gain unauthorized access to accounts. An unauthenticated remote attacker can intercept these tokens through network traffic analysis or client-side inspection to impersonate legitimate users. A patch is available in commit d527fba and should be applied immediately.
Missing BLE authentication in Pebble Prism Ultra smartwatch. PoC available.
Some VX800v v1.0 web interface endpoints transmit sensitive information over unencrypted HTTP due to missing application layer encryption, allowing a network adjacent attacker to intercept this traffic and compromise its confidentiality. [CVSS 6.5 MEDIUM]
Thinkplus Fu100 Firmware versions up to - is affected by missing encryption of sensitive data (CVSS 4.6).
Sensitive information disclosure affects Cisco RoomOS software running on Cisco collaboration room endpoints, where missing encryption (CWE-311) exposes data to an attacker positioned on the adjacent network. An adjacent, unauthenticated attacker who can intercept or manipulate traffic could access confidential information and potentially tamper with it, though successful exploitation carries high attack complexity. There is no public exploit identified at time of analysis and it is not listed in CISA KEV; the issue was internally discovered by Cisco's RoomOS engineering team during a proactive hardening review.
Authenticated principal impersonation in CoreWCF (versions >=1.9.0, <1.9.1) occurs because the SPNEGO SecurityContextToken proof key returned in the RequestSecurityTokenResponse (RSTR) is wrapped without confidentiality protection, allowing any on-path observer to recover it. An attacker who captures the unprotected handshake can impersonate the authenticated Windows principal for the SCT lifetime (~10 hours) and decrypt or forge subsequent WS-SecureConversation traffic. No public exploit identified at time of analysis, but the vendor-confirmed advisory (GHSA-2288-8h3r-cqgg) and CVSS 7.4 indicate a meaningful confidentiality/integrity exposure for affected .NET WCF replacement deployments.
Silent TLS downgrade in Guzzle's built-in cURL handlers exposes proxy credentials and tunneled connection metadata to network interception when the application is configured to use an https:// proxy but runs against libcurl older than 7.50.2. Affected deployments see proxy authentication headers (Proxy-Authorization, CURLOPT_PROXYUSERPWD), CONNECT target host/port for tunneled HTTPS, and full request headers and bodies for plain HTTP requests transmitted without encryption - with no runtime error or warning from Guzzle or libcurl. No public exploit identified at time of analysis and no CISA KEV listing; however, the CVSS confidentiality impact is rated High (C:H) due to full credential exposure on the proxy leg.
Unencrypted secret storage in Jenkins 2.567 and earlier (LTS 2.555.2 and earlier) exposes credentials submitted via POST config.xml to any user holding Item/Extended Read permission or with read access to the Jenkins controller filesystem. Secrets that should be encrypted at rest are written as plaintext into job config.xml files, making them directly readable through Jenkins' built-in permission model or OS-level file access. No public exploit code has been identified and this CVE is not listed in the CISA KEV catalog, but the privileged insider and lateral-movement risk is significant for organizations embedding CI/CD credentials in job configurations.
Encryption bypass in Apache Tomcat 11.0.20, 10.1.53, and 9.0.116 allows unauthenticated remote attackers to circumvent the EncryptInterceptor component, exposing sensitive data in cleartext. The vulnerability stems from an incomplete fix for CVE-2026-29146, enabling network-accessible adversaries to access confidential information without authentication. CVSS 7.5 (High severity) reflects network-based exploitation with low complexity and high confidentiality impact. No public exploit identified at time of analysis; low observed exploitation activity (EPSS <1%).
IPv6 Pod traffic in Antrea dual-stack Kubernetes clusters transmits in plaintext despite IPsec encryption configuration, exposing inter-node communication to network eavesdropping. Affects Antrea versions prior to 2.6.0, 2.5.2, and 2.4.5 when dual-stack networking is enabled with trafficEncryptionMode: ipsec. Vendor-released patches are available across multiple stable branches. No public exploit identified at time of analysis, though the vulnerability bypasses intended encryption controls and could enable passive network monitoring in multi-tenant or untrusted network environments.
DSA Study Hub stores JWT authentication tokens in unencrypted HTTP cookies, allowing attackers to extract and replay user credentials to gain unauthorized access to accounts. An unauthenticated remote attacker can intercept these tokens through network traffic analysis or client-side inspection to impersonate legitimate users. A patch is available in commit d527fba and should be applied immediately.
Missing BLE authentication in Pebble Prism Ultra smartwatch. PoC available.
Some VX800v v1.0 web interface endpoints transmit sensitive information over unencrypted HTTP due to missing application layer encryption, allowing a network adjacent attacker to intercept this traffic and compromise its confidentiality. [CVSS 6.5 MEDIUM]
Thinkplus Fu100 Firmware versions up to - is affected by missing encryption of sensitive data (CVSS 4.6).