Skip to main content

CWE-311

Missing Encryption of Sensitive Data

230 CVEs Avg CVSS 6.7 MITRE
12
CRITICAL
99
HIGH
105
MEDIUM
14
LOW
43
POC
0
KEV

Monthly

CVE-2026-20157 HIGH This Week

Sensitive information disclosure affects Cisco RoomOS software running on Cisco collaboration room endpoints, where missing encryption (CWE-311) exposes data to an attacker positioned on the adjacent network. An adjacent, unauthenticated attacker who can intercept or manipulate traffic could access confidential information and potentially tamper with it, though successful exploitation carries high attack complexity. There is no public exploit identified at time of analysis and it is not listed in CISA KEV; the issue was internally discovered by Cisco's RoomOS engineering team during a proactive hardening review.

Cisco Information Disclosure Cisco Roomos Software
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-54784 NuGet HIGH PATCH GHSA This Week

Authenticated principal impersonation in CoreWCF (versions >=1.9.0, <1.9.1) occurs because the SPNEGO SecurityContextToken proof key returned in the RequestSecurityTokenResponse (RSTR) is wrapped without confidentiality protection, allowing any on-path observer to recover it. An attacker who captures the unprotected handshake can impersonate the authenticated Windows principal for the SCT lifetime (~10 hours) and decrypt or forge subsequent WS-SecureConversation traffic. No public exploit identified at time of analysis, but the vendor-confirmed advisory (GHSA-2288-8h3r-cqgg) and CVSS 7.4 indicate a meaningful confidentiality/integrity exposure for affected .NET WCF replacement deployments.

Microsoft Information Disclosure
NVD GitHub
CVSS 3.1
7.4
EPSS
0.2%
CVE-2026-55568 PHP MEDIUM PATCH GHSA This Month

Silent TLS downgrade in Guzzle's built-in cURL handlers exposes proxy credentials and tunneled connection metadata to network interception when the application is configured to use an https:// proxy but runs against libcurl older than 7.50.2. Affected deployments see proxy authentication headers (Proxy-Authorization, CURLOPT_PROXYUSERPWD), CONNECT target host/port for tunneled HTTPS, and full request headers and bodies for plain HTTP requests transmitted without encryption - with no runtime error or warning from Guzzle or libcurl. No public exploit identified at time of analysis and no CISA KEV listing; however, the CVSS confidentiality impact is rated High (C:H) due to full credential exposure on the proxy leg.

PHP Information Disclosure
NVD GitHub
CVSS 3.1
5.9
EPSS
0.1%
CVE-2026-53442 MEDIUM This Month

Unencrypted secret storage in Jenkins 2.567 and earlier (LTS 2.555.2 and earlier) exposes credentials submitted via POST config.xml to any user holding Item/Extended Read permission or with read access to the Jenkins controller filesystem. Secrets that should be encrypted at rest are written as plaintext into job config.xml files, making them directly readable through Jenkins' built-in permission model or OS-level file access. No public exploit code has been identified and this CVE is not listed in the CISA KEV catalog, but the privileged insider and lateral-movement risk is significant for organizations embedding CI/CD credentials in job configurations.

Information Disclosure Jenkins Red Hat
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-34486 Maven HIGH POC PATCH GHSA This Week

Encryption bypass in Apache Tomcat 11.0.20, 10.1.53, and 9.0.116 allows unauthenticated remote attackers to circumvent the EncryptInterceptor component, exposing sensitive data in cleartext. The vulnerability stems from an incomplete fix for CVE-2026-29146, enabling network-accessible adversaries to access confidential information without authentication. CVSS 7.5 (High severity) reflects network-based exploitation with low complexity and high confidentiality impact. No public exploit identified at time of analysis; low observed exploitation activity (EPSS <1%).

Apache Information Disclosure Tomcat Apache Tomcat
NVD VulDB HeroDevs
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-34992 Go HIGH PATCH GHSA This Week

IPv6 Pod traffic in Antrea dual-stack Kubernetes clusters transmits in plaintext despite IPsec encryption configuration, exposing inter-node communication to network eavesdropping. Affects Antrea versions prior to 2.6.0, 2.5.2, and 2.4.5 when dual-stack networking is enabled with trafficEncryptionMode: ipsec. Vendor-released patches are available across multiple stable branches. No public exploit identified at time of analysis, though the vulnerability bypasses intended encryption controls and could enable passive network monitoring in multi-tenant or untrusted network environments.

Authentication Bypass
NVD GitHub
CVSS 4.0
7.1
EPSS
0.0%
CVE-2026-28678 HIGH PATCH This Week

DSA Study Hub stores JWT authentication tokens in unencrypted HTTP cookies, allowing attackers to extract and replay user credentials to gain unauthorized access to accounts. An unauthenticated remote attacker can intercept these tokens through network traffic analysis or client-side inspection to impersonate legitimate users. A patch is available in commit d527fba and should be applied immediately.

Information Disclosure Dsa Study Hub
NVD GitHub VulDB
CVSS 3.1
8.1
EPSS
0.0%
CVE-2025-69969 CRITICAL POC Act Now

Missing BLE authentication in Pebble Prism Ultra smartwatch. PoC available.

RCE Information Disclosure Pebble Prism Ultra Firmware
NVD GitHub
CVSS 3.1
9.6
EPSS
0.0%
CVE-2025-15548 MEDIUM This Month

Some VX800v v1.0 web interface endpoints transmit sensitive information over unencrypted HTTP due to missing application layer encryption, allowing a network adjacent attacker to intercept this traffic and compromise its confidentiality. [CVSS 6.5 MEDIUM]

Information Disclosure Vx800v Firmware
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-13453 MEDIUM This Month

Thinkplus Fu100 Firmware versions up to - is affected by missing encryption of sensitive data (CVSS 4.6).

Information Disclosure Thinkplus Fu100 Firmware Thinkplus Fu200 Firmware Thinkplus Tu800 Firmware Thinkplus Tsd303 Firmware
NVD VulDB
CVSS 4.0
5.1
EPSS
0.0%
EPSS 0% CVSS 7.5
HIGH This Week

Sensitive information disclosure affects Cisco RoomOS software running on Cisco collaboration room endpoints, where missing encryption (CWE-311) exposes data to an attacker positioned on the adjacent network. An adjacent, unauthenticated attacker who can intercept or manipulate traffic could access confidential information and potentially tamper with it, though successful exploitation carries high attack complexity. There is no public exploit identified at time of analysis and it is not listed in CISA KEV; the issue was internally discovered by Cisco's RoomOS engineering team during a proactive hardening review.

Cisco Information Disclosure Cisco Roomos Software
NVD VulDB
EPSS 0% CVSS 7.4
HIGH PATCH This Week

Authenticated principal impersonation in CoreWCF (versions >=1.9.0, <1.9.1) occurs because the SPNEGO SecurityContextToken proof key returned in the RequestSecurityTokenResponse (RSTR) is wrapped without confidentiality protection, allowing any on-path observer to recover it. An attacker who captures the unprotected handshake can impersonate the authenticated Windows principal for the SCT lifetime (~10 hours) and decrypt or forge subsequent WS-SecureConversation traffic. No public exploit identified at time of analysis, but the vendor-confirmed advisory (GHSA-2288-8h3r-cqgg) and CVSS 7.4 indicate a meaningful confidentiality/integrity exposure for affected .NET WCF replacement deployments.

Microsoft Information Disclosure
NVD GitHub
EPSS 0% CVSS 5.9
MEDIUM PATCH This Month

Silent TLS downgrade in Guzzle's built-in cURL handlers exposes proxy credentials and tunneled connection metadata to network interception when the application is configured to use an https:// proxy but runs against libcurl older than 7.50.2. Affected deployments see proxy authentication headers (Proxy-Authorization, CURLOPT_PROXYUSERPWD), CONNECT target host/port for tunneled HTTPS, and full request headers and bodies for plain HTTP requests transmitted without encryption - with no runtime error or warning from Guzzle or libcurl. No public exploit identified at time of analysis and no CISA KEV listing; however, the CVSS confidentiality impact is rated High (C:H) due to full credential exposure on the proxy leg.

PHP Information Disclosure
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM This Month

Unencrypted secret storage in Jenkins 2.567 and earlier (LTS 2.555.2 and earlier) exposes credentials submitted via POST config.xml to any user holding Item/Extended Read permission or with read access to the Jenkins controller filesystem. Secrets that should be encrypted at rest are written as plaintext into job config.xml files, making them directly readable through Jenkins' built-in permission model or OS-level file access. No public exploit code has been identified and this CVE is not listed in the CISA KEV catalog, but the privileged insider and lateral-movement risk is significant for organizations embedding CI/CD credentials in job configurations.

Information Disclosure Jenkins Red Hat
NVD VulDB
EPSS 0% CVSS 7.5
HIGH POC PATCH This Week

Encryption bypass in Apache Tomcat 11.0.20, 10.1.53, and 9.0.116 allows unauthenticated remote attackers to circumvent the EncryptInterceptor component, exposing sensitive data in cleartext. The vulnerability stems from an incomplete fix for CVE-2026-29146, enabling network-accessible adversaries to access confidential information without authentication. CVSS 7.5 (High severity) reflects network-based exploitation with low complexity and high confidentiality impact. No public exploit identified at time of analysis; low observed exploitation activity (EPSS <1%).

Apache Information Disclosure Tomcat +1
NVD VulDB HeroDevs
EPSS 0% CVSS 7.1
HIGH PATCH This Week

IPv6 Pod traffic in Antrea dual-stack Kubernetes clusters transmits in plaintext despite IPsec encryption configuration, exposing inter-node communication to network eavesdropping. Affects Antrea versions prior to 2.6.0, 2.5.2, and 2.4.5 when dual-stack networking is enabled with trafficEncryptionMode: ipsec. Vendor-released patches are available across multiple stable branches. No public exploit identified at time of analysis, though the vulnerability bypasses intended encryption controls and could enable passive network monitoring in multi-tenant or untrusted network environments.

Authentication Bypass
NVD GitHub
EPSS 0% CVSS 8.1
HIGH PATCH This Week

DSA Study Hub stores JWT authentication tokens in unencrypted HTTP cookies, allowing attackers to extract and replay user credentials to gain unauthorized access to accounts. An unauthenticated remote attacker can intercept these tokens through network traffic analysis or client-side inspection to impersonate legitimate users. A patch is available in commit d527fba and should be applied immediately.

Information Disclosure Dsa Study Hub
NVD GitHub VulDB
EPSS 0% CVSS 9.6
CRITICAL POC Act Now

Missing BLE authentication in Pebble Prism Ultra smartwatch. PoC available.

RCE Information Disclosure Pebble Prism Ultra Firmware
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM This Month

Some VX800v v1.0 web interface endpoints transmit sensitive information over unencrypted HTTP due to missing application layer encryption, allowing a network adjacent attacker to intercept this traffic and compromise its confidentiality. [CVSS 6.5 MEDIUM]

Information Disclosure Vx800v Firmware
NVD
EPSS 0% CVSS 5.1
MEDIUM This Month

Thinkplus Fu100 Firmware versions up to - is affected by missing encryption of sensitive data (CVSS 4.6).

Information Disclosure Thinkplus Fu100 Firmware Thinkplus Fu200 Firmware +2
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy