Skip to main content

CWE-319

Cleartext Transmission of Sensitive Information

645 CVEs Avg CVSS 6.8 MITRE
53
CRITICAL
268
HIGH
292
MEDIUM
28
LOW
112
POC
0
KEV

Monthly

CVE-2026-34346 MEDIUM PATCH Exploit Unlikely This Month

Cleartext transmission of sensitive information in Windows Ancillary Function Driver for WinSock allows an authorized attacker to disclose information locally.

Microsoft Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 Windows 10 Version 21H2 +16
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2026-53624 Go MEDIUM PATCH GHSA This Month

HSTS header delivery is permanently broken in gofiber/fiber's helmet middleware due to a logic error that compares the HTTP protocol version string ('HTTP/1.1', 'HTTP/2.0') against the literal string 'https' - a comparison that is always false in any real deployment, making the entire HSTS conditional block dead code. Applications using Fiber that configure HSTSMaxAge expecting HSTS protection receive none, silently eliminating a security control that operators believe is active. A maintainer-runnable POC confirming the bug has been published with the advisory; no CISA KEV listing exists, but any application relying on helmet for HSTS protection has had that protection stripped since the erroneous code was introduced.

Information Disclosure
NVD GitHub VulDB
CVSS 3.1
4.8
EPSS
0.2%
CVE-2026-48978 Go LOW PATCH GHSA Monitor

Unvalidated bearer realm URL handling in oras-go v2 ≤ 2.6.0 enables two distinct attack primitives against users who run oras operations against a malicious, compromised, or man-in-the-middle'd registry: server-side request forgery (SSRF) to internal network endpoints including cloud instance metadata services, and TLS downgrade that exposes user credentials in plaintext. The OCI distribution spec legitimately allows cross-host realm references for split-auth deployments (e.g., Docker Hub's auth.docker.io pattern), but oras-go failed to block private IP literals, loopback addresses, and scheme downgrades from https to http - patterns that are never legitimate under any valid registry trust model. No active exploitation has been confirmed (not in CISA KEV), and a patch is available in v2.6.1.

SSRF Microsoft Docker
NVD GitHub
CVE-2025-12530 MEDIUM PATCH This Month

Cleartext data transmission in IBM watsonx.data intelligence versions 5.2.2 through 5.3.1 (including patch-1) exposes sensitive information to network interception by a man-in-the-middle adversary. The platform transmits certain data without encryption, enabling an attacker positioned on the network path to capture confidential content in transit. No active exploitation has been confirmed (not in CISA KEV), and no public exploit code has been identified; however, the CVSS High confidentiality impact (C:H) signals that the interceptable data is substantively sensitive, likely including queries, credentials, or intelligence payloads.

IBM Information Disclosure Watsonx Data Intelligence
NVD
CVSS 3.1
5.9
EPSS
0.2%
CVE-2025-36336 MEDIUM PATCH This Month

Cleartext transmission in IBM watsonx.data intelligence versions 5.2.0 through 5.3.0 exposes sensitive data to interception by network-adjacent attackers using man-in-the-middle techniques. The CVSS vector (AV:N/AC:H/PR:N) confirms exploitation requires no authentication but does demand the attacker occupy a privileged on-path network position, moderating the overall risk. No public exploit code and no CISA KEV listing have been identified at time of analysis; vendor-released patch is available.

IBM Information Disclosure Watsonx Data Intelligence
NVD
CVSS 3.1
5.9
EPSS
0.2%
CVE-2026-55844 HIGH PATCH This Week

Sensitive token disclosure affects the Home Assistant iOS companion app prior to 2025.5.0, where the app ignores the configured SSID allowlist meant to gate internal-network access. Because the app falls back to the internal URL whenever no other URL is available, it can transmit the user's authentication token to the internal endpoint while the device is connected to an untrusted or insecure Wi-Fi network, enabling interception. No public exploit has been identified at time of analysis, and the issue is not in CISA KEV; vendor advisory GHSA-cm5v-547m-qh5h confirms the fix in 2025.5.0.

Apple Information Disclosure Core
NVD GitHub
CVSS 3.1
7.5
EPSS
0.2%
CVE-2026-49486 PyPI HIGH PATCH This Week

Cleartext data-channel exposure in the Apache Airflow FTP provider (apache-airflow-providers-ftp before 3.15.1) lets a network attacker positioned on the data path read file contents and credentials moved over FTPS. The FTPSHook.get_conn() method established an ftplib.FTP_TLS control connection but never issued PROT P, so payloads transferred via FTPSHook or FTPSFileTransmitOperator traveled in plaintext despite the TLS-protected control channel. There is no public exploit identified at time of analysis, EPSS is very low (0.10%, 1st percentile), and it is not on CISA KEV.

Information Disclosure Apache Apache Airflow Ftp Provider
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-11833 HIGH CISA This Week

Information disclosure in Yokogawa FAST/TOOLS (R9.01-R10.04) and CI Server (R1.01-R1.04) allows unmodified network attackers to retrieve CI Server configuration data via the embedded web server. The leaked settings can be leveraged as reconnaissance fuel for follow-on attacks against the SCADA/automation environment. No public exploit identified at time of analysis, and the issue is not present in CISA KEV.

Information Disclosure Fast Tools Ci Server
NVD VulDB
CVSS 4.0
8.2
EPSS
0.2%
CVE-2026-50034 HIGH CISA Act Now

Cleartext Bluetooth Low Energy transmission in the Apollo Pharmacy Blood Glucose Monitoring System (Model APG-01 BT) allows an attacker within BLE radio range to passively sniff wireless traffic and recover patient glucose readings and related health data. The flaw is a CWE-319 cleartext-transmission issue affecting a consumer medical device, disclosed via CISA ICS-CERT advisory ICSMA-26-169-01. No public exploit identified at time of analysis, and the vulnerability is not listed in CISA KEV.

Information Disclosure Blood Glucose Monitoring System Model No Apg 01 Bt
NVD GitHub
CVSS 4.0
7.1
EPSS
0.1%
CVE-2026-9741 HIGH PATCH This Week

Sensitive information disclosure in MongoDB Server affects deployments using Queryable Encryption (QE) or Client-Side Field Level Encryption (CSFLE) when issuing $vectorSearch aggregation queries. Due to a flaw in client-side query analysis, literal values intended for encrypted fields inside $vectorSearch filter expressions are transmitted to the server as plaintext instead of ciphertext, defeating the confidentiality guarantee of client-side encryption. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Information Disclosure Mongodb Server
NVD
CVSS 4.0
7.1
EPSS
0.0%
EPSS 0% CVSS 5.5
MEDIUM PATCH Exploit Unlikely This Month

Cleartext transmission of sensitive information in Windows Ancillary Function Driver for WinSock allows an authorized attacker to disclose information locally.

Microsoft Information Disclosure Windows 10 Version 1607 +18
NVD
EPSS 0% CVSS 4.8
MEDIUM PATCH This Month

HSTS header delivery is permanently broken in gofiber/fiber's helmet middleware due to a logic error that compares the HTTP protocol version string ('HTTP/1.1', 'HTTP/2.0') against the literal string 'https' - a comparison that is always false in any real deployment, making the entire HSTS conditional block dead code. Applications using Fiber that configure HSTSMaxAge expecting HSTS protection receive none, silently eliminating a security control that operators believe is active. A maintainer-runnable POC confirming the bug has been published with the advisory; no CISA KEV listing exists, but any application relying on helmet for HSTS protection has had that protection stripped since the erroneous code was introduced.

Information Disclosure
NVD GitHub VulDB
LOW PATCH Monitor

Unvalidated bearer realm URL handling in oras-go v2 ≤ 2.6.0 enables two distinct attack primitives against users who run oras operations against a malicious, compromised, or man-in-the-middle'd registry: server-side request forgery (SSRF) to internal network endpoints including cloud instance metadata services, and TLS downgrade that exposes user credentials in plaintext. The OCI distribution spec legitimately allows cross-host realm references for split-auth deployments (e.g., Docker Hub's auth.docker.io pattern), but oras-go failed to block private IP literals, loopback addresses, and scheme downgrades from https to http - patterns that are never legitimate under any valid registry trust model. No active exploitation has been confirmed (not in CISA KEV), and a patch is available in v2.6.1.

SSRF Microsoft Docker
NVD GitHub
EPSS 0% CVSS 5.9
MEDIUM PATCH This Month

Cleartext data transmission in IBM watsonx.data intelligence versions 5.2.2 through 5.3.1 (including patch-1) exposes sensitive information to network interception by a man-in-the-middle adversary. The platform transmits certain data without encryption, enabling an attacker positioned on the network path to capture confidential content in transit. No active exploitation has been confirmed (not in CISA KEV), and no public exploit code has been identified; however, the CVSS High confidentiality impact (C:H) signals that the interceptable data is substantively sensitive, likely including queries, credentials, or intelligence payloads.

IBM Information Disclosure Watsonx Data Intelligence
NVD
EPSS 0% CVSS 5.9
MEDIUM PATCH This Month

Cleartext transmission in IBM watsonx.data intelligence versions 5.2.0 through 5.3.0 exposes sensitive data to interception by network-adjacent attackers using man-in-the-middle techniques. The CVSS vector (AV:N/AC:H/PR:N) confirms exploitation requires no authentication but does demand the attacker occupy a privileged on-path network position, moderating the overall risk. No public exploit code and no CISA KEV listing have been identified at time of analysis; vendor-released patch is available.

IBM Information Disclosure Watsonx Data Intelligence
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Sensitive token disclosure affects the Home Assistant iOS companion app prior to 2025.5.0, where the app ignores the configured SSID allowlist meant to gate internal-network access. Because the app falls back to the internal URL whenever no other URL is available, it can transmit the user's authentication token to the internal endpoint while the device is connected to an untrusted or insecure Wi-Fi network, enabling interception. No public exploit has been identified at time of analysis, and the issue is not in CISA KEV; vendor advisory GHSA-cm5v-547m-qh5h confirms the fix in 2025.5.0.

Apple Information Disclosure Core
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Cleartext data-channel exposure in the Apache Airflow FTP provider (apache-airflow-providers-ftp before 3.15.1) lets a network attacker positioned on the data path read file contents and credentials moved over FTPS. The FTPSHook.get_conn() method established an ftplib.FTP_TLS control connection but never issued PROT P, so payloads transferred via FTPSHook or FTPSFileTransmitOperator traveled in plaintext despite the TLS-protected control channel. There is no public exploit identified at time of analysis, EPSS is very low (0.10%, 1st percentile), and it is not on CISA KEV.

Information Disclosure Apache Apache Airflow Ftp Provider
NVD GitHub
EPSS 0% CVSS 8.2
HIGH This Week

Information disclosure in Yokogawa FAST/TOOLS (R9.01-R10.04) and CI Server (R1.01-R1.04) allows unmodified network attackers to retrieve CI Server configuration data via the embedded web server. The leaked settings can be leveraged as reconnaissance fuel for follow-on attacks against the SCADA/automation environment. No public exploit identified at time of analysis, and the issue is not present in CISA KEV.

Information Disclosure Fast Tools Ci Server
NVD VulDB
EPSS 0% CVSS 7.1
HIGH Act Now

Cleartext Bluetooth Low Energy transmission in the Apollo Pharmacy Blood Glucose Monitoring System (Model APG-01 BT) allows an attacker within BLE radio range to passively sniff wireless traffic and recover patient glucose readings and related health data. The flaw is a CWE-319 cleartext-transmission issue affecting a consumer medical device, disclosed via CISA ICS-CERT advisory ICSMA-26-169-01. No public exploit identified at time of analysis, and the vulnerability is not listed in CISA KEV.

Information Disclosure Blood Glucose Monitoring System Model No Apg 01 Bt
NVD GitHub
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Sensitive information disclosure in MongoDB Server affects deployments using Queryable Encryption (QE) or Client-Side Field Level Encryption (CSFLE) when issuing $vectorSearch aggregation queries. Due to a flaw in client-side query analysis, literal values intended for encrypted fields inside $vectorSearch filter expressions are transmitted to the server as plaintext instead of ciphertext, defeating the confidentiality guarantee of client-side encryption. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Information Disclosure Mongodb Server
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy