CWE-319

High likelihood

Cleartext Transmission of Sensitive Information

Parent: CWE-311 - Missing Encryption of Sensitive Data

The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

856 vulnerabilities with CWE-319
CVE-2026-42514 HIGH
Sensitive Data Exposure Vulnerability in e-Sushrut HMIS
CVE-2026-40431 MEDIUM
SenseLive X3050 Cleartext transmission of sensitive information
CVSS 5.3
CVE-2026-41275 HIGH
Flowise: Password Reset Link Sent Over Unsecured HTTP
CVSS 7.5
CVE-2026-40045 MEDIUM
OpenClaw < 2026.4.2 - Cleartext Credential Transmission via Unencrypted WebSocket Gateway Endpoints
CVSS 5.7
CVE-2026-6066 HIGH
Unencrypted Client‑Server Communication in ConnectWise Automate™ Solution Center
CVSS 7.1
CVE-2026-33569 MEDIUM
Anviz Products Cleartext Transmission of Sensitive Information
CVSS 6.5
CVE-2026-33472 MEDIUM
Cryptomator Hub OAuth token exchange HTTP downgrade via getAuthority() scheme confusion (CVE-2026-32303 bypass)
CVSS 4.8
CVE-2026-22155 MEDIUM
Fortinet FortiSOAR On-premise < 7.6.2 - Information Disclosure
CVSS 6.5
CVE-2026-21742 MEDIUM
Fortinet FortiSOAR PaaS <7.6.2 - Info Disclosure
CVSS 5.7
CVE-2026-31924 MEDIUM
Apache APISIX: Plugin tencent-cloud-cls log export uses plaintext HTTP
CVSS 5.3
CVE-2026-31923 HIGH
Apache APISIX: Openid-connect `tls_verify` field is disabled by default
CVSS 7.5
CVE-2026-4820 MEDIUM
IBM Maximo Application Suite was vulnerable to because Cookie ltpatoken2_<workspace_name> was not set with secure flag
CVSS 4.3
CVE-2026-5115 HIGH
Session hijacking in PaperCut NG/MF embedded application for Konica Minolta devices
CVSS 7.5
CVE-2026-5119 MEDIUM
Libsoup: libsoup: information disclosure via cleartext transmission of cookies during https tunnel establishment
CVSS 5.9
CVE-2026-1014 MEDIUM
IBM InfoSphere Information Server is vulnerable due to disclosure of sensitive information
CVSS 6.5
CVE-2026-20115 MEDIUM
Cisco IOS XE Software <17.14.1 - Info Disclosure
CVSS 6.1
CVE-2026-4584 LOW
Shenzhen HCC Technology MPOS M6 PLUS Cardholder Data cleartext transmission
CVSS 3.1
CVE-2026-24060 CRITICAL
Automated Logic WebCTRL Premium Server Cleartext Transmission of Sensitive Information
CVSS 9.1
CVE-2026-32309 HIGH
Cryptomator: Hub unlocking accepts plaintext HTTP and unvalidated endpoint schemes
CVSS 7.5
CVE-2026-32838 HIGH
Edimax GS-5008PL <= 1.00.54 Transmits Credentials Over Cleartext HTTP
CVSS 7.5
CVE-2026-32745 MEDIUM
JetBrains Datalore <2026.1 - Session Hijacking
CVSS 6.3
CVE-2026-23662 HIGH
Azure IoT Explorer - Auth Bypass
CVSS 7.5
CVE-2026-23661 HIGH
Azure IoT Explorer - Info Disclosure
CVSS 7.5
CVE-2026-2671 LOW
Mendi Neurofeedback Headset V4 - Info Disclosure
CVSS 3.1
CVE-2026-30796 HIGH
RustDesk Server Pro <1.7.5 - Info Disclosure
CVSS 7.5
Details
Vulnerabilities 856
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits