CVE-2023-4420 — CVSS 9.8 (critical): A remote unprivileged attacker can intercept the communication via e.g. Man-In-The-Middle, due to the absence of Transport Layer Security…
CVE-2023-0750 — CVSS 9.8 (critical): Yellobrik PEC-1864 implements authentication checks via javascript in the frontend interface. When the device can be accessed over the…
CVE-2020-15331 — CVSS 9.8 (critical): Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded OAUTH_SECRET_KEY in /opt/axess/etc/default/axess.
CVE-2019-3431 — CVSS 9.8 (critical): All versions up to V4.01.01.02 of ZTE ZXCLOUD GoldenData VAP product have encryption problems vulnerability. Attackers could sniff…
CVE-2019-12924 — CVSS 9.8 (critical): MailEnable Enterprise Premium 10.23 was vulnerable to XML External Entity Injection (XXE) attacks that could be exploited by an…
CVE-2018-10698 — CVSS 9.8 (critical): An issue was discovered on Moxa AWK-3121 1.14 devices. The device enables an unencrypted TELNET service by default. This allows an attacker…
CVE-2019-11367 — CVSS 9.8 (critical): An issue was discovered in AUO Solar Data Recorder before 1.3.0. The web portal uses HTTP Basic Authentication and provides the account and…
CVE-2018-10612 — CVSS 9.8 (critical): In 3S-Smart Software Solutions GmbH CODESYS Control V3 products prior to version 3.5.14.0, user access management and communication…
CVE-2018-16879 — CVSS 9.8 (critical): Ansible Tower before version 3.3.3 does not set a secure channel as it is using the default insecure configuration channel settings for…
CVE-2018-20100 — CVSS 9.8 (critical): An issue was discovered on August Connect devices. Insecure data transfer between the August app and August Connect during configuration…
CVE-2018-17915 — CVSS 9.8 (critical): All versions of Hangzhou Xiongmai Technology Co., Ltd XMeye P2P Cloud Server do not encrypt all device communication. This includes the…
CVE-2017-3198 — CVSS 9.8 (critical): GIGABYTE BRIX UEFI firmware does not cryptographically validate images prior to updating the system firmware. Additionally, the firmware…
CVE-2018-7498 — CVSS 9.8 (critical): In Philips Alice 6 System version R8.0.2 or prior, the lack of proper data encryption passes up the guarantees of confidentiality…
CVE-2017-9632 — CVSS 9.8 (critical): A Missing Encryption of Sensitive Data issue was discovered in PDQ Manufacturing LaserWash G5 and G5 S Series all versions, LaserWash M5…
CVE-2017-9854 — CVSS 9.8 (critical): An issue was discovered in SMA Solar Technology products. By sniffing for specific packets on the localhost, plaintext passwords can be…
CVE-2025-69969 — CVSS 9.6 (critical): A lack of authentication and authorization mechanisms in the Bluetooth Low Energy (BLE) communication protocol of SRK Powertech Pvt Ltd…
CVE-2025-36751: Encryption is missing on the configuration interface for Growatt ShineLan-X and MIC 3300TL-X. This allows an attacker with access to the…
CVE-2024-47871 — CVSS 9.1 (critical): Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves **insecure communication** between the…
CVE-2023-38699 — CVSS 9.1 (critical): MindsDB's AI Virtual Database allows developers to connect any AI/ML model to any datasource. Prior to version 23.7.4.0, a call to requests…
CVE-2021-27779 — CVSS 9.1 (critical): VersionVault Express exposes sensitive information that an attacker can use to impersonate the server or eavesdrop on communications with…
CVE-2020-9057 — CVSS 8.8 (high): Z-Wave devices based on Silicon Labs 100, 200, and 300 series chipsets do not support encryption, allowing an attacker within radio range…
CVE-2019-18800 — CVSS 8.8 (high): Viber through 11.7.0.5 allows a remote attacker who can capture a victim's internet traffic to steal their Viber account, because not all…
CVE-2019-1003075 — CVSS 8.8 (high): Jenkins Audit to Database Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be…
CVE-2019-1003074 — CVSS 8.8 (high): Jenkins Hyper.sh Commons Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be…
CVE-2019-1003073 — CVSS 8.8 (high): Jenkins VS Team Services Continuous Deployment Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where…
CVE-2019-1003072 — CVSS 8.8 (high): Jenkins WildFly Deployer Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by…
CVE-2019-1003071 — CVSS 8.8 (high): Jenkins OctopusDeploy Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed…
CVE-2019-1003070 — CVSS 8.8 (high): Jenkins veracode-scanner Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be…
CVE-2019-1003069 — CVSS 8.8 (high): Jenkins Aqua Security Scanner Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can…
CVE-2019-1003068 — CVSS 8.8 (high): Jenkins VMware vRealize Automation Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be…
CVE-2019-1003067 — CVSS 8.8 (high): Jenkins Trac Publisher Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by…
CVE-2019-1003066 — CVSS 8.8 (high): Jenkins Bugzilla Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by…
CVE-2019-1003065 — CVSS 8.8 (high): Jenkins CloudShare Docker-Machine Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they…
CVE-2019-1003064 — CVSS 8.8 (high): Jenkins aws-device-farm Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be…
CVE-2019-1003063 — CVSS 8.8 (high): Jenkins Amazon SNS Build Notifier Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they…
CVE-2019-1003062 — CVSS 8.8 (high): Jenkins AWS CloudWatch Logs Publisher Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where…
CVE-2019-1003061 — CVSS 8.8 (high): Jenkins jenkins-cloudformation-plugin Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be…
CVE-2019-1003060 — CVSS 8.8 (high): Jenkins Official OWASP ZAP Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be…
CVE-2019-1003057 — CVSS 8.8 (high): Jenkins Bitbucket Approve Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be…
CVE-2019-1003056 — CVSS 8.8 (high): Jenkins WebSphere Deployer Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by…
CVE-2019-1003055 — CVSS 8.8 (high): Jenkins FTP publisher Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed…
CVE-2019-1003054 — CVSS 8.8 (high): Jenkins Jira Issue Updater Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by…
CVE-2019-1003053 — CVSS 8.8 (high): Jenkins HockeyApp Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users…
CVE-2019-1003052 — CVSS 8.8 (high): Jenkins AWS Elastic Beanstalk Publisher Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where…
CVE-2019-1003051 — CVSS 8.8 (high): Jenkins IRC Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users…
CVE-2018-7781 — CVSS 8.8 (high): In Schneider Electric Pelco Sarix Professional 1st generation cameras with firmware versions prior to 3.29.69, by sending a specially…
CVE-2025-48981 — CVSS 8.6 (high): An insecure implementation of the proprietary protocol DNET in Product CGM MEDICO allows attackers within the intranet to eavesdrop and…
CVE-2022-30237 — CVSS 8.2 (high): A CWE-311: Missing Encryption of Sensitive Data vulnerability exists that could allow authentication credentials to be recovered when an…