CWE-319— Cleartext Transmission of Sensitive Information
The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.— MITRE CWE catalog
863 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-319page 18 of 18
- CVE-2026-50034MEDIUMCVSS 6.5EG 6.52026-06-19
An attacker within BLE communication range can passively intercept wireless traffic and obtain sensitive health-related information, including glucose measurement values.
- CVE-2026-50200HIGHCVSS 7.5EG 7.52026-06-17
Steeltoe is an open source project that provides a collection of libraries that helps users build cloud-native applications. In Steeltoe.Management.Endpoint prior to version 4.2.0 and Steeltoe.Management.EndpointCore prior to version 3.4.0…
- CVE-2026-5115HIGHCVSS 7.5EG 7.52026-03-31
The PaperCut NG/MF (specifically, the embedded application for Konica Minolta devices) is vulnerable to session hijacking. The PaperCut NG/MF Embedded application is a software interface that runs directly on the touch screen of a multi-fu…
- CVE-2026-5119HIGHCVSS 8.2EG 5.92026-03-30
A flaw was found in libsoup. When establishing HTTPS tunnels through a configured HTTP proxy, sensitive session cookies are transmitted in cleartext within the initial HTTP CONNECT request. A network-positioned attacker or a malicious HTTP…
- CVE-2026-53624MEDIUMCVSS 4.8EG 4.82026-07-06
Fiber is an Express inspired web framework written in Go. Prior to 3.4.0, the helmet middleware in middleware/helmet/helmet.go never sets the Strict-Transport-Security response header even when HSTSMaxAge is configured because it checks c.…
- CVE-2026-55568MEDIUMCVSS 5.9EG 5.92026-06-19
Guzzle is an extensible PHP HTTP client. Prior to 7.12.1, in certain configurations, traffic expected to be protected by TLS on the hop to the proxy is transmitted in cleartext. Proxy authentication credentials (the Proxy-Authorization hea…
- CVE-2026-55844HIGHCVSS 7.5EG 7.52026-06-29
Home Assistant is open source home automation software that puts local control and privacy first. Prior to 2025.5.0, The iOS companion app ignores the SSID allowlist for internal networks. The app uses SSID to detect when to use the intern…
- CVE-2026-6066HIGHCVSS 7.1EG 7.12026-04-20
ConnectWise has released a security update for ConnectWise Automate™ that addresses a behavior in the ConnectWise Automate Solution Center where certain client-to-server communications could occur without transport-layer encryption. This…
- CVE-2026-6276HIGHCVSS 7.5EG 7.52026-05-13
Using libcurl, when a custom `Host:` header is first set for an HTTP request and a second request is subsequently done using the same *easy handle* but without the custom `Host:` header set, the second request would use stale information a…
- CVE-2026-7610LOWCVSS 3.7EG 3.72026-05-02
A vulnerability has been found in TRENDnet TEW-821DAP 1.12B01. This affects an unknown function of the file /www/cgi/ssi of the component Firmware Update. Such manipulation leads to cleartext transmission of sensitive information. The atta…
- CVE-2026-7666LOWCVSS 3.1EG 3.12026-06-03
An issue was discovered in Django 6.0 before 6.0.6 and 5.2 before 5.2.15. `django.core.mail.backends.smtp.EmailBackend` in Django fails to prevent reuse of a partially-initialized connection after a failed `STARTTLS` handshake when `fail_s…
- CVE-2026-8874HIGHCVSS 7.1EG 7.12026-06-03
Version 3.0.7 of the Securly Chrome Extension downloads JSON files containing crisis alert keywords and filtering rules over unencrypted HTTP via the Fetch API. Other endpoints in the same extension correctly fetch IWF and CIPA data over H…
- CVE-2026-9741MEDIUMCVSS 6.5EG 6.52026-06-09
A bug in query analysis processing of the $vectorSearch aggregation stage for Queryable Encryption (QE) or Client-Side Field Level Encryption (CSFLE) results in literal values for encrypted fields within the $vectorSearch stage filter exp…
Map vulnerabilities like CWE-319 to your infrastructure
EchelonGraph correlates every CVE — across CWE-319 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →