Total
165 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-53677 | 1 Jenkins | 1 Xooa | 2025-11-04 | 5.3 Medium |
| Jenkins Xooa Plugin 0.0.7 and earlier does not mask the Xooa Deployment Token on the global configuration form, increasing the potential for attackers to observe and capture it. | ||||
| CVE-2025-53675 | 1 Jenkins | 1 Warrior Framework | 2025-11-04 | 6.5 Medium |
| Jenkins Warrior Framework Plugin 1.2 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system. | ||||
| CVE-2025-53674 | 1 Jenkins | 1 Sensedia Api Platform Tools | 2025-11-04 | 5.3 Medium |
| Jenkins Sensedia Api Platform tools Plugin 1.0 does not mask the Sensedia API Manager integration token on the global configuration form, increasing the potential for attackers to observe and capture it. | ||||
| CVE-2025-53671 | 1 Jenkins | 1 Nouvola Divecloud | 2025-11-04 | 6.5 Medium |
| Jenkins Nouvola DiveCloud Plugin 1.08 and earlier does not mask DiveCloud API Keys and Credentials Encryption Keys displayed on the job configuration form, increasing the potential for attackers to observe and capture them. | ||||
| CVE-2025-53669 | 1 Jenkins | 1 Vaddy | 2025-11-04 | 4.3 Medium |
| Jenkins VAddy Plugin 1.2.8 and earlier does not mask Vaddy API Auth Keys displayed on the job configuration form, increasing the potential for attackers to observe and capture them. | ||||
| CVE-2025-53665 | 1 Jenkins | 1 Apica Loadtest | 2025-11-04 | 4.3 Medium |
| Jenkins Apica Loadtest Plugin 1.10 and earlier does not mask Apica Loadtest LTP authentication tokens displayed on the job configuration form, increasing the potential for attackers to observe and capture them. | ||||
| CVE-2025-53664 | 1 Jenkins | 1 Apica Loadtest | 2025-11-04 | 6.5 Medium |
| Jenkins Apica Loadtest Plugin 1.10 and earlier stores Apica Loadtest LTP authentication tokens unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system. | ||||
| CVE-2025-53662 | 1 Jenkins | 1 Ifttt Build Notifier | 2025-11-04 | 6.5 Medium |
| Jenkins IFTTT Build Notifier Plugin 1.2 and earlier stores IFTTT Maker Channel Keys unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system. | ||||
| CVE-2025-53660 | 1 Jenkins | 1 Qmetry Test Management | 2025-11-04 | 4.3 Medium |
| Jenkins QMetry Test Management Plugin 1.13 and earlier does not mask Qmetry Automation API Keys displayed on the job configuration form, increasing the potential for attackers to observe and capture them. | ||||
| CVE-2025-53656 | 1 Jenkins | 1 Readyapi Functional Testing | 2025-11-04 | 6.5 Medium |
| Jenkins ReadyAPI Functional Testing Plugin 1.11 and earlier stores SLM License Access Keys, client secrets, and passwords unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system. | ||||
| CVE-2025-53655 | 1 Jenkins | 1 Statistics Gatherer | 2025-11-04 | 5.3 Medium |
| Jenkins Statistics Gatherer Plugin 2.0.3 and earlier does not mask the AWS Secret Key on the global configuration form, increasing the potential for attackers to observe and capture it. | ||||
| CVE-2024-29978 | 2025-11-04 | 5.9 Medium | ||
| User passwords are decrypted and stored on memory before any user logged in. Those decrypted passwords can be retrieved from the coredump file. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]. | ||||
| CVE-2025-11193 | 2025-11-04 | 5.5 Medium | ||
| A potential vulnerability was reported in some Lenovo Tablets that could allow a local authenticated user or application to gain access to sensitive device specific information. | ||||
| CVE-2023-31002 | 1 Ibm | 1 Security Access Manager Container | 2025-11-03 | 5.1 Medium |
| IBM Security Access Manager Container 10.0.0.0 through 10.0.6.1 temporarily stores sensitive information in files that could be accessed by a local user. IBM X-Force ID: 254657. | ||||
| CVE-2024-36464 | 1 Zabbix | 1 Zabbix | 2025-11-03 | 2.7 Low |
| When exporting media types, the password is exported in the YAML in plain text. This appears to be a best practices type issue and may have no actual impact. The user would need to have permissions to access the media types and therefore would be expected to have access to these passwords. | ||||
| CVE-2024-36460 | 1 Zabbix | 1 Zabbix | 2025-11-03 | 8.1 High |
| The front-end audit log allows viewing of unprotected plaintext passwords, where the passwords are displayed in plain text. | ||||
| CVE-2025-27656 | 1 Printerlogic | 2 Vasion Print, Virtual Appliance | 2025-11-03 | 9.8 Critical |
| Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.862 Application 20.0.2014 allows Password Stored in Process List V-2023-011. | ||||
| CVE-2025-36002 | 3 Ibm, Linux, Microsoft | 5 Aix, Sterling B2b Integrator, Sterling File Gateway and 2 more | 2025-10-25 | 5.5 Medium |
| IBM Sterling B2B Integrator 6.2.0.0 through 6.2.0.5, and 6.2.1.0 and IBM Sterling File Gateway 6.2.0.0 through 6.2.0.5, and 6.2.1.0 stores user credentials in configuration files which can be read by a local user. | ||||
| CVE-2025-43938 | 1 Dell | 1 Powerprotect Data Manager | 2025-10-20 | 5 Medium |
| Dell PowerProtect Data Manager, version(s) 19.19 and 19.20, Hyper-V contain(s) a Plaintext Storage of a Password vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to gain unauthorized access with privileges of the compromised account. | ||||
| CVE-2024-9418 | 1 Superagi | 1 Superagi | 2025-10-15 | 6.5 Medium |
| In version 0.0.14 of transformeroptimus/superagi, the API endpoint `/api/users/get/{id}` returns the user's password in plaintext. This vulnerability allows an attacker to retrieve the password of another user, leading to potential account takeover. | ||||