Total
496 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-64146 | 1 Jenkins | 2 Curseforge Publisher, Jenkins | 2025-10-30 | 4.3 Medium |
| Jenkins Curseforge Publisher Plugin 1.0 stores API Keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission, or access to the Jenkins controller file system. | ||||
| CVE-2025-64144 | 1 Jenkins | 1 Jenkins | 2025-10-30 | 4.3 Medium |
| Jenkins ByteGuard Build Actions Plugin 1.0 stores API tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission, or access to the Jenkins controller file system. | ||||
| CVE-2025-64143 | 1 Jenkins | 1 Openshift Pipeline | 2025-10-30 | 4.3 Medium |
| Jenkins OpenShift Pipeline Plugin 1.0.57 and earlier stores authorization tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission, or access to the Jenkins controller file system. | ||||
| CVE-2025-64147 | 1 Jenkins | 2 Curseforge Publisher, Jenkins | 2025-10-30 | 4.3 Medium |
| Jenkins Curseforge Publisher Plugin 1.0 does not mask API Keys displayed on the job configuration form, increasing the potential for attackers to observe and capture them. | ||||
| CVE-2025-64145 | 1 Jenkins | 1 Jenkins | 2025-10-30 | 4.3 Medium |
| Jenkins ByteGuard Build Actions Plugin 1.0 does not mask API tokens displayed on the job configuration form, increasing the potential for attackers to observe and capture them. | ||||
| CVE-2025-31977 | 1 Hcltech | 1 Bigfix Service Management | 2025-10-29 | 5.3 Medium |
| HCL BigFix SM is affected by cryptographic weakness due to weak or outdated encryption algorithms. An attacker with network access could exploit this weakness to decrypt or manipulate encrypted communications under certain conditions. | ||||
| CVE-2024-41980 | 1 Siemens | 4 Opcenter Quality, Smartclient Modules, Soa Audit and 1 more | 2025-10-23 | 3.1 Low |
| A vulnerability has been identified in SmartClient modules Opcenter QL Home (SC) (All versions >= V13.2 < V2506), SOA Audit (All versions >= V13.2 < V2506), SOA Cockpit (All versions >= V13.2 < V2506). The affected application do not encrypt the communication in LDAP interface by default. This could allow an authenticated attacker to gain unauthorized access to sensitive information. | ||||
| CVE-2024-41982 | 1 Siemens | 4 Opcenter Quality, Smartclient Modules, Soa Audit and 1 more | 2025-10-23 | 4.8 Medium |
| A vulnerability has been identified in SmartClient modules Opcenter QL Home (SC) (All versions >= V13.2 < V2506), SOA Audit (All versions >= V13.2 < V2506), SOA Cockpit (All versions >= V13.2 < V2506). The affected application does not have adequate encryption of sensitive information. This could allow an authenticated attacker to gain access of sensitive information. | ||||
| CVE-2014-2379 | 1 Sensysnetworks | 4 Trafficdot, Vds, Vsn240-f and 1 more | 2025-10-13 | N/A |
| Sensys Networks VSN240-F and VSN240-T sensors VDS before 2.10.1 and TrafficDOT before 2.10.3 do not use encryption, which allows remote attackers to interfere with traffic control by replaying transmissions on a wireless network. | ||||
| CVE-2025-48981 | 1 Compugroup Medical | 1 Cgm Medico | 2025-10-09 | 8.6 High |
| An insecure implementation of the proprietary protocol DNET in Product CGM MEDICO allows attackers within the intranet to eavesdrop and manipulate data on the protocol because encryption is optional for this connection. | ||||
| CVE-2025-10227 | 3 Axxonsoft, Linux, Microsoft | 3 Axxon One, Linux, Windows | 2025-10-08 | 4.6 Medium |
| Missing Encryption of Sensitive Data (CWE-311) in the Object Archive component in AxxonSoft Axxon One (C-Werk) before 2.0.8 on Windows and Linux allows a local attacker with access to exported storage or stolen physical drives to extract sensitive archive data in plaintext via lack of encryption at rest. | ||||
| CVE-2025-53676 | 1 Jenkins | 1 Xooa | 2025-10-03 | 6.5 Medium |
| Jenkins Xooa Plugin 0.0.7 and earlier stores the Xooa Deployment Token unencrypted in its global configuration file on the Jenkins controller, where it can be viewed by users with access to the Jenkins controller file system. | ||||
| CVE-2025-53678 | 1 Jenkins | 1 User1st Utester | 2025-10-03 | 6.5 Medium |
| Jenkins User1st uTester Plugin 1.1 and earlier stores the uTester JWT token unencrypted in its global configuration file on the Jenkins controller, where it can be viewed by users with access to the Jenkins controller file system. | ||||
| CVE-2025-53673 | 1 Jenkins | 1 Sensedia Api Platform Tools | 2025-10-01 | 6.5 Medium |
| Jenkins Sensedia Api Platform tools Plugin 1.0 stores the Sensedia API Manager integration token unencrypted in its global configuration file on the Jenkins controller, where it can be viewed by users with access to the Jenkins controller file system. | ||||
| CVE-2024-41757 | 1 Ibm | 1 Concert | 2025-09-29 | 5.9 Medium |
| IBM Concert Software 1.0.0 and 1.0.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. | ||||
| CVE-2024-56439 | 1 Huawei | 1 Harmonyos | 2025-09-26 | 7.5 High |
| Access control vulnerability in the identity authentication module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2025-59410 | 2 Dragonflyoss, Linuxfoundation | 2 Dragonfly2, Dragonfly | 2025-09-18 | 3.7 Low |
| Dragonfly is an open source P2P-based file distribution and image acceleration system. Prior to 2.1.0, the code in the scheduler for downloading a tiny file is hard coded to use the HTTP protocol, rather than HTTPS. This means that an attacker could perform a Man-in-the-Middle attack, changing the network request so that a different piece of data gets downloaded. This vulnerability is fixed in 2.1.0. | ||||
| CVE-2025-45768 | 1 Pyjwt Project | 1 Pyjwt | 2025-09-12 | 7 High |
| pyjwt v2.10.1 was discovered to contain weak encryption. NOTE: this is disputed by the Supplier because the key length is chosen by the application that uses the library (admittedly, library users may benefit from a minimum value and a mechanism for opting in to strict enforcement). | ||||
| CVE-2023-37405 | 1 Ibm | 2 Cloud Pak System, Cloud Pak System Software Suite | 2025-08-18 | 6.5 Medium |
| IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.36 iFix1, 2.3.3.6 iFix2, 2.3.3.7, 2.3.3.7 iFix1, 2.3.4.0, and 2.3.4.1 stores sensitive data in memory, that could be obtained by an unauthorized user. | ||||
| CVE-2025-36062 | 1 Ibm | 1 Cognos Analytics Mobile | 2025-08-18 | 5.9 Medium |
| IBM Cognos Analytics Mobile (iOS) 1.1.0 through 1.1.22 could be vulnerable to information exposure due to the use of unencrypted network traffic. | ||||