ReportizFlow
Filtered by vendor
Subscriptions
Total
483 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-53668 | 1 Jenkins | 1 Vaddy | 2025-07-18 | 6.5 Medium |
| Jenkins VAddy Plugin 1.2.8 and earlier stores Vaddy API Auth Keys unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system. | ||||
| CVE-2025-53666 | 1 Jenkins | 1 Dead Man\'s Snitch | 2025-07-18 | 6.5 Medium |
| Jenkins Dead Man's Snitch Plugin 0.1 stores Dead Man's Snitch tokens unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system. | ||||
| CVE-2025-53653 | 1 Jenkins | 1 Aqua Security Scanner | 2025-07-18 | 4.3 Medium |
| Jenkins Aqua Security Scanner Plugin 3.2.8 and earlier stores Scanner Tokens for Aqua API unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system. | ||||
| CVE-2025-53659 | 1 Jenkins | 1 Qmetry Test Management | 2025-07-18 | 6.5 Medium |
| Jenkins QMetry Test Management Plugin 1.13 and earlier stores Qmetry Automation API Keys unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system. | ||||
| CVE-2025-53663 | 1 Jenkins | 1 Ibm Cloud Devops | 2025-07-18 | 6.5 Medium |
| Jenkins IBM Cloud DevOps Plugin 2.0.16 and earlier stores SonarQube authentication tokens unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system. | ||||
| CVE-2024-41757 | 1 Ibm | 1 Concert | 2025-07-18 | 5.9 Medium |
| IBM Concert Software 1.0.0 and 1.0.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. | ||||
| CVE-2025-32874 | 2025-07-18 | 7.4 High | ||
| An issue was discovered in Kaseya Rapid Fire Tools Network Detective through 2.0.16.0. A vulnerability exists in the EncryptionUtil class because symmetric encryption is implemented in a deterministic and non-randomized fashion. The method Encrypt(byte[] clearData) derives both the encryption key and the IV from a fixed, hardcoded input by using a static salt value. As a result, identical plaintext inputs always produce identical ciphertext outputs. This is true for both FIPS and non-FIPS generated passwords. In other words, there is a cryptographic implementation flaw in the password encryption mechanism. Although there are multiple encryption methods grouped under FIPS and non-FIPS classifications, the logic consistently results in predictable and reversible encrypted outputs due to the lack of per-operation randomness and encryption authentication. | ||||
| CVE-2025-53678 | 2025-07-10 | 6.5 Medium | ||
| Jenkins User1st uTester Plugin 1.1 and earlier stores the uTester JWT token unencrypted in its global configuration file on the Jenkins controller, where it can be viewed by users with access to the Jenkins controller file system. | ||||
| CVE-2025-53676 | 2025-07-10 | 6.5 Medium | ||
| Jenkins Xooa Plugin 0.0.7 and earlier stores the Xooa Deployment Token unencrypted in its global configuration file on the Jenkins controller, where it can be viewed by users with access to the Jenkins controller file system. | ||||
| CVE-2025-53673 | 2025-07-10 | 6.5 Medium | ||
| Jenkins Sensedia Api Platform tools Plugin 1.0 stores the Sensedia API Manager integration token unencrypted in its global configuration file on the Jenkins controller, where it can be viewed by users with access to the Jenkins controller file system. | ||||
| CVE-2014-6274 | 2025-06-30 | 7.5 High | ||
| git-annex had a bug in the S3 and Glacier remotes where if embedcreds=yes was set, and the remote used encryption=pubkey or encryption=hybrid, the embedded AWS credentials were stored in the git repository in (effectively) plaintext, not encrypted as they were supposed to be. This issue affects git-annex: from 3.20121126 before 5.20140919. | ||||
| CVE-2024-1936 | 3 Debian, Mozilla, Redhat | 7 Debian Linux, Thunderbird, Enterprise Linux and 4 more | 2025-06-30 | 7.5 High |
| The encrypted subject of an email message could be incorrectly and permanently assigned to an arbitrary other email message in Thunderbird's local cache. Consequently, when replying to the contaminated email message, the user might accidentally leak the confidential subject to a third-party. While this update fixes the bug and avoids future message contamination, it does not automatically repair existing contaminations. Users are advised to use the repair folder functionality, which is available from the context menu of email folders, which will erase incorrect subject assignments. This vulnerability affects Thunderbird < 115.8.1. | ||||
| CVE-2018-8849 | 1 Medtronic | 4 N\'vision 8840, N\'vision 8840 Firmware, N\'vision 8870 and 1 more | 2025-06-27 | 4.6 Medium |
| Medtronic N'Vision Clinician Programmer 8840 N'Vision Clinician Programme and 8870 N'Vision removable Application Card do not encrypt PII and PHI while at rest. | ||||
| CVE-2012-1977 | 1 Wellintech | 1 Kingview | 2025-06-27 | N/A |
| WellinTech KingSCADA 3.0 uses a cleartext base64 format for storage of passwords in user.db, which allows context-dependent attackers to obtain sensitive information by reading this file. | ||||
| CVE-2025-32875 | 2025-06-23 | 5.7 Medium | ||
| An issue was discovered in the COROS application through 3.8.12 for Android. Bluetooth pairing and bonding is neither initiated nor enforced by the application itself. Also, the watch does not enforce pairing and bonding. As a result, any data transmitted via BLE remains unencrypted, allowing attackers within Bluetooth range to eavesdrop on the communication. Furthermore, even if a user manually initiates pairing and bonding in the Android settings, the application continues to transmit data without requiring the watch to be bonded. This fallback behavior enables attackers to exploit the communication, for example, by conducting an active machine-in-the-middle attack. | ||||
| CVE-2023-50129 | 1 Flient | 2 Smart Lock Advanced, Smart Lock Advanced Firmware | 2025-06-20 | 6.5 Medium |
| Missing encryption in the NFC tags of the Flient Smart Door Lock v1.0 allows attackers to create a cloned tag via brief physical proximity to the original tags, which results in an attacker gaining access to the perimeter. | ||||
| CVE-2024-24768 | 1 Fit2cloud | 1 1panel | 2025-06-18 | 6.5 Medium |
| 1Panel is an open source Linux server operation and maintenance management panel. The HTTPS cookie that comes with the panel does not have the Secure keyword, which may cause the cookie to be sent in plain text if accessed using HTTP. This issue has been patched in version 1.9.6. | ||||
| CVE-2023-33037 | 1 Qualcomm | 166 Ar8035, Ar8035 Firmware, Fastconnect 6200 and 163 more | 2025-06-17 | 7.1 High |
| Cryptographic issue in Automotive while unwrapping the key secs2d and verifying with RPMB data. | ||||
| CVE-2023-50126 | 1 Hozard | 1 Alarm System | 2025-06-03 | 6.5 Medium |
| Missing encryption in the RFID tags of the Hozard alarm system (Alarmsysteem) v1.0 allow attackers to create a cloned tag via brief physical proximity to one of the original tags, which results in an attacker being able to bring the alarm system to a disarmed state. | ||||
| CVE-2023-6339 | 1 Google | 2 Nest Wifi Pro, Nest Wifi Pro Firmware | 2025-06-03 | 10 Critical |
| Google Nest WiFi Pro root code-execution & user-data compromise | ||||