Total
493 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-23444 | 1 Elastic | 1 Elasticsearch | 2025-12-03 | N/A | 4.9 MEDIUM |
| It was discovered by Elastic engineering that when elasticsearch-certutil CLI tool is used with the csr option in order to create a new Certificate Signing Requests, the associated private key that is generated is stored on disk unencrypted even if the --pass parameter is passed in the command invocation. | |||||
| CVE-2018-3826 | 1 Elastic | 1 Elasticsearch | 2025-12-03 | 4.0 MEDIUM | 6.5 MEDIUM |
| In Elasticsearch versions 6.0.0-beta1 to 6.2.4 a disclosure flaw was found in the _snapshot API. When the access_key and security_key parameters are set using the _snapshot API they can be exposed as plain text by users able to query the _snapshot API. | |||||
| CVE-2023-46219 | 2 Fedoraproject, Haxx | 2 Fedora, Curl | 2025-12-02 | N/A | 5.3 MEDIUM |
| When saving HSTS data to an excessively long file name, curl could end up removing all contents, making subsequent requests using that file unaware of the HSTS status they should otherwise use. | |||||
| CVE-2025-64147 | 1 Jenkins | 1 Curseforge Publisher | 2025-11-04 | N/A | 4.3 MEDIUM |
| Jenkins Curseforge Publisher Plugin 1.0 does not mask API Keys displayed on the job configuration form, increasing the potential for attackers to observe and capture them. | |||||
| CVE-2025-64146 | 1 Jenkins | 1 Curseforge Publisher | 2025-11-04 | N/A | 4.3 MEDIUM |
| Jenkins Curseforge Publisher Plugin 1.0 stores API Keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission, or access to the Jenkins controller file system. | |||||
| CVE-2025-64145 | 1 Jenkins | 1 Byteguard Build Actions | 2025-11-04 | N/A | 4.3 MEDIUM |
| Jenkins ByteGuard Build Actions Plugin 1.0 does not mask API tokens displayed on the job configuration form, increasing the potential for attackers to observe and capture them. | |||||
| CVE-2025-64144 | 1 Jenkins | 1 Byteguard Build Actions | 2025-11-04 | N/A | 4.3 MEDIUM |
| Jenkins ByteGuard Build Actions Plugin 1.0 stores API tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission, or access to the Jenkins controller file system. | |||||
| CVE-2025-64143 | 1 Jenkins | 1 Openshift Pipeline | 2025-11-04 | N/A | 4.3 MEDIUM |
| Jenkins OpenShift Pipeline Plugin 1.0.57 and earlier stores authorization tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission, or access to the Jenkins controller file system. | |||||
| CVE-2025-53678 | 1 Jenkins | 1 User1st Utester | 2025-11-04 | N/A | 6.5 MEDIUM |
| Jenkins User1st uTester Plugin 1.1 and earlier stores the uTester JWT token unencrypted in its global configuration file on the Jenkins controller, where it can be viewed by users with access to the Jenkins controller file system. | |||||
| CVE-2025-53676 | 1 Jenkins | 1 Xooa | 2025-11-04 | N/A | 6.5 MEDIUM |
| Jenkins Xooa Plugin 0.0.7 and earlier stores the Xooa Deployment Token unencrypted in its global configuration file on the Jenkins controller, where it can be viewed by users with access to the Jenkins controller file system. | |||||
| CVE-2025-53673 | 1 Jenkins | 1 Sensedia Api Platform Tools | 2025-11-04 | N/A | 6.5 MEDIUM |
| Jenkins Sensedia Api Platform tools Plugin 1.0 stores the Sensedia API Manager integration token unencrypted in its global configuration file on the Jenkins controller, where it can be viewed by users with access to the Jenkins controller file system. | |||||
| CVE-2025-53668 | 1 Jenkins | 1 Vaddy | 2025-11-04 | N/A | 6.5 MEDIUM |
| Jenkins VAddy Plugin 1.2.8 and earlier stores Vaddy API Auth Keys unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system. | |||||
| CVE-2025-53666 | 1 Jenkins | 1 Dead Man\'s Snitch | 2025-11-04 | N/A | 6.5 MEDIUM |
| Jenkins Dead Man's Snitch Plugin 0.1 stores Dead Man's Snitch tokens unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system. | |||||
| CVE-2025-53663 | 1 Jenkins | 1 Ibm Cloud Devops | 2025-11-04 | N/A | 6.5 MEDIUM |
| Jenkins IBM Cloud DevOps Plugin 2.0.16 and earlier stores SonarQube authentication tokens unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system. | |||||
| CVE-2025-53659 | 1 Jenkins | 1 Qmetry Test Management | 2025-11-04 | N/A | 6.5 MEDIUM |
| Jenkins QMetry Test Management Plugin 1.13 and earlier stores Qmetry Automation API Keys unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system. | |||||
| CVE-2025-53653 | 1 Jenkins | 1 Aqua Security Scanner | 2025-11-04 | N/A | 4.3 MEDIUM |
| Jenkins Aqua Security Scanner Plugin 3.2.8 and earlier stores Scanner Tokens for Aqua API unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system. | |||||
| CVE-2020-10124 | 1 Ncr | 2 Aptra Xfs, Selfserv Atm | 2025-11-04 | 4.4 MEDIUM | 7.1 HIGH |
| NCR SelfServ ATMs running APTRA XFS 05.01.00 do not encrypt, authenticate, or verify the integrity of messages between the BNA and the host computer, which could allow an attacker with physical access to the internal components of the ATM to execute arbitrary code, including code that enables the attacker to commit deposit forgery. | |||||
| CVE-2024-7396 | 2025-11-04 | N/A | N/A | ||
| Missing encryption of sensitive data in Korenix JetPort 5601v3 allows Eavesdropping.This issue affects JetPort 5601v3: through 1.2. | |||||
| CVE-2024-25027 | 1 Ibm | 1 Security Verify Access | 2025-11-03 | N/A | 6.2 MEDIUM |
| IBM Security Verify Access 10.0.6 could disclose sensitive snapshot information due to missing encryption. IBM X-Force ID: 281607. | |||||
| CVE-2023-38267 | 1 Ibm | 2 Security Verify Access, Security Verify Access Docker | 2025-11-03 | N/A | 6.2 MEDIUM |
| IBM Security Access Manager Appliance (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.6.1) could allow a local user to possibly elevate their privileges due to sensitive configuration information being exposed. IBM X-Force ID: 260584. | |||||