Total
337 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-64143 | 1 Jenkins | 1 Openshift Pipeline | 2025-11-04 | N/A | 4.3 MEDIUM |
| Jenkins OpenShift Pipeline Plugin 1.0.57 and earlier stores authorization tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission, or access to the Jenkins controller file system. | |||||
| CVE-2025-53678 | 1 Jenkins | 1 User1st Utester | 2025-11-04 | N/A | 6.5 MEDIUM |
| Jenkins User1st uTester Plugin 1.1 and earlier stores the uTester JWT token unencrypted in its global configuration file on the Jenkins controller, where it can be viewed by users with access to the Jenkins controller file system. | |||||
| CVE-2025-53676 | 1 Jenkins | 1 Xooa | 2025-11-04 | N/A | 6.5 MEDIUM |
| Jenkins Xooa Plugin 0.0.7 and earlier stores the Xooa Deployment Token unencrypted in its global configuration file on the Jenkins controller, where it can be viewed by users with access to the Jenkins controller file system. | |||||
| CVE-2025-53673 | 1 Jenkins | 1 Sensedia Api Platform Tools | 2025-11-04 | N/A | 6.5 MEDIUM |
| Jenkins Sensedia Api Platform tools Plugin 1.0 stores the Sensedia API Manager integration token unencrypted in its global configuration file on the Jenkins controller, where it can be viewed by users with access to the Jenkins controller file system. | |||||
| CVE-2025-53668 | 1 Jenkins | 1 Vaddy | 2025-11-04 | N/A | 6.5 MEDIUM |
| Jenkins VAddy Plugin 1.2.8 and earlier stores Vaddy API Auth Keys unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system. | |||||
| CVE-2025-53666 | 1 Jenkins | 1 Dead Man\'s Snitch | 2025-11-04 | N/A | 6.5 MEDIUM |
| Jenkins Dead Man's Snitch Plugin 0.1 stores Dead Man's Snitch tokens unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system. | |||||
| CVE-2025-53663 | 1 Jenkins | 1 Ibm Cloud Devops | 2025-11-04 | N/A | 6.5 MEDIUM |
| Jenkins IBM Cloud DevOps Plugin 2.0.16 and earlier stores SonarQube authentication tokens unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system. | |||||
| CVE-2025-53659 | 1 Jenkins | 1 Qmetry Test Management | 2025-11-04 | N/A | 6.5 MEDIUM |
| Jenkins QMetry Test Management Plugin 1.13 and earlier stores Qmetry Automation API Keys unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system. | |||||
| CVE-2025-53653 | 1 Jenkins | 1 Aqua Security Scanner | 2025-11-04 | N/A | 4.3 MEDIUM |
| Jenkins Aqua Security Scanner Plugin 3.2.8 and earlier stores Scanner Tokens for Aqua API unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system. | |||||
| CVE-2024-25027 | 1 Ibm | 1 Security Verify Access | 2025-11-03 | N/A | 6.2 MEDIUM |
| IBM Security Verify Access 10.0.6 could disclose sensitive snapshot information due to missing encryption. IBM X-Force ID: 281607. | |||||
| CVE-2023-38267 | 1 Ibm | 2 Security Verify Access, Security Verify Access Docker | 2025-11-03 | N/A | 6.2 MEDIUM |
| IBM Security Access Manager Appliance (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.6.1) could allow a local user to possibly elevate their privileges due to sensitive configuration information being exposed. IBM X-Force ID: 260584. | |||||
| CVE-2025-43274 | 1 Apple | 1 Macos | 2025-11-03 | N/A | 4.4 MEDIUM |
| A privacy issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.6. A sandboxed process may be able to circumvent sandbox restrictions. | |||||
| CVE-2025-31977 | 1 Hcltech | 1 Bigfix Service Management | 2025-10-29 | N/A | 5.3 MEDIUM |
| HCL BigFix SM is affected by cryptographic weakness due to weak or outdated encryption algorithms. An attacker with network access could exploit this weakness to decrypt or manipulate encrypted communications under certain conditions. | |||||
| CVE-2024-41980 | 1 Siemens | 1 Opcenter Quality | 2025-10-23 | N/A | 3.1 LOW |
| A vulnerability has been identified in SmartClient modules Opcenter QL Home (SC) (All versions >= V13.2 < V2506), SOA Audit (All versions >= V13.2 < V2506), SOA Cockpit (All versions >= V13.2 < V2506). The affected application do not encrypt the communication in LDAP interface by default. This could allow an authenticated attacker to gain unauthorized access to sensitive information. | |||||
| CVE-2024-41982 | 1 Siemens | 1 Opcenter Quality | 2025-10-23 | N/A | 4.8 MEDIUM |
| A vulnerability has been identified in SmartClient modules Opcenter QL Home (SC) (All versions >= V13.2 < V2506), SOA Audit (All versions >= V13.2 < V2506), SOA Cockpit (All versions >= V13.2 < V2506). The affected application does not have adequate encryption of sensitive information. This could allow an authenticated attacker to gain access of sensitive information. | |||||
| CVE-2024-41757 | 1 Ibm | 1 Concert | 2025-09-29 | N/A | 5.9 MEDIUM |
| IBM Concert Software 1.0.0 and 1.0.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. | |||||
| CVE-2024-56439 | 1 Huawei | 1 Harmonyos | 2025-09-26 | N/A | 7.5 HIGH |
| Access control vulnerability in the identity authentication module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2025-59410 | 1 Linuxfoundation | 1 Dragonfly | 2025-09-18 | N/A | 3.7 LOW |
| Dragonfly is an open source P2P-based file distribution and image acceleration system. Prior to 2.1.0, the code in the scheduler for downloading a tiny file is hard coded to use the HTTP protocol, rather than HTTPS. This means that an attacker could perform a Man-in-the-Middle attack, changing the network request so that a different piece of data gets downloaded. This vulnerability is fixed in 2.1.0. | |||||
| CVE-2025-45768 | 1 Pyjwt Project | 1 Pyjwt | 2025-09-12 | N/A | 7.0 HIGH |
| pyjwt v2.10.1 was discovered to contain weak encryption. NOTE: this is disputed by the Supplier because the key length is chosen by the application that uses the library (admittedly, library users may benefit from a minimum value and a mechanism for opting in to strict enforcement). | |||||
| CVE-2023-37405 | 1 Ibm | 2 Cloud Pak System, Cloud Pak System Software Suite | 2025-08-18 | N/A | 6.5 MEDIUM |
| IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.36 iFix1, 2.3.3.6 iFix2, 2.3.3.7, 2.3.3.7 iFix1, 2.3.4.0, and 2.3.4.1 stores sensitive data in memory, that could be obtained by an unauthorized user. | |||||