CVE-2025-14823

The CVE-2025-14823 issue affects ConnectWise ScreenConnect’s Certificate Signing Extension. Affected: Certificate Signing Extension prior to version 1.0.12. Description across sources shows that encrypted configuration values, including an Azure Key Vault-related key, could be exposed in client r...

CVE-2025-14823 Certificate Signing Extension Returns Encrypted Values

In deployments using the ScreenConnect™ Certificate Signing Extension, encrypted configuration values including an Azure Key Vault-related key, could be returned to unauthenticated users through a client-facing endpoint under certain conditions. The values remained encrypted and securely stored a...

CVE-2025-14823 Certificate Signing Extension Returns Encrypted Values

In deployments using the ScreenConnect™ Certificate Signing Extension, encrypted configuration values including an Azure Key Vault-related key, could be returned to unauthenticated users through a client-facing endpoint under certain conditions. The values remained encrypted and securely stored a...

ConnectWise ScreenConnect 安全漏洞

ConnectWise ScreenConnect is a self-hosted remote desktop software application from ConnectWise. A security vulnerability exists in ConnectWise ScreenConnect that stems from mishandling of the certificate signing extension configuration, which could lead to the disclosure of encrypted configurati...

EUVD-2021-20187

Malware in sbrugna...

EUVD-2024-2957

Malicious code in bioql PyPI...

EUVD-2024-2078

Malicious code in bioql PyPI...

CVE-2024-47805

Jenkins Credentials Plugin 1380.va435002fa924 and earlier, except 1371.1373.v4ebfab7161e9, does not redact encrypted values of credentials using the SecretBytes type when accessing item config.xml via REST API or CLI...

Jenkins Credentials plugin reveals encrypted values of credentials to users with Extended Read permission

Jenkins Credentials Plugin 1380.va435002fa924 and earlier, except 1371.1373.v4ebfab7161e9, does not redact encrypted values of credentials using the SecretBytes type e.g., Certificate credentials, or Secret file credentials from Plain Credentials Plugin when accessing item config.xml via REST API...

GHSA-62JV-J4W7-5HH8 Jenkins Credentials plugin reveals encrypted values of credentials to users with Extended Read permission

Jenkins Credentials Plugin 1380.va435002fa924 and earlier, except 1371.1373.v4ebfab7161e9, does not redact encrypted values of credentials using the SecretBytes type e.g., Certificate credentials, or Secret file credentials from Plain Credentials Plugin when accessing item config.xml via REST API...

CVE-2024-47805

Jenkins Credentials Plugin 1380.va435002fa924 and earlier, except 1371.1373.v4ebfab7161e9, does not redact encrypted values of credentials using the SecretBytes type when accessing item config.xml via REST API or CLI...

CVE-2024-47805

Jenkins Credentials Plugin 1380.va435002fa924 and earlier, except 1371.1373.v4ebfab7161e9, does not redact encrypted values of credentials using the SecretBytes type when accessing item config.xml via REST API or CLI...

CVE-2024-47805

Jenkins Credentials Plugin 1380.va435002fa924 and earlier, except 1371.1373.v4ebfab7161e9, does not redact encrypted values of credentials using the SecretBytes type when accessing item config.xml via REST API or CLI...

CVE-2024-47805

CVE-2024-47805 affects Jenkins Credentials Plugin and does not redact encrypted values of credentials using the SecretBytes type in item config.xml accessed via REST API or CLI. Vulnerable versions include 1380.va_435002fa_924 and earlier, with some exceptions (e.g., 1371.1373.v4eb_fa_b_7161e9). ...

CVE-2024-47805

Jenkins Credentials Plugin 1380.va435002fa924 and earlier, except 1371.1373.v4ebfab7161e9, does not redact encrypted values of credentials using the SecretBytes type when accessing item config.xml via REST API or CLI...

Information Disclosure

SonarQube is vulnerable to exposure of encrypted values in cleartext. The vulnerability is due to encrypted values generated using the Settings Encryption feature being exposed in URL parameters in logs, allowing attackers with access to SonarQube logs or proxy logs to view sensitive information...

CVE-2024-38460

CVE-2024-38460 affects SonarQube before 10.4 and 9.9.4 LTA. The issue is that values encrypted via Settings Encryption can be exposed in cleartext in URL parameters found in logs (e.g., access logs, proxy logs). The root cause is insecure handling of encrypted values in log output, enabling poten...

CVE-2024-38460

In SonarQube before 10.4 and 9.9.4 LTA, encrypted values generated using the Settings Encryption feature are potentially exposed in cleartext as part of the URL parameters in the logs such as SonarQube Access Logs, Proxy Logs, etc...

CVE-2024-38460

In SonarQube before 10.4 and 9.9.4 LTA, encrypted values generated using the Settings Encryption feature are potentially exposed in cleartext as part of the URL parameters in the logs such as SonarQube Access Logs, Proxy Logs, etc...

CVE-2024-23580

HCL DRYiCE Optibot Reset Station is impacted by insecure encryption of One-Time Passwords OTPs. This could allow an attacker with access to the database to recover some or all encrypted values...