Lucene search
K

201 matches found

ibm
ibm
added 2025/09/23 12:45 p.m.7 views

Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses pyjwt v2.10.1 library which is vulnerable to CVE-2025-45768

Summary Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses pyjwt v2.10.1 library which is vulnerable to CVE-2025-45768. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-45768 DESCRIPTION: pyjwt v2.10.1 was...

7CVSS6.8AI score0.0016EPSS
Exploits0Affected Software1
snyk
snyk
added 2025/09/17 8:23 p.m.2 views

Missing Encryption of Sensitive Data

Overview Affected versions of this package are vulnerable to Missing Encryption of Sensitive Data via the DownloadTinyFile function. An attacker can intercept and modify file downloads by performing a man-in-the-middle attack on network traffic, potentially causing peers to receive malicious file...

6.9CVSS6.6AI score0.0013EPSS
Exploits0References2
snyk
snyk
added 2025/09/17 8:23 p.m.2 views

Missing Encryption of Sensitive Data

Overview Affected versions of this package are vulnerable to Missing Encryption of Sensitive Data via the DownloadTinyFile function. An attacker can intercept and modify file downloads by performing a man-in-the-middle attack on network traffic, potentially causing peers to receive malicious file...

6.9CVSS6.6AI score0.0013EPSS
Exploits0References2
snyk
snyk
added 2025/09/17 8:23 p.m.1 views

Missing Encryption of Sensitive Data

Overview Affected versions of this package are vulnerable to Missing Encryption of Sensitive Data via the DownloadTinyFile function. An attacker can intercept and modify file downloads by performing a man-in-the-middle attack on network traffic, potentially causing peers to receive malicious file...

6.9CVSS6.6AI score0.0013EPSS
Exploits0References2
snyk
snyk
added 2025/09/17 8:23 p.m.2 views

Missing Encryption of Sensitive Data

Overview Affected versions of this package are vulnerable to Missing Encryption of Sensitive Data via the DownloadTinyFile function. An attacker can intercept and modify file downloads by performing a man-in-the-middle attack on network traffic, potentially causing peers to receive malicious file...

6.9CVSS6.6AI score0.0013EPSS
Exploits0References2
snyk
snyk
added 2025/09/17 8:23 p.m.2 views

Missing Encryption of Sensitive Data

Overview Affected versions of this package are vulnerable to Missing Encryption of Sensitive Data via the DownloadTinyFile function. An attacker can intercept and modify file downloads by performing a man-in-the-middle attack on network traffic, potentially causing peers to receive malicious file...

6.9CVSS6.6AI score0.0013EPSS
Exploits0References2
snyk
snyk
added 2025/09/17 8:23 p.m.1 views

Missing Encryption of Sensitive Data

Overview Affected versions of this package are vulnerable to Missing Encryption of Sensitive Data via the DownloadTinyFile function. An attacker can intercept and modify file downloads by performing a man-in-the-middle attack on network traffic, potentially causing peers to receive malicious file...

6.9CVSS6.6AI score0.0013EPSS
Exploits0References2
snyk
snyk
added 2025/09/17 8:23 p.m.1 views

Missing Encryption of Sensitive Data

Overview Affected versions of this package are vulnerable to Missing Encryption of Sensitive Data via the DownloadTinyFile function. An attacker can intercept and modify file downloads by performing a man-in-the-middle attack on network traffic, potentially causing peers to receive malicious file...

6.9CVSS6.6AI score0.0013EPSS
Exploits0References2
snyk
snyk
added 2025/09/17 8:23 p.m.1 views

Missing Encryption of Sensitive Data

Overview Affected versions of this package are vulnerable to Missing Encryption of Sensitive Data via the DownloadTinyFile function. An attacker can intercept and modify file downloads by performing a man-in-the-middle attack on network traffic, potentially causing peers to receive malicious file...

6.9CVSS6.6AI score0.0013EPSS
Exploits0References2
snyk
snyk
added 2025/09/17 8:23 p.m.2 views

Missing Encryption of Sensitive Data

Overview Affected versions of this package are vulnerable to Missing Encryption of Sensitive Data via the DownloadTinyFile function. An attacker can intercept and modify file downloads by performing a man-in-the-middle attack on network traffic, potentially causing peers to receive malicious file...

6.9CVSS6.6AI score0.0013EPSS
Exploits0References2
snyk
snyk
added 2025/09/17 8:23 p.m.1 views

Missing Encryption of Sensitive Data

Overview Affected versions of this package are vulnerable to Missing Encryption of Sensitive Data via the DownloadTinyFile function. An attacker can intercept and modify file downloads by performing a man-in-the-middle attack on network traffic, potentially causing peers to receive malicious file...

6.9CVSS6.6AI score0.0013EPSS
Exploits0References2
redhatcve
redhatcve
added 2025/09/12 1:20 p.m.8 views

CVE-2025-10227

Missing Encryption of Sensitive Data CWE-311 in the Object Archive component in AxxonSoft Axxon One C-Werk before 2.0.8 on Windows and Linux allows a local attacker with access to exported storage or stolen physical drives to extract sensitive archive data in plaintext via lack of encryption at...

5.1CVSS6.3AI score0.00071EPSS
Exploits0References1
osv
osv
added 2025/09/10 1:15 p.m.6 views

CVE-2025-10227

Missing Encryption of Sensitive Data CWE-311 in the Object Archive component in AxxonSoft Axxon One C-Werk before 2.0.8 on Windows and Linux allows a local attacker with access to exported storage or stolen physical drives to extract sensitive archive data in plaintext via lack of encryption at...

4.6CVSS5.4AI score0.00071EPSS
Exploits0References1
nvd
nvd
added 2025/08/09 6:15 p.m.7 views

CVE-2025-8763

A vulnerability was found in Ruijie EG306MG 3.01B11P309. It has been rated as problematic. This issue affects some unknown processing of the file /etc/strongswan.conf of the component strongSwan. The manipulation of the argument idontcareaboutsecurityanduseaggressivemodepsk leads to missing...

6.3CVSS0.00148EPSS
Exploits0References4
vulnrichment
vulnrichment
added 2025/08/09 6:2 p.m.3 views

CVE-2025-8763 Ruijie EG306MG strongSwan strongswan.conf missing encryption

A vulnerability was found in Ruijie EG306MG 3.01B11P309. It has been rated as problematic. This issue affects some unknown processing of the file /etc/strongswan.conf of the component strongSwan. The manipulation of the argument idontcareaboutsecurityanduseaggressivemodepsk leads to missing...

6.3CVSS6.9AI score0.00148EPSS
Exploits0References4
cvelist
cvelist
added 2025/08/09 6:2 p.m.8 views

CVE-2025-8763 Ruijie EG306MG strongSwan strongswan.conf missing encryption

A vulnerability was found in Ruijie EG306MG 3.01B11P309. It has been rated as problematic. This issue affects some unknown processing of the file /etc/strongswan.conf of the component strongSwan. The manipulation of the argument idontcareaboutsecurityanduseaggressivemodepsk leads to missing...

6.3CVSS0.00148EPSS
Exploits0References4
cve
cve
added 2025/08/09 6:2 p.m.24 views

CVE-2025-8763

CVE-2025-8763 concerns Ruijie EG306MG 3.0(1)B11P309 where the strongSwan component processes the /etc/strongswan.conf file. The root cause is manipulation of the argument i_dont_care_about_security_and_use_aggressive_mode_psk, leading to missing encryption of sensitive data. The vulnerability can...

6.3CVSS6.9AI score0.00148EPSS
Exploits0References4
bdu_fstec
bdu_fstec
added 2025/08/08 12:0 a.m.9 views

The vulnerability of the mbedtls_lms_verify() function in Mbed TLS software allows a hacker to bypass existing security restrictions.

The vulnerability of the mbedtlslmsverify function in Mbed TLS is related to the absence of a necessary encryption step. Exploiting this vulnerability could allow attackers to circumvent existing security restrictions...

4.9CVSS5.5AI score0.00125EPSS
Exploits0References2Affected Software1
bdu_fstec
bdu_fstec
added 2025/08/01 12:0 a.m.8 views

The vulnerability of the device management platform for systems related to heating, ventilation, and air conditioning, lighting, and energy consumption within the Niagara Framework, as well as the Niagara Enterprise Security tools for access control and security, stems from the absence of necessary encryption steps. This allows attackers to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the device management platform for systems for heating, ventilation, and air conditioning, lighting, and energy consumption, as well as the Niagara Framework and the access control and security measures, is related to the absence of the necessary encryption step. Exploiting...

10CVSS5.8AI score0.00318EPSS
Exploits0References5Affected Software2
ibm
ibm
added 2025/07/23 8:2 a.m.4 views

Security Bulletin: IBM Engineering Systems Design Rhapsody was affected by CVE-2025-33020

Summary IBM Engineering Systems Design Rhapsody was vulnerable to transmits sensitive information without encryption that could allow an attacker to obtain highly sensitive information. Vulnerability Details CVEID:CVE-2025-33020 DESCRIPTION: IBM Engineering Systems Design Rhapsody transmits...

7.5CVSS5.7AI score0.00101EPSS
Exploits0Affected Software1
Rows per page
Query Builder