EUVD-2026-23760

A security vulnerability has been detected in langflow-ai langflow up to 1.8.3. The affected element is the function createproject/encryptauthsettings of the file src/backend/base/Langflow/api/v1/projects.py of the component Project Creation Endpoint. Such manipulation of the argument authsetting...

CVE-2025-13053 A missing encryption of sensitive data vulnerability was found in the UPS settings of ADM

When a user configures the NAS to retrieve UPS status or control the UPS, a non-enforced TLS certificate verification can allow an attacker able to intercept network traffic between the client and server can perform a man-in-the-middle MITM attack, which may obtain the sensitive information of th...

CVE-2024-38460

In SonarQube before 10.4 and 9.9.4 LTA, encrypted values generated using the Settings Encryption feature are potentially exposed in cleartext as part of the URL parameters in the logs such as SonarQube Access Logs, Proxy Logs, etc...

CVE-2024-38460

In SonarQube before 10.4 and 9.9.4 LTA, encrypted values generated using the Settings Encryption feature are potentially exposed in cleartext as part of the URL parameters in the logs such as SonarQube Access Logs, Proxy Logs, etc...

CVE-2024-38460

CVE-2024-38460 affects SonarQube before 10.4 and 9.9.4 LTA. The issue is that values encrypted via Settings Encryption can be exposed in cleartext in URL parameters found in logs (e.g., access logs, proxy logs). The root cause is insecure handling of encrypted values in log output, enabling poten...

PT-2024-28016 · Sonarqube · Sonarqube

Name of the Vulnerable Software and Affected Versions: SonarQube versions prior to 10.4 SonarQube version 9.9.4 LTA and earlier Description: The issue concerns the potential exposure of encrypted values in cleartext as part of URL parameters in logs, such as SonarQube Access Logs and Proxy Logs...