sealed-env 信息泄露漏洞

Sealed-Env is a cross-platform zero-trust key management library developed by David Almeida. It supports encrypted storage and TOTP verification. Versions of Sealed-Env from 0.1.0-alpha.1 to 0.1.0-alpha.3 contained information leakage vulnerabilities. These vulnerabilities stemmed from the fact...

nginx-UI has Unencrypted Storage of DNS API Tokens and ACME Private Keys

Summary Nginx-UI contains an Insecure Direct Object Reference IDOR vulnerability that allows any authenticated user to access, modify, and delete resources belonging to other users. The application's base Model struct lacks a userid field, and all resource endpoints perform queries by ID without...

NervesHub security feature vulnerability

NervesHub is a software developed under open source by NervesHub for managing firmware updates of Nerves devices. Versions of NervesHub from 1.0.0 to 2.3.0 had security vulnerabilities. These vulnerabilities stemmed from the predictable and non-encrypted token format, which could lead to...

CVE-2022-27218

Jenkins incapptic connect uploader Plugin 1.15 and earlier stores tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system...

EUVD-2025-202459

Jenkins's build authorization token is stored and displayed in plain text...

CVE-2025-64143

Jenkins OpenShift Pipeline Plugin 1.0.57 and earlier stores authorization tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission, or access to the Jenkins controller file system...

EUVD-2025-36655

Jenkins OpenShift Pipeline Plugin stores authorization tokens unencrypted in job config.xml files...

GHSA-4653-9Q2R-684Q Jenkins OpenShift Pipeline Plugin stores authorization tokens unencrypted in job config.xml files

Jenkins OpenShift Pipeline Plugin 1.0.57 and earlier stores authorization tokens unencrypted in job config.xml files on the Jenkins controller as part of its configuration. These token can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system. As of...

EUVD-2025-36654

Jenkins ByteGuard Build Actions Plugin stores API tokens unencrypted in job config.xml files...

Jenkins OpenShift Pipeline Plugin stores authorization tokens unencrypted in job config.xml files

Jenkins OpenShift Pipeline Plugin 1.0.57 and earlier stores authorization tokens unencrypted in job config.xml files on the Jenkins controller as part of its configuration. These token can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system. As of...

CVE-2025-64143

Jenkins OpenShift Pipeline Plugin 1.0.57 and earlier stores authorization tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission, or access to the Jenkins controller file system...

CVE-2025-64143

Jenkins OpenShift Pipeline Plugin 1.0.57 and earlier stores authorization tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission, or access to the Jenkins controller file system...

PT-2025-44292

Name of the Vulnerable Software and Affected Versions Jenkins OpenShift Pipeline Plugin versions 1.0.57 and earlier Description The Jenkins OpenShift Pipeline Plugin stores authorization tokens unencrypted within config.xml files on the Jenkins controller. These files are accessible to users...

EUVD-2025-20848

Malicious code in bioql PyPI...

EUVD-2022-6417

Malicious code in bioql PyPI...

EUVD-2022-7145

Malicious code in bioql PyPI...

EUVD-2025-20851

Malicious code in bioql PyPI...

CVE-2025-6391

Brocade ASCG before 3.3.0 logs JSON Web Tokens JWT in log files. An attacker with access to the log files can withdraw the unencrypted tokens with security implications, such as unauthorized access, session hijacking, and information disclosure...

CVE-2025-6391

Brocade ASCG before 3.3.0 logs JSON Web Tokens JWT in log files. An attacker with access to the log files can withdraw the unencrypted tokens with security implications, such as unauthorized access, session hijacking, and information disclosure...

Brocade ASCG 日志信息泄露漏洞

Brocade ASCG is a networking feature from Brocade USA that is primarily used to simplify SAN architecture and optimize resource utilization. A log information disclosure vulnerability exists in Brocade ASCG versions prior to 3.3.0, which originates from logging unencrypted JWT tokens in log files...