CVE-2026-53442

CVE-2026-53442 affects Jenkins 2.567 and earlier, LTS 2.555.2 and earlier. The issue: secrets posted via config.xml are not encrypted before being stored in job config.xml files on the Jenkins controller, allowing disclosure to users with Item/Extended Read permissions or filesystem access. This ...

ROS-20260605-73-0046

The vulnerability in Grafana relates to the unencrypted storage of user data. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...

Astra Linux - уязвимость в firefox

The login credentials saved by Firefox should be managed by the Password Manager component, which uses encryption to store files on disk. However, the username not the password was saved by the Form Manager to an unencrypted file on disk. This vulnerability affects Firefox versions earlier than 1...

Astra Linux – Vulnerability in Firefox, Thunderbird

Push notifications stored on disk in private browsing mode were not encrypted, potentially allowing the leakage of sensitive information. This vulnerability affects Firefox 117, Firefox ESR 115.2, and Thunderbird 115.2...

GO-2026-4901 nginx-UI has Unencrypted Storage of DNS API Tokens and ACME Private Keys in github.com/0xJacky/nginx-ui

nginx-UI has Unencrypted Storage of DNS API Tokens and ACME Private Keys in github.com/0xJacky/nginx-ui...

PT-2026-29944

nginx-UI has Unencrypted Storage of DNS API Tokens and ACME Private Keys in github.com/0xJacky/nginx-ui...

CVE-2026-33030 Nginx UI: Unencrypted Storage of DNS API Tokens and ACME Private Keys

Nginx UI is a web user interface for the Nginx web server. In versions 2.3.3 and prior, Nginx-UI contains an Insecure Direct Object Reference IDOR vulnerability that allows any authenticated user to access, modify, and delete resources belonging to other users. The application's base Model struct...

CVE-2026-33030

CVE-2026-33030 affects nginx-ui up to version 2.3.3. An Insecure Direct Object Reference (IDOR) vulnerability allows any authenticated user to access, modify, or delete resources owned by other users due to lack of user ownership checks in the base model and endpoints. Some sources (GHSA/OSV) add...

nginx-UI has Unencrypted Storage of DNS API Tokens and ACME Private Keys

Nginx-UI contains an Insecure Direct Object Reference IDOR vulnerability that allows any authenticated user to access, modify, and delete resources belonging to other users. The application's base Model struct lacks a userid field, and all resource endpoints perform queries by ID without verifyin...

CVE-2026-33003

Jenkins LoadNinja Plugin 2.1 and earlier stores LoadNinja API keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...

CVE-2026-33003

Jenkins LoadNinja Plugin 2.1 and earlier stores LoadNinja API keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...

CVE-2026-33003

CVE-2026-33003 affects Jenkins LoadNinja Plugin versions 2.1 and earlier. The underlying issue is that LoadNinja API keys are stored unencrypted in job config.xml files on the Jenkins controller. This can allow disclosure to users with Item/Extended Read permissions or anyone with access to the J...

Devolutions Server 安全漏洞

Devolutions Server is an application system developed by the Canadian company Devolutions. It provides a fully functional solution for shared accounts and password management. Versions of Devolutions Server prior to 2025.3.14 contained a security vulnerability; this vulnerability stemmed from the...

CVE-2025-59105 Unencrypted Flash Storage in dormakaba access manager

With physical access to the device and enough time an attacker can desolder the flash memory, modify it and then reinstall it because of missing encryption. Thus, essential files, such as "/etc/passwd", as well as stored certificates, cryptographic keys, stored PINs and so on can be modified and...

CVE-2022-38665

Jenkins CollabNet Plugins Plugin 2.0.8 and earlier stores a RabbitMQ password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system...

CVE-2025-64305 Columbia Weather Systems MicroServer Cleartext Storage in a File or on Disk

MicroServer copies parts of the system firmware to an unencrypted external SD card on boot, which contains user and vendor secrets. An attacker can utilize these plaintext secrets to modify the vendor firmware, or gain admin access to the web portal...

Sensitive Information Disclosure

Jenkins is vulnerable to Sensitive Information Disclosure. The vulnerability is due to build authorization tokens being stored unencrypted in job configuration files, which allows an attacker with extended read permissions or file system access to view and misuse these credentials...

Insertion Of Sensitive Information

Jenkins Kryptowire Plugin is vulnerable to insertion of sensitive information. The vulnerability is due to storing the Kryptowire API key in an unencrypted global configuration file, which allows an attacker with access to the Jenkins controller file system to retrieve the API key...

CVE-2025-67637

Jenkins 2.540 and earlier, LTS 2.528.2 and earlier stores build authorization tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...

Jenkins 安全漏洞

Jenkins is a Jenkins open source application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project. A security vulnerability exists in Jenkins 2.540 and earlier and LTS 2.528.2 and earlier, which stems from unencrypted...