48 matches found
CVE-2026-7874
IBM Langflow OSS 1.0.0 through 1.10.0 Langflow could allow disclosure of all stored credentials due to the use of a weak and reversible key derivation mechanism for encryption at rest...
EUVD-2026-40380
IBM Langflow OSS 1.0.0 through 1.10.0 Langflow could allow disclosure of all stored credentials due to the use of a weak and reversible key derivation mechanism for encryption at rest...
CVE-2026-7874
CVE-2026-7874 affects IBM Langflow OSS 1.0.0–1.10.0. The root cause is a weak and reversible key derivation mechanism used for at-rest encryption, which could allow an attacker to disclose all stored credentials (API keys, database passwords, OAuth tokens) if the encryption keys are compromised o...
PT-2026-53950
Name of the Vulnerable Software and Affected Versions IBM Langflow OSS versions 1.0.0 through 1.10.0 Description Langflow uses a weak and reversible key derivation mechanism for encryption at rest, which could lead to the disclosure of all stored credentials. Recommendations At the moment, there ...
PT-2026-52914
Name of the Vulnerable Software and Affected Versions OpenProject versions prior to 17.3.3 OpenProject versions prior to 17.4.1 Description The Storages module writes the OneDrive/SharePoint userless OAuth access token in plaintext to the Rails.cache using the deterministic key storage..httpx...
Lockbox -- a Zero Trust Architecture for Secure Processing of Sensitive Cloud Workloads
Enterprises increasingly rely on cloud-based applications to process highly sensitive data artifacts. Although cloud adoption improves agility and scalability, it also introduces new security challenges such as expanded attack surfaces, a wider radius of attack from credential compromise, and...
EUVD-2019-8534
Malware in sbrugna...
EUVD-2019-8527
Malware in sbrugna...
EUVD-2021-19561
Malware in sbrugna...
EUVD-2025-28142
Malicious code in bioql PyPI...
EUVD-2021-28235
Malicious code in bioql PyPI...
CVE-2025-10227
Missing Encryption of Sensitive Data CWE-311 in the Object Archive component in AxxonSoft Axxon One C-Werk before 2.0.8 on Windows and Linux allows a local attacker with access to exported storage or stolen physical drives to extract sensitive archive data in plaintext via lack of encryption at...
CVE-2025-10227
Missing Encryption of Sensitive Data CWE-311 in the Object Archive component in AxxonSoft Axxon One C-Werk before 2.0.8 on Windows and Linux allows a local attacker with access to exported storage or stolen physical drives to extract sensitive archive data in plaintext via lack of encryption at...
CVE-2025-10227 Lack of Encryption in Object Archive in AxxonSoft Axxon One (C-Werk) before 2.0.8
Missing Encryption of Sensitive Data CWE-311 in the Object Archive component in AxxonSoft Axxon One C-Werk before 2.0.8 on Windows and Linux allows a local attacker with access to exported storage or stolen physical drives to extract sensitive archive data in plaintext via lack of encryption at...
CVE-2025-10227 Lack of Encryption in Object Archive in AxxonSoft Axxon One (C-Werk) before 2.0.8
Missing Encryption of Sensitive Data CWE-311 in the Object Archive component in AxxonSoft Axxon One C-Werk before 2.0.8 on Windows and Linux allows a local attacker with access to exported storage or stolen physical drives to extract sensitive archive data in plaintext via lack of encryption at...
PT-2025-37046
Name of the Vulnerable Software and Affected Versions: AxxonSoft Axxon One versions prior to 2.0.8 Description: The Object Archive component in AxxonSoft Axxon One lacks encryption of sensitive data at rest. This allows a local attacker with access to exported storage or stolen physical drives to...
Cleartext Storage of Sensitive Information
Overview Affected versions of this package are vulnerable to Cleartext Storage of Sensitive Information via ignoreApplyConfigs. An attacker can access sensitive information, such as credentials or secrets, by retrieving unencrypted values through API calls if they have GET or LIST permissions on...
Rancher Fleet Helm Values are stored inside BundleDeployment in plain text
Impact A vulnerability has been identified when using Fleet to manage Helm charts where sensitive information is passed through BundleDeployment.Spec.Options.Helm.Values may be stored in plain text. This can result in: 1. Unauthorized disclosure of sensitive data: Any user with GET or LIST...
GHSA-6H9X-9J5V-7W9H Rancher Fleet Helm Values are stored inside BundleDeployment in plain text
Impact A vulnerability has been identified when using Fleet to manage Helm charts where sensitive information is passed through BundleDeployment.Spec.Options.Helm.Values may be stored in plain text. This can result in: 1. Unauthorized disclosure of sensitive data: Any user with GET or LIST...
PT-2025-35331
Name of the Vulnerable Software and Affected Versions SUSE Fleet versions prior to v0.14.0 SUSE Fleet version v0.13.1 SUSE Fleet version v0.12.6 SUSE Fleet version v0.11.10 Description A vulnerability exists in SUSE Fleet when managing Helm charts, where sensitive information passed through...