Lucene search
K

48 matches found

NVD
NVD
added 6 days ago5 views

CVE-2026-7874

IBM Langflow OSS 1.0.0 through 1.10.0 Langflow could allow disclosure of all stored credentials due to the use of a weak and reversible key derivation mechanism for encryption at rest...

9.1CVSS0.00164EPSS
Exploits0References1
EUVD
EUVD
added 6 days ago6 views

EUVD-2026-40380

IBM Langflow OSS 1.0.0 through 1.10.0 Langflow could allow disclosure of all stored credentials due to the use of a weak and reversible key derivation mechanism for encryption at rest...

9.1CVSS5.8AI score0.00164EPSS
Exploits0References1
CVE
CVE
added 6 days ago18 views

CVE-2026-7874

CVE-2026-7874 affects IBM Langflow OSS 1.0.0–1.10.0. The root cause is a weak and reversible key derivation mechanism used for at-rest encryption, which could allow an attacker to disclose all stored credentials (API keys, database passwords, OAuth tokens) if the encryption keys are compromised o...

9.1CVSS5.8AI score0.00164EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 6 days ago7 views

PT-2026-53950

Name of the Vulnerable Software and Affected Versions IBM Langflow OSS versions 1.0.0 through 1.10.0 Description Langflow uses a weak and reversible key derivation mechanism for encryption at rest, which could lead to the disclosure of all stored credentials. Recommendations At the moment, there ...

9.1CVSS5.9AI score0.00164EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.11 views

PT-2026-52914

Name of the Vulnerable Software and Affected Versions OpenProject versions prior to 17.3.3 OpenProject versions prior to 17.4.1 Description The Storages module writes the OneDrive/SharePoint userless OAuth access token in plaintext to the Rails.cache using the deterministic key storage..httpx...

8.2CVSS5.8AI score0.00129EPSS
Exploits0References3
Packet Storm News
Packet Storm News
added 2026/03/09 12:0 a.m.5 views

Lockbox -- a Zero Trust Architecture for Secure Processing of Sensitive Cloud Workloads

Enterprises increasingly rely on cloud-based applications to process highly sensitive data artifacts. Although cloud adoption improves agility and scalability, it also introduces new security challenges such as expanded attack surfaces, a wider radius of attack from credential compromise, and...

6AI score
Exploits0
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2019-8534

Malware in sbrugna...

8.1CVSS8AI score0.00434EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2019-8527

Malware in sbrugna...

7.5CVSS7.5AI score0.00603EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2021-19561

Malware in sbrugna...

5.5CVSS5.3AI score0.00239EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-28142

Malicious code in bioql PyPI...

6CVSS6.5AI score0.00087EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2021-28235

Malicious code in bioql PyPI...

4.6CVSS5AI score0.00169EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/09/12 1:20 p.m.7 views

CVE-2025-10227

Missing Encryption of Sensitive Data CWE-311 in the Object Archive component in AxxonSoft Axxon One C-Werk before 2.0.8 on Windows and Linux allows a local attacker with access to exported storage or stolen physical drives to extract sensitive archive data in plaintext via lack of encryption at...

5.1CVSS6.3AI score0.00071EPSS
Exploits0References1
OSV
OSV
added 2025/09/10 1:15 p.m.6 views

CVE-2025-10227

Missing Encryption of Sensitive Data CWE-311 in the Object Archive component in AxxonSoft Axxon One C-Werk before 2.0.8 on Windows and Linux allows a local attacker with access to exported storage or stolen physical drives to extract sensitive archive data in plaintext via lack of encryption at...

4.6CVSS5.4AI score0.00071EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/09/10 12:39 p.m.7 views

CVE-2025-10227 Lack of Encryption in Object Archive in AxxonSoft Axxon One (C-Werk) before 2.0.8

Missing Encryption of Sensitive Data CWE-311 in the Object Archive component in AxxonSoft Axxon One C-Werk before 2.0.8 on Windows and Linux allows a local attacker with access to exported storage or stolen physical drives to extract sensitive archive data in plaintext via lack of encryption at...

5.1CVSS0.00071EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/09/10 12:39 p.m.3 views

CVE-2025-10227 Lack of Encryption in Object Archive in AxxonSoft Axxon One (C-Werk) before 2.0.8

Missing Encryption of Sensitive Data CWE-311 in the Object Archive component in AxxonSoft Axxon One C-Werk before 2.0.8 on Windows and Linux allows a local attacker with access to exported storage or stolen physical drives to extract sensitive archive data in plaintext via lack of encryption at...

5.1CVSS5.9AI score0.00071EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/09/10 12:0 a.m.6 views

PT-2025-37046

Name of the Vulnerable Software and Affected Versions: AxxonSoft Axxon One versions prior to 2.0.8 Description: The Object Archive component in AxxonSoft Axxon One lacks encryption of sensitive data at rest. This allows a local attacker with access to exported storage or stolen physical drives to...

5.1CVSS5.8AI score0.00071EPSS
Exploits0References8
Snyk
Snyk
added 2025/08/29 8:31 p.m.2 views

Cleartext Storage of Sensitive Information

Overview Affected versions of this package are vulnerable to Cleartext Storage of Sensitive Information via ignoreApplyConfigs. An attacker can access sensitive information, such as credentials or secrets, by retrieving unencrypted values through API calls if they have GET or LIST permissions on...

8.3CVSS6.9AI score0.00217EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2025/08/29 8:31 p.m.9 views

Rancher Fleet Helm Values are stored inside BundleDeployment in plain text

Impact A vulnerability has been identified when using Fleet to manage Helm charts where sensitive information is passed through BundleDeployment.Spec.Options.Helm.Values may be stored in plain text. This can result in: 1. Unauthorized disclosure of sensitive data: Any user with GET or LIST...

7.7CVSS6.3AI score0.00217EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2025/08/29 8:31 p.m.3 views

GHSA-6H9X-9J5V-7W9H Rancher Fleet Helm Values are stored inside BundleDeployment in plain text

Impact A vulnerability has been identified when using Fleet to manage Helm charts where sensitive information is passed through BundleDeployment.Spec.Options.Helm.Values may be stored in plain text. This can result in: 1. Unauthorized disclosure of sensitive data: Any user with GET or LIST...

7.7CVSS6.3AI score0.00217EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/08/29 12:0 a.m.4 views

PT-2025-35331

Name of the Vulnerable Software and Affected Versions SUSE Fleet versions prior to v0.14.0 SUSE Fleet version v0.13.1 SUSE Fleet version v0.12.6 SUSE Fleet version v0.11.10 Description A vulnerability exists in SUSE Fleet when managing Helm charts, where sensitive information passed through...

9.9CVSS6.1AI score0.10543EPSS
Exploits21References58
Rows per page
Query Builder