15 matches found
CVE-2026-35467
The stored API keys in temporary browser client is not marked as protected allowing for JavScript console or other errors to allow for extraction of the encryption credentials...
CVE-2025-60791
Easywork Enterprise 2.1.3.354 is vulnerable to Cleartext Storage of Sensitive Information in Memory. The application leaves valid device-bound license keys in process memory after a failed activation attempt. The keys can be obtained by attaching a debugger or analyzing the process/memory dump an...
CVE-2025-31727
Jenkins AsakusaSatellite Plugin 0.1.1 and earlier stores AsakusaSatellite API keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...
CVE-2024-47122
In the goTenna Pro App, the encryption keys are stored along with a static IV on the End User Device EUD. This allows for complete decryption of keys stored on the EUD if physically compromised. This allows an attacker to decrypt all encrypted broadcast communications based on encryption keys...
MAL-2023-8479 Malicious code in rb-seatlayout-canvas (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ab7073e8386662ab584a412e7d011050e505dea8df14c0e5273606bf0a823ae1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2023-41096 Keys Stored in Plaintext on Secure Vault High for Silabs Ember ZNet devices
Missing Encryption of Security Keys vulnerability in Silicon Labs Ember ZNet SDK on 32 bit, ARM SecureVault High modules allows potential modification or extraction of network credentials stored in flash. This issue affects Silicon Labs Ember ZNet SDK: 7.3.1 and earlier...
CVE-2023-41096 Keys Stored in Plaintext on Secure Vault High for Silabs Ember ZNet devices
Missing Encryption of Security Keys vulnerability in Silicon Labs Ember ZNet SDK on 32 bit, ARM SecureVault High modules allows potential modification or extraction of network credentials stored in flash. This issue affects Silicon Labs Ember ZNet SDK: 7.3.1 and earlier...
CVE-2023-41095 Keys Stored in Plaintext on Secure Vault High for Silabs OpenThread devices
Missing Encryption of Security Keys vulnerability in Silicon Labs OpenThread SDK on 32 bit, ARM SecureVault High modules allows potential modification or extraction of network credentials stored in flash. This issue affects Silicon Labs OpenThread SDK: 2.3.1 and earlier...
CVE-2023-41095 Keys Stored in Plaintext on Secure Vault High for Silabs OpenThread devices
Missing Encryption of Security Keys vulnerability in Silicon Labs OpenThread SDK on 32 bit, ARM SecureVault High modules allows potential modification or extraction of network credentials stored in flash. This issue affects Silicon Labs OpenThread SDK: 2.3.1 and earlier...
Jenkins Enterprise and Operations Center 2.346.x < 2.346.40.0.7 Multiple Vulnerabilities (CloudBees Security Advisory 2023-01-24)
The version of Jenkins Enterprise or Jenkins Operations Center running on the remote web server is 2.346.x prior to 2.346.40.0.7. It is, therefore, affected by multiple vulnerabilities including the following: - Sandbox bypass vulnerability in Script Security Plugin CVE-2023-24422 - CSRF...
MAL-2022-1753 Malicious code in c42-ui (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8027ca00119234627f73f0bfa8c651c14637dc4cc520be9342437d536aef2714 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-628 Malicious code in @tekion/fxt (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b072ce8d1ab8739f20ec212021ca563a085237a3af0bca1fe04c2db72996cd5a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-787 Malicious code in @xvideos/upgrade (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6c474e2ed6e2c8afebb5305bbf00f42d2a76f0dab2a64e93afe1ac96ca04b285 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Magento Multiple Vulnerabilities (Nov 2018)
Magento is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:magentocommerce:magento"; if...
Microsoft Windows: System Cryptography: Force strong key protection
This test checks the setting for policy OpenVAS Vulnerability Test $Id: winscstrongkeyprotect.nasl 11344 2018-09-12 06:57:52Z emoss $ Check value for System cryptography: Force strong key protection for user keys stored on the computer Authors: Emanuel Moss Copyright: Copyright c 2018 Greenbone...