CVE-2026-39349 OrangeHRM Uses AES-ECB for Sensitive Data Encryption Enables Pattern Disclosure

OrangeHRM is a comprehensive human resource management HRM system. From 5.0 to 5.8, OrangeHRM Open Source encrypts certain sensitive fields with AES in ECB mode, which preserves block-aligned plaintext patterns in ciphertext and enables pattern disclosure against stored data. This vulnerability i...

Siemens SIMATIC S7-1500 Missing Encryption of Sensitive Data (CVE-2019-1010023)

DISPUTED GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE...

EUVD-2020-25339

Malware in sbrugna...

EUVD-2025-22510

Malicious code in bioql PyPI...

EUVD-2022-15387

Malicious code in bioql PyPI...

EUVD-2024-31242

Malicious code in bioql PyPI...

CVE-2025-40680

Lack of sensitive data encryption in CapillaryScope v2.5.0 of Capillary io, which stores both the proxy credentials and the JWT session token in plain text within different registry keys on the Windows operating system. Any authenticated local user with read access to the registry can extract the...

PT-2025-30662 · Microsoft +1 · Windows +1

Name of the Vulnerable Software and Affected Versions: CapillaryScope version 2.5.0 Description: The software lacks sensitive data encryption, storing proxy credentials and the JWT session token in plain text within Windows registry keys. Any authenticated local user with read access to the...

CVE-2024-7396

Missing encryption of sensitive data in Korenix JetPort 5601v3 allows Eavesdropping.This issue affects JetPort 5601v3: through 1.2...

CVE-2021-37050

There is a Missing sensitive data encryption vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may affect service confidentiality...

CVE-2025-24849

Lack of encryption in transit for cloud infrastructure facilitating potential for sensitive data manipulation or exposure...

Siemens SIMATIC S7-1500 TM MFP BIOS Missing Encryption of Sensitive Data (CVE-2022-21233)

Improper isolation of shared resources in some IntelR Processors may allow a privileged user to potentially enable information disclosure via local access. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C...

CVE-2023-41964

The BIG-IP and BIG-IQ systems do not encrypt some sensitive information written to Database DB variables. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2021-37050

CVE-2021-37050 corresponds to a Huawei HarmonyOS encryption issue where a component fails to properly encrypt data, potentially affecting service confidentiality. The connected sources (CNVD/CNNVD/CVELIST/NVD entries) describe a memory of an encryption vulnerability in Huawei HarmonyOS affecting ...

Schneider Electric Modicon M221 Programmable Logic Controller

1. EXECUTIVE SUMMARY CVSS v3 7.1 ATTENTION: Exploitable from an adjacent network Vendor: Schneider Electric Equipment: Modicon M221 Programmable Logic Controller Vulnerabilities: Inadequate Encryption Strength, Small Space of Random Values, Missing Encryption of Sensitive Data, Exposure of...

CVE-2020-5248

GLPI before before version 9.4.6 has a vulnerability involving a default encryption key. GLPIKEY is public and is used on every instance. This means anyone can decrypt sensitive data stored using this key. It is possible to change the key before installing GLPI. But on existing instances, data mu...