CVE & CISA-KEV Catalog

362,600 CVEs1,630 actively exploited (KEV)AboutAPI
Active:
  • CVSS 5.9 v3·EPSS 0.1%·Fix available

    Guzzle is an extensible PHP HTTP client. Prior to 7.12.1, in certain configurations, traffic expected to be protected by TLS on the hop to the proxy is transmitted in cleartext. Proxy authentication credentials (the Proxy-Authorization header, proxy userinfo in the proxy URL, or CURLOPT_PROXYUSERPWD) are sent without encryption, and the CONNECT target host and port for tunneled HTTPS requests are exposed. The built-in cURL handlers (GuzzleHttp\Handler\CurlHandler and GuzzleHttp\Handler\CurlMultiHandler, used by default whenever the PHP cURL extension is available) accept an https:// proxy. libcurl older than 7.50.2 silently treats an https:// proxy as a plaintext http:// proxy. The TLS connection to the proxy is never established, and the proxy leg is cleartext with no error or warning. An

    Published 2026-06-23

  • CVSS 5.3 v3·EPSS 0.2%·Fix available

    Jenkins 2.567 and earlier, LTS 2.555.2 and earlier does not encrypt secrets from POST config.xml submissions before storing them in job configurations unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission, or access to the Jenkins controller file system.

    Published 2026-06-10

  • CVSS 7.5 v3·EPSS 16%·No fix yet

    Missing Encryption of Sensitive Data vulnerability in Apache Tomcat due to the fix for CVE-2026-29146 allowing the bypass of the EncryptInterceptor. This issue affects Apache Tomcat: 11.0.20, 10.1.53, 9.0.116. Users are recommended to upgrade to version 11.0.21, 10.1.54 or 9.0.117, which fix the issue.

    Published 2026-04-09

  • CVSS 7.5 v3·EPSS 0.1%·Fix available

    Antrea is a Kubernetes networking solution intended to be Kubernetes native. Prior to 2.4.5 and 2.5.2, a missing encryption vulnerability affects inter-Node Pod traffic. In Antrea clusters configured for dual-stack networking with IPsec encryption enabled (trafficEncryptionMode: ipsec), Antrea fails to apply encryption for IPv6 Pod traffic. While the IPv4 traffic is correctly encrypted via ESP (Encapsulating Security Payload), traffic using IPv6 is transmitted in plaintext. This occurs because the packets are encapsulated (using Geneve or VXLAN) but bypass the IPsec encryption layer. Impacted Users: users with dual-stack clusters and IPsec encryption enabled. Single-stack IPv4 or IPv6 clusters are not affected. This vulnerability is fixed in 2.4.5 and 2.5.2.

    Published 2026-04-06

  • CVSS 9.0 v3·EPSS 0.2%·No fix yet

    Anchorr is a Discord bot for requesting movies and TV shows and receiving notifications when items are added to a media server. Versions 1.4.1 and below contain a stored XSS vulnerability in the Jellyseerr user selector. Jellyseerr allows any account holder to execute arbitrary JavaScript in the Anchorr admin's browser session. The injected script calls the authenticated /api/config endpoint - which returns the full application configuration in plaintext. This allows the attacker to forge a valid Anchorr session token and gain full admin access to the dashboard with no knowledge of the admin password. The same response also exposes the API keys and tokens for every integrated service, resulting in simultaneous account takeover of the Jellyfin media server (via JELLYFIN_API_KEY), the Jellys

    Published 2026-03-20

  • CVSS 9.8 v3·EPSS 22%·Fix available

    Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.3, the /api/backup endpoint is accessible without authentication and discloses the encryption keys required to decrypt the backup in the X-Backup-Security response header. This allows an unauthenticated attacker to download a full system backup containing sensitive data (user credentials, session tokens, SSL private keys, Nginx configurations) and decrypt it immediately. This issue has been patched in version 2.3.3.

    Published 2026-03-05

  • CVSS 9.6 v3·EPSS 0.5%·Fix available

    A lack of authentication and authorization mechanisms in the Bluetooth Low Energy (BLE) communication protocol of SRK Powertech Pvt Ltd Pebble Prism Ultra v2.9.2 allows attackers to reverse engineer the protocol and execute arbitrary commands on the device without establishing a connection. This is exploitable over Bluetooth Low Energy (BLE) proximity (Adjacent), requiring no physical contact with the device. Furthermore, the vulnerability is not limited to arbitrary commands but includes cleartext data interception and unauthenticated firmware hijacking via OTA services.

    Published 2026-03-04

  • CVSS 6.5 v3·EPSS 0.1%·Fix available

    Some VX800v v1.0 web interface endpoints transmit sensitive information over unencrypted HTTP due to missing application layer encryption, allowing a network adjacent attacker to intercept this traffic and compromise its confidentiality.

    Published 2026-01-29

  • CVSS 7.4 v3·EPSS 0.3%·Fix available

    Typebot is an open-source chatbot builder. In versions prior to 3.13.2, client-side script execution in Typebot allows stealing all stored credentials from any user. When a victim previews a malicious typebot by clicking "Run", JavaScript executes in their browser and exfiltrates their OpenAI keys, Google Sheets tokens, and SMTP passwords. The `/api/trpc/credentials.getCredentials` endpoint returns plaintext API keys without verifying credential ownership. Version 3.13.2 fixes the issue.

    Published 2026-01-22

  • CVSS 4.6 v3·EPSS 0.1%·No fix yet

    A potential vulnerability was reported in some ThinkPlus USB drives that could allow a user with physical access to read data stored on the drive.

    Published 2026-01-14

  • CVSS 6.3 v3·EPSS 0.0%·No fix yet

    Exposure of Sensitive Information to an Unauthorized Actor, Missing Encryption of Sensitive Data, Files or Directories Accessible to External Parties vulnerability in Kings Information & Network Co. KESS Enterprise on Windows allows Privilege Escalation, Modify Existing Service, Modify Shared File.This issue affects KESS Enterprise: before *.25.9.19.exe

    Published 2025-12-29

  • CVSS -·EPSS 0.1%·No fix yet

    Encryption is missing on the configuration interface for Growatt ShineLan-X and MIC 3300TL-X. This allows an attacker with access to the network to intercept and potentially manipulate communication requests between the inverter and its cloud endpoint.

    Published 2025-12-13

  • CVSS 3.7 v3·EPSS 0.1%·Fix available

    When a user configures the NAS to retrieve UPS status or control the UPS, a non-enforced TLS certificate verification can allow an attacker able to intercept network traffic between the client and server can perform a man-in-the-middle (MITM) attack, which may obtain the sensitive information of the UPS server configuation. This issue affects ADM: from 4.1.0 through 4.3.3.RKD2, from 5.0.0 through 5.1.0.RN42.

    Published 2025-12-12

  • CVSS 4.6 v3·EPSS 0.1%·No fix yet

    The firmware on the basestation of the Meatmeet is not encrypted. An adversary with physical access to the Meatmeet device can disassemble the device, connect over UART, and retrieve the firmware dump for analysis. Within the NVS partition they may discover the credentials of the current and previous Wi-Fi networks. This information could be used to gain unauthorized access to the victim's Wi-Fi network.

    Published 2025-12-10

  • CVSS 4.3 v3·EPSS 0.2%·No fix yet

    Jenkins Curseforge Publisher Plugin 1.0 does not mask API Keys displayed on the job configuration form, increasing the potential for attackers to observe and capture them.

    Published 2025-10-29

  • CVSS 4.3 v3·EPSS 0.2%·No fix yet

    Jenkins Curseforge Publisher Plugin 1.0 stores API Keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission, or access to the Jenkins controller file system.

    Published 2025-10-29

  • CVSS 4.3 v3·EPSS 0.2%·No fix yet

    Jenkins ByteGuard Build Actions Plugin 1.0 does not mask API tokens displayed on the job configuration form, increasing the potential for attackers to observe and capture them.

    Published 2025-10-29

  • CVSS 4.3 v3·EPSS 0.2%·No fix yet

    Jenkins ByteGuard Build Actions Plugin 1.0 stores API tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission, or access to the Jenkins controller file system.

    Published 2025-10-29

  • CVSS 4.3 v3·EPSS 0.2%·No fix yet

    Jenkins OpenShift Pipeline Plugin 1.0.57 and earlier stores authorization tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission, or access to the Jenkins controller file system.

    Published 2025-10-29

  • CVSS 8.6 v3·EPSS 0.1%·No fix yet

    An insecure implementation of the proprietary protocol DNET in Product CGM MEDICO allows attackers within the intranet to eavesdrop and manipulate data on the protocol because encryption is optional for this connection.

    Published 2025-10-08

  • CVSS 3.7 v3·EPSS 0.1%·Fix available

    Dragonfly is an open source P2P-based file distribution and image acceleration system. Prior to 2.1.0, the code in the scheduler for downloading a tiny file is hard coded to use the HTTP protocol, rather than HTTPS. This means that an attacker could perform a Man-in-the-Middle attack, changing the network request so that a different piece of data gets downloaded. This vulnerability is fixed in 2.1.0.

    Published 2025-09-17

  • CVSS 4.6 v3·EPSS 0.1%·Fix available

    Missing Encryption of Sensitive Data (CWE-311) in the Object Archive component in AxxonSoft Axxon One (C-Werk) before 2.0.8 on Windows and Linux allows a local attacker with access to exported storage or stolen physical drives to extract sensitive archive data in plaintext via lack of encryption at rest.

    Published 2025-09-10

  • CVSS 5.3 v3·EPSS 0.1%·No fix yet

    HCL BigFix SM is affected by cryptographic weakness due to weak or outdated encryption algorithms. An attacker with network access could exploit this weakness to decrypt or manipulate encrypted communications under certain conditions.

    Published 2025-08-28

  • CVSS 7.1 v3·EPSS 0.1%·No fix yet

    Ambiguous wording in the web interface of the ctrlX OS setup mechanism could lead the user to believe that the backup file is encrypted when a password is set. However, only the private key - if available in the backup - is encrypted, while the backup file itself remains unencrypted.

    Published 2025-08-14

  • CVSS 4.8 v3·EPSS 0.1%·No fix yet

    A vulnerability has been identified in SmartClient modules Opcenter QL Home (SC) (All versions >= V13.2 < V2506), SOA Audit (All versions >= V13.2 < V2506), SOA Cockpit (All versions >= V13.2 < V2506). The affected application does not have adequate encryption of sensitive information. This could allow an authenticated attacker to gain access of sensitive information.

    Published 2025-08-12

  • CVSS 3.1 v3·EPSS 0.1%·No fix yet

    A vulnerability has been identified in SmartClient modules Opcenter QL Home (SC) (All versions >= V13.2 < V2506), SOA Audit (All versions >= V13.2 < V2506), SOA Cockpit (All versions >= V13.2 < V2506). The affected application do not encrypt the communication in LDAP interface by default. This could allow an authenticated attacker to gain unauthorized access to sensitive information.

    Published 2025-08-12

  • CVSS 3.7 v3·EPSS 0.1%·No fix yet

    A vulnerability was found in Ruijie EG306MG 3.0(1)B11P309. It has been rated as problematic. This issue affects some unknown processing of the file /etc/strongswan.conf of the component strongSwan. The manipulation of the argument i_dont_care_about_security_and_use_aggressive_mode_psk leads to missing encryption of sensitive data. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The vendor was contacted early about this disclosure but did not respond in any way.

    Published 2025-08-09

  • CVSS 7.0 v3·EPSS 0.2%·Fix available

    pyjwt v2.10.1 was discovered to contain weak encryption. NOTE: this is disputed by the Supplier because the key length is chosen by the application that uses the library (admittedly, library users may benefit from a minimum value and a mechanism for opting in to strict enforcement).

    Published 2025-07-31

  • CVSS 4.4 v3·EPSS 0.1%·Fix available

    A privacy issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.6. A sandboxed process may be able to circumvent sandbox restrictions.

    Published 2025-07-30

  • CVSS -·EPSS 0.1%·No fix yet

    Lack of sensitive data encryption in CapillaryScope v2.5.0 of Capillary io, which stores both the proxy credentials and the JWT session token in plain text within different registry keys on the Windows operating system. Any authenticated local user with read access to the registry can extract these sensitive values.

    Published 2025-07-24

  • CVSS 5.9 v3·EPSS 0.1%·No fix yet

    IBM Engineering Systems Design Rhapsody 9.0.2, 10.0, and 10.0.1 transmits sensitive information without encryption that could allow an attacker to obtain highly sensitive information.

    Published 2025-07-23

  • CVSS 5.9 v3·EPSS 0.2%·Fix available

    IBM Cognos Analytics Mobile (iOS) 1.1.0 through 1.1.22 could be vulnerable to information exposure due to the use of unencrypted network traffic.

    Published 2025-07-21

  • CVSS 6.5 v3·EPSS 0.2%·No fix yet

    Jenkins User1st uTester Plugin 1.1 and earlier stores the uTester JWT token unencrypted in its global configuration file on the Jenkins controller, where it can be viewed by users with access to the Jenkins controller file system.

    Published 2025-07-09

  • CVSS 6.5 v3·EPSS 0.2%·No fix yet

    Jenkins Xooa Plugin 0.0.7 and earlier stores the Xooa Deployment Token unencrypted in its global configuration file on the Jenkins controller, where it can be viewed by users with access to the Jenkins controller file system.

    Published 2025-07-09

  • CVSS 6.5 v3·EPSS 0.2%·No fix yet

    Jenkins Sensedia Api Platform tools Plugin 1.0 stores the Sensedia API Manager integration token unencrypted in its global configuration file on the Jenkins controller, where it can be viewed by users with access to the Jenkins controller file system.

    Published 2025-07-09

  • CVSS 6.5 v3·EPSS 0.2%·No fix yet

    Jenkins VAddy Plugin 1.2.8 and earlier stores Vaddy API Auth Keys unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system.

    Published 2025-07-09

  • CVSS 6.5 v3·EPSS 0.2%·No fix yet

    Jenkins Dead Man's Snitch Plugin 0.1 stores Dead Man's Snitch tokens unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system.

    Published 2025-07-09

  • CVSS 6.5 v3·EPSS 0.2%·No fix yet

    Jenkins IBM Cloud DevOps Plugin 2.0.16 and earlier stores SonarQube authentication tokens unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system.

    Published 2025-07-09

  • CVSS 6.5 v3·EPSS 0.2%·No fix yet

    Jenkins QMetry Test Management Plugin 1.13 and earlier stores Qmetry Automation API Keys unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system.

    Published 2025-07-09

  • CVSS 4.3 v3·EPSS 0.2%·No fix yet

    Jenkins Aqua Security Scanner Plugin 3.2.8 and earlier stores Scanner Tokens for Aqua API unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system.

    Published 2025-07-09

  • CVSS 7.5 v3·EPSS 0.2%·Fix available

    git-annex had a bug in the S3 and Glacier remotes where if embedcreds=yes was set, and the remote used encryption=pubkey or encryption=hybrid, the embedded AWS credentials were stored in the git repository in (effectively) plaintext, not encrypted as they were supposed to be. This issue affects git-annex: from 3.20121126 before 5.20140919.

    Published 2025-06-26

  • CVSS 5.7 v3·EPSS 0.1%·No fix yet

    An issue was discovered in the COROS application through 3.8.12 for Android. Bluetooth pairing and bonding is neither initiated nor enforced by the application itself. Also, the watch does not enforce pairing and bonding. As a result, any data transmitted via BLE remains unencrypted, allowing attackers within Bluetooth range to eavesdrop on the communication. Furthermore, even if a user manually initiates pairing and bonding in the Android settings, the application continues to transmit data without requiring the watch to be bonded. This fallback behavior enables attackers to exploit the communication, for example, by conducting an active machine-in-the-middle attack.

    Published 2025-06-20

  • CVSS 6.5 v3·EPSS 0.2%·No fix yet

    A vulnerability has been identified in SIRIUS 3RK3 Modular Safety System (MSS) (All versions), SIRIUS Safety Relays 3SK2 (All versions). The affected devices do not encrypt data in transit. An attacker with network access could eavesdrop the connection and retrieve sensitive information, including obfuscated safety passwords.

    Published 2025-05-13

  • CVSS -·EPSS 0.1%·No fix yet

    ToolHive is a utility designed to simplify the deployment and management of Model Context Protocol (MCP) servers. Due to the ordering of code used to start an MCP server container, versions of ToolHive prior to 0.0.33 inadvertently store secrets in the run config files which are used to restart stopped containers. This means that an attacker who has access to the home folder of the user who starts the MCP server can read secrets without needing access to the secrets store itself. This only applies to secrets which were used in containers whose run configs exist at a point in time - other secrets remaining inaccessible. ToolHive 0.0.33 fixes the issue. Some workarounds are available. Stop and delete any running MCP servers, or manually remove any runconfigs from `$HOME/Library/Application S

    Published 2025-05-12

  • CVSS 6.5 v3·EPSS 0.2%·No fix yet

    IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.36 iFix1, 2.3.3.6 iFix2, 2.3.3.7, 2.3.3.7 iFix1, 2.3.4.0, and 2.3.4.1 stores sensitive data in memory, that could be obtained by an unauthorized user.

    Published 2025-03-27

  • CVSS 8.1 v3·EPSS 0.2%·No fix yet

    Insecure Shiro cookie configurations in OpenDaylight Service Function Chaining (SFC) Subproject SFC Sodium-SR4 and below allow attackers to access sensitive information via a man-in-the-middle attack.

    Published 2025-03-24

  • CVSS -·EPSS 0.1%·No fix yet

    The Temporal api-go library prior to version 1.44.1 did not send `update response` information to Data Converter when the proxy package within the api-go module was used in a gRPC proxy prior to transmission. This resulted in information contained within the `update response` field not having Data Converter transformations (e.g. encryption) applied. This is an issue only when using the UpdateWorkflowExecution APIs (released on 13th January 2025) with a proxy leveraging the api-go library before version 1.44.1. Other data fields were correctly sent to Data Converter. This issue does not impact the Data Converter server. Data was encrypted in transit. Temporal Cloud services are not impacted.

    Published 2025-02-12

  • CVSS 5.9 v3·EPSS 0.2%·Fix available

    IBM Storage Defender 2.0.0 through 2.0.7 on-prem defender-sensor-cmd CLI could allow a remote attacker to obtain sensitive information, caused by sending network requests over an insecure channel. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques.

    Published 2025-01-27

  • CVSS 5.9 v3·EPSS 0.3%·No fix yet

    IBM Concert Software 1.0.0 and 1.0.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques.

    Published 2025-01-24

  • CVSS 4.6 v3·EPSS 0.1%·No fix yet

    On Arista CloudVision Appliance (CVA) affected releases running on appliances that support hardware disk encryption (DCA-350E-CV only), the disk encryption might not be successfully performed. This results in the disks remaining unsecured and data on them

    Published 2025-01-10

Uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog.