Vulnerabilities > Missing Encryption of Sensitive Data
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-03-18 | CVE-2024-23942 | A local user may find a configuration file on the client workstation with unencrypted sensitive data. | 7.1 |
| 2025-01-27 | CVE-2024-38325 | IBM Storage Defender 2.0.0 through 2.0.7 on-prem defender-sensor-cmd CLI could allow a remote attacker to obtain sensitive information, caused by sending network requests over an insecure channel. | 5.9 |
| 2025-01-24 | CVE-2024-41757 | Missing Encryption of Sensitive Data vulnerability in IBM Concert Software 1.0.0/1.0.1 IBM Concert Software 1.0.0 and 1.0.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. | 5.9 |
| 2024-10-10 | CVE-2024-47871 | Missing Encryption of Sensitive Data vulnerability in Gradio Project Gradio Gradio is an open-source Python package designed for quick prototyping. | 9.1 |
| 2024-10-02 | CVE-2024-20515 | Missing Encryption of Sensitive Data vulnerability in Cisco Identity Services Engine A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to obtain sensitive information from an affected device. This vulnerability is due to a lack of proper data protection mechanisms for certain configuration settings. | 6.5 |
| 2024-09-26 | CVE-2023-52948 | Missing Encryption of Sensitive Data vulnerability in Synology Active Backup for Business Agent Missing encryption of sensitive data vulnerability in settings functionality in Synology Active Backup for Business Agent before 2.7.0-3221 allows local users to obtain user credential via unspecified vectors. | 5.0 |
| 2024-09-26 | CVE-2023-52950 | Missing Encryption of Sensitive Data vulnerability in Synology Active Backup for Business Agent Missing encryption of sensitive data vulnerability in login component in Synology Active Backup for Business Agent before 2.7.0-3221 allows adjacent man-in-the-middle attackers to obtain user credential via unspecified vectors. | 5.3 |
| 2024-09-04 | CVE-2024-20503 | Missing Encryption of Sensitive Data vulnerability in Cisco DUO Authentication for Epic A vulnerability in Cisco Duo Epic for Hyperdrive could allow an authenticated, local attacker to view sensitive information in cleartext on an affected system. This vulnerability is due to improper storage of an unencrypted registry key. | 5.5 |
| 2024-08-22 | CVE-2024-39746 | Missing Encryption of Sensitive Data vulnerability in IBM Sterling Connect Direct web Services IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. | 5.9 |
| 2024-08-19 | CVE-2024-42657 | Missing Encryption of Sensitive Data vulnerability in Nepstech Ntpl-Xpon1Gfevn Firmware 1.0 An issue in wishnet Nepstech Wifi Router NTPL-XPON1GFEVN v1.0 allows a remote attacker to obtain sensitive information via the lack of encryption during login process | 7.5 |