CVEs classified under CWE-549, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (9)
CVE-2025-42904 — CVSS 6.5 (medium): Due to an Information Disclosure vulnerability in Application Server ABAP, an authenticated attacker could read unmasked values displayed…
CVE-2025-31728 — CVSS 5.5 (medium): Jenkins AsakusaSatellite Plugin 0.1.1 and earlier does not mask AsakusaSatellite API keys displayed on the job configuration form…
CVE-2025-31727 — CVSS 5.5 (medium): Jenkins AsakusaSatellite Plugin 0.1.1 and earlier stores AsakusaSatellite API keys unencrypted in job config.xml files on the Jenkins…
CVE-2025-13175: Y Soft SafeQ 6 renders the Workflow Connector password field in a way that allows an administrator with UI access to reveal the value using…
CVE-2026-3314 — CVSS 4.6 (medium): Missing password field masking vulnerability in Hitachi Ops Center Analyzer (Hitachi Ops Center Analyzer detail view, Hitachi Ops Center…
CVE-2025-64170 — CVSS 3.8 (low): sudo-rs is a memory safe implementation of sudo and su written in Rust. Starting in version 0.2.7 and prior to version 0.2.10, if a user…
CVE-2025-30197 — CVSS 3.1 (low): Jenkins Zoho QEngine Plugin 1.0.29.vfa_cc23396502 and earlier does not mask the QEngine API Key form field, increasing the potential for…
CVE-2024-10122 — CVSS 2.7 (low): A vulnerability was found in Topdata Inner Rep Plus WebServer 2.01. It has been classified as problematic. Affected is an unknown function…
CVE-2025-0148 — CVSS 2.6 (low): Missing password field masking in the Zoom Jenkins Marketplace plugin before version 1.6 may allow an unauthenticated user to conduct a…