Skip to main content
CVE-2025-30258 LOW POC Monitor

In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify. Rated low severity (CVSS 2.7), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Gnupg
NVD
CVSS 3.1
2.7
EPSS
0.0%
CVE-2025-30235 LOW Monitor

Shearwater SecurEnvoy SecurAccess Enrol before 9.4.515 is intended to disable accounts that have had more than 10 failed authentication attempts, but instead allows hundreds of failed authentication. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Race Condition
NVD
CVSS 3.1
3.5
EPSS
0.1%
CVE-2025-30197 LOW PATCH Monitor

Jenkins Zoho QEngine Plugin 1.0.29.vfa_cc23396502 and earlier does not mask the QEngine API Key form field, increasing the potential for attackers to observe and capture it. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Jenkins Zoho Qengine
NVD
CVSS 3.1
3.1
EPSS
0.0%
CVE-2024-42176 LOW Monitor

HCL MyXalytics is affected by concurrent login vulnerability. Rated low severity (CVSS 2.6), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Dryice Myxalytics
NVD
CVSS 3.1
2.6
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy