CVE-2026-7807 SmarterTools SmarterMail < Build 9560 Server Local File Inclusion via the /api/v1/report/summary/{type} API

SmarterTools SmarterMail builds prior to 9560 contain a local file inclusion vulnerability in the /api/v1/report/summary/type API endpoint that allows authenticated users to read arbitrary .json files on the system. Attackers can exploit this vulnerability combined with weak encryption algorithms...

PT-2026-39193

Name of the Vulnerable Software and Affected Versions SmarterTools SmarterMail versions prior to 9560 Description An issue in the '/api/v1/report/summary/type' API endpoint allows authenticated users to perform local file inclusion, enabling the reading of arbitrary .json files on the system. Thi...

CVE-2026-25601

A vulnerability was identified in MEPIS RM, an industrial software product developed by Metronik. The application contained a hardcoded cryptographic key within the Mx.Web.ComponentModel.dll component. When the option to store domain passwords was enabled, this key was used to encrypt user...

CVE-2026-25601

A vulnerability was identified in MEPIS RM, an industrial software product developed by Metronik. The application contained a hardcoded cryptographic key within the Mx.Web.ComponentModel.dll component. When the option to store domain passwords was enabled, this key was used to encrypt user...

CVE-2019-16208

Password-based encryption PBE algorithm, of Brocade SANnav versions before v2.0, has a weakness in generating cryptographic keys that may allow an attacker to decrypt passwords used with several services Radius, TACAS, etc...

EUVD-1999-1085

Malware in sbrugna...

EUVD-2000-0249

Malware in sbrugna...

CVE-2025-52374

Use of hardcoded cryptographic key in Encryption.cs in hMailServer 5.8.6 and 5.6.9-beta allows attacker to decrypt passwords to other servers from hMailAdmin.exe.config file to access other hMailServer admin consoles with configured connections...

CVE-2025-52373

Use of hardcoded cryptographic key in BlowFish.cpp in hMailServer 5.8.6 and 5.6.9-beta allows attacker to decrypt passwords used in database connections from hMailServer.ini config file...

CVE-2025-52373

Use of hardcoded cryptographic key in BlowFish.cpp in hMailServer 5.8.6 and 5.6.9-beta allows attacker to decrypt passwords used in database connections from hMailServer.ini config file...

PT-2025-5976 · Audiocodes · Audiocodes One Voice Operations Center

Name of the Vulnerable Software and Affected Versions: AudioCodes One Voice Operations Center OVOC versions prior to 8.4.582 Description: An issue was discovered due to the use of a hard-coded key, allowing an attacker to decrypt sensitive data, such as passwords extracted from the topology file...

Yealink Meeting Server 安全漏洞

Yealink YeaLink Meeting Server is a distributed cloud video conferencing infrastructure from China Yealink Yealink. A security vulnerability exists in Yealink Meeting Server versions prior to V26.0.0.67, which originates from allowing an attacker to obtain static key information from a front-end ...

CVE-2023-49256 Predictable encryption passphrase used in publicly accessible configuration file

It is possible to download the configuration backup without authorization and decrypt included passwords using hardcoded static key...

Hongdian Router H8951-4G-ESP Security Vulnerability

The Hongdian Router H8951-4G-ESP is a wireless router from China Hongdian. A security vulnerability exists in versions prior to Hongdian Router H8951-4G-ESP 2310271149, which originates from the ability to unauthorizedly download a configuration backup and decrypt the contained passwords using a...

CVE-2023-6105

An information disclosure vulnerability exists in multiple ManageEngine products that can result in encryption keys being exposed. A low-privileged OS user with access to the host where an affected ManageEngine product is installed can view and use the exposed key to decrypt product database...

CVE-2023-3404

The ProfileGrid plugin for WordPress is vulnerable to unauthorized decryption of private information in versions up to, and including, 5.5.0. This is due to the passphrase and iv being hardcoded in the 'pmencryptdecryptpass' function and used across all sites running the plugin. This makes it...

CVE-2023-37858

In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 an authenticated, remote attacker with admin privileges is able to read hardcoded cryptographic keys allowing to decrypt an encrypted web application login password...

Design/Logic Flaw

Iagona ScrutisWeb versions 2.1.37 and prior are vulnerable to a cryptographic vulnerability that could allow an unauthenticated user to decrypt encrypted passwords into plaintext...

Iagona ScrutisWeb 信任管理问题漏洞

Iagona ScrutisWeb is a security solution from the French company Iagona. A security vulnerability exists in Iagona ScrutisWeb version 2.1.37 and earlier versions. An attacker exploited the vulnerability to decrypt encrypted passwords into plaintext...

GE Digital Proficy Historian 加密问题漏洞

GE Digital Proficy Historian is a powerful tool with storage analysis and data collection capabilities from GE Digital. A security vulnerability exists in GE Digital Proficy Historian version 7.0 and later. An attacker could exploit the vulnerability to decrypt sensitive data, such as usernames a...