Lucene search
K

137 matches found

OSV
OSV
added 2025/11/24 3:30 p.m.3 views

GHSA-JQG8-M35Q-JH7J Apache Syncope's AES encryption stores hard-coded passwords in internal database

Apache Syncope can be configured to store the user password values in the internal database with AES encryption, though this is not the default option. When AES is configured, the default key value, hard-coded in the source code, is always used. This allows a malicious attacker, once obtained...

7.5CVSS6.7AI score0.00448EPSS
Exploits0References6
CVE
CVE
added 2025/11/24 1:47 p.m.42 views

CVE-2025-65998

CVE-2025-65998 affects Apache Syncope where storing user passwords in the internal database with AES can expose cleartext passwords if the AES key is hard-coded in the source. The issue occurs when the AES option is enabled; the default key value is always used, enabling an attacker with internal...

7.5CVSS6.4AI score0.00448EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2025/10/08 2:15 p.m.3 views

CVE-2025-60830

redragon-erp v1.0 was discovered to contain a Shiro deserialization vulnerability caused by the default Shiro key...

6.5CVSS5.8AI score0.00334EPSS
Exploits1References2
NVD
NVD
added 2025/10/08 2:15 p.m.20 views

CVE-2025-60830

redragon-erp v1.0 was discovered to contain a Shiro deserialization vulnerability caused by the default Shiro key...

6.5CVSS0.00334EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/10/08 12:0 a.m.9 views

CVE-2025-60830

redragon-erp v1.0 was discovered to contain a Shiro deserialization vulnerability caused by the default Shiro key...

0.00334EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/10/08 12:0 a.m.4 views

CVE-2025-60830

redragon-erp v1.0 was discovered to contain a Shiro deserialization vulnerability caused by the default Shiro key...

7AI score0.00334EPSS
Exploits1References2
CVE
CVE
added 2025/10/08 12:0 a.m.14 views

CVE-2025-60830

The CVE-2025-60830 entry affects redragon-erp v1.0, where a Shiro deserialization vulnerability arises from the default Shiro key. The issue enables deserialization-based impact on the application as described in multiple sources (Red Hat, NVD, CNNVD), with impact: partial integrity and low avail...

6.5CVSS7AI score0.00334EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2025/10/08 12:0 a.m.9 views

PT-2025-41265

Name of the Vulnerable Software and Affected Versions redragon-erp version 1.0 Description The software contains a Shiro deserialization issue stemming from the use of a default Shiro key. This could allow for unauthorized access or control of the system. Recommendations Replace the default Shiro...

6.5CVSS6.7AI score0.00334EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2016-6284

Malware in sbrugna...

9.8CVSS9.4AI score0.02509EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2021-27986

Malicious code in bioql PyPI...

8.6CVSS8.6AI score0.01089EPSS
Exploits0References2
CVE
CVE
added 2025/09/09 6:52 p.m.12 views

CVE-2025-55049

CVE-2025-55049: Use of a default cryptographic key (CWE-1394) with a root cause of hard-coded/public key in affected components. Concrete detail in sources identifies Baicells NEUTRINO430 LTE base stations as affected; other entries confirm the vulnerability name. Exploitation status is not provi...

9.1CVSS6.5AI score0.00276EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/09/04 8:31 p.m.11 views

CVE-2025-8300

Realtek rtl81xx SDK Wi-Fi Driver rtwlanu Heap-based Buffer Overflow Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Realtek rtl81xx SDK Wi-Fi driver. An attacker must first obtain the ability to execute...

8.8CVSS7.7AI score0.00137EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/09/04 8:31 p.m.17 views

CVE-2025-8302

Realtek rtl81xx SDK Wi-Fi Driver rtwlanu Heap-based Buffer Overflow Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Realtek rtl81xx SDK Wi-Fi driver. An attacker must first obtain the ability to execute...

8.8CVSS7.7AI score0.00137EPSS
Exploits0References1
OSV
OSV
added 2025/09/02 8:15 p.m.2 views

CVE-2025-8302

Realtek rtl81xx SDK Wi-Fi Driver rtwlanu Heap-based Buffer Overflow Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Realtek rtl81xx SDK Wi-Fi driver. An attacker must first obtain the ability to execute...

8.8CVSS6.2AI score0.00137EPSS
Exploits0References1
NVD
NVD
added 2025/09/02 8:15 p.m.5 views

CVE-2025-8302

Realtek rtl81xx SDK Wi-Fi Driver rtwlanu Heap-based Buffer Overflow Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Realtek rtl81xx SDK Wi-Fi driver. An attacker must first obtain the ability to execute...

8.8CVSS0.00137EPSS
Exploits0References1
CVE
CVE
added 2025/09/02 8:2 p.m.22 views

CVE-2025-8300

Realtek rtl81xx SDK Wi‑Fi Driver rtwlanu vulnerability (CVE-2025-8300): a heap-based overflow in N6CSet_DOT11_CIPHER_DEFAULT_KEY due to inadequate validation of user data length, enabling local privilege escalation to SYSTEM after an attacker gains low-privilege code execution. Affected component...

8.8CVSS7.1AI score0.00137EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/09/02 8:2 p.m.27 views

CVE-2025-8300 Realtek rtl81xx SDK Wi-Fi Driver rtwlanu Heap-based Buffer Overflow Local Privilege Escalation Vulnerability

Realtek rtl81xx SDK Wi-Fi Driver rtwlanu Heap-based Buffer Overflow Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Realtek rtl81xx SDK Wi-Fi driver. An attacker must first obtain the ability to execute...

8.8CVSS0.00137EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/09/02 12:0 a.m.5 views

PT-2025-35610

Name of the Vulnerable Software and Affected Versions: Realtek rtl81xx SDK Wi-Fi Driver rtwlanu affected versions not specified Description: This issue allows local attackers to escalate privileges on affected installations of Realtek rtl81xx SDK Wi-Fi driver. An attacker must first obtain the...

8.8CVSS8.7AI score0.00137EPSS
Exploits0References7
Zero Day Initiative
Zero Day Initiative
added 2025/09/02 12:0 a.m.9 views

Realtek RTL8811AU rtwlanu.sys N6CSet_DOT11_CIPHER_DEFAULT_KEY Heap-based Buffer Overflow Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Realtek RTL8811AU drivers. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...

7.8CVSS7.6AI score0.00137EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2025/09/02 12:0 a.m.7 views

Realtek rtl81xx SDK Wi-Fi Driver rtwlanu Heap-based Buffer Overflow Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Realtek rtl81xx SDK Wi-Fi driver. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...

8.8CVSS7.6AI score0.00137EPSS
Exploits0References1
Rows per page
Query Builder