137 matches found
GHSA-JQG8-M35Q-JH7J Apache Syncope's AES encryption stores hard-coded passwords in internal database
Apache Syncope can be configured to store the user password values in the internal database with AES encryption, though this is not the default option. When AES is configured, the default key value, hard-coded in the source code, is always used. This allows a malicious attacker, once obtained...
CVE-2025-65998
CVE-2025-65998 affects Apache Syncope where storing user passwords in the internal database with AES can expose cleartext passwords if the AES key is hard-coded in the source. The issue occurs when the AES option is enabled; the default key value is always used, enabling an attacker with internal...
CVE-2025-60830
redragon-erp v1.0 was discovered to contain a Shiro deserialization vulnerability caused by the default Shiro key...
CVE-2025-60830
redragon-erp v1.0 was discovered to contain a Shiro deserialization vulnerability caused by the default Shiro key...
CVE-2025-60830
redragon-erp v1.0 was discovered to contain a Shiro deserialization vulnerability caused by the default Shiro key...
CVE-2025-60830
redragon-erp v1.0 was discovered to contain a Shiro deserialization vulnerability caused by the default Shiro key...
CVE-2025-60830
The CVE-2025-60830 entry affects redragon-erp v1.0, where a Shiro deserialization vulnerability arises from the default Shiro key. The issue enables deserialization-based impact on the application as described in multiple sources (Red Hat, NVD, CNNVD), with impact: partial integrity and low avail...
PT-2025-41265
Name of the Vulnerable Software and Affected Versions redragon-erp version 1.0 Description The software contains a Shiro deserialization issue stemming from the use of a default Shiro key. This could allow for unauthorized access or control of the system. Recommendations Replace the default Shiro...
EUVD-2016-6284
Malware in sbrugna...
EUVD-2021-27986
Malicious code in bioql PyPI...
CVE-2025-55049
CVE-2025-55049: Use of a default cryptographic key (CWE-1394) with a root cause of hard-coded/public key in affected components. Concrete detail in sources identifies Baicells NEUTRINO430 LTE base stations as affected; other entries confirm the vulnerability name. Exploitation status is not provi...
CVE-2025-8300
Realtek rtl81xx SDK Wi-Fi Driver rtwlanu Heap-based Buffer Overflow Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Realtek rtl81xx SDK Wi-Fi driver. An attacker must first obtain the ability to execute...
CVE-2025-8302
Realtek rtl81xx SDK Wi-Fi Driver rtwlanu Heap-based Buffer Overflow Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Realtek rtl81xx SDK Wi-Fi driver. An attacker must first obtain the ability to execute...
CVE-2025-8302
Realtek rtl81xx SDK Wi-Fi Driver rtwlanu Heap-based Buffer Overflow Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Realtek rtl81xx SDK Wi-Fi driver. An attacker must first obtain the ability to execute...
CVE-2025-8302
Realtek rtl81xx SDK Wi-Fi Driver rtwlanu Heap-based Buffer Overflow Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Realtek rtl81xx SDK Wi-Fi driver. An attacker must first obtain the ability to execute...
CVE-2025-8300
Realtek rtl81xx SDK Wi‑Fi Driver rtwlanu vulnerability (CVE-2025-8300): a heap-based overflow in N6CSet_DOT11_CIPHER_DEFAULT_KEY due to inadequate validation of user data length, enabling local privilege escalation to SYSTEM after an attacker gains low-privilege code execution. Affected component...
CVE-2025-8300 Realtek rtl81xx SDK Wi-Fi Driver rtwlanu Heap-based Buffer Overflow Local Privilege Escalation Vulnerability
Realtek rtl81xx SDK Wi-Fi Driver rtwlanu Heap-based Buffer Overflow Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Realtek rtl81xx SDK Wi-Fi driver. An attacker must first obtain the ability to execute...
PT-2025-35610
Name of the Vulnerable Software and Affected Versions: Realtek rtl81xx SDK Wi-Fi Driver rtwlanu affected versions not specified Description: This issue allows local attackers to escalate privileges on affected installations of Realtek rtl81xx SDK Wi-Fi driver. An attacker must first obtain the...
Realtek RTL8811AU rtwlanu.sys N6CSet_DOT11_CIPHER_DEFAULT_KEY Heap-based Buffer Overflow Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Realtek RTL8811AU drivers. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...
Realtek rtl81xx SDK Wi-Fi Driver rtwlanu Heap-based Buffer Overflow Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Realtek rtl81xx SDK Wi-Fi driver. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...