CVE-2019-12813

An issue was discovered in Digital Persona U.are.U 4500 Fingerprint Reader v24. The key and salt used for obfuscating the fingerprint image exhibit cleartext when the fingerprint scanner device transfers a fingerprint image to the driver. An attacker who sniffs an encrypted fingerprint image can...

CVE-2019-13022

Bond JetSelect all versions has an issue in the Java class ENCtool.jar and corresponding password generation algorithm used to set initial passwords upon first installation. It XORs the plaintext into the 'encrypted' password that is then stored within the database. These steps are able to be...

CVE-2019-17529

An issue was discovered in Bento4 1.5.1.0. There is a heap-based buffer over-read in AP4CencSampleEncryption::DoInspectFields in Core/Ap4CommonEncryption.cpp when called from AP4Atom::Inspect in Core/Ap4Atom.cpp...

CVE-2025-3480 MedDream WEB DICOM Viewer Cleartext Transmission of Credentials Information Disclosure Vulnerability

MedDream WEB DICOM Viewer Cleartext Transmission of Credentials Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of MedDream WEB DICOM Viewer. Authentication is not required to exploit this...

Exploit for Missing Authentication for Critical Function in Paloaltonetworks Pan-Os

PanOsExploitMultitool Exploitation and Post-Exploitation Multi...

IBM Security QRadar Encryption Issue Vulnerability

IBM Security QRadar is a modernized threat detection and response solution from International Business Machines IBM, Inc. designed to unify and integrate the security analyst experience and improve their response speed throughout the incident lifecycle. IBM Security QRadar version 3.12 EDR suffer...

Django Sso Server 加密问题漏洞

Django Sso Server is a user-friendly Django single sign-on server for calmkart individual developers. An encryption issue vulnerability exists in Django Sso Server that stems from insufficient encryption strength...

CVE-2025-24008

A vulnerability has been identified in SIRIUS 3RK3 Modular Safety System MSS All versions, SIRIUS Safety Relays 3SK2 All versions. The affected devices do not encrypt data in transit. An attacker with network access could eavesdrop the connection and retrieve sensitive information, including...

CVE-2025-4382

A flaw was found in systems utilizing LUKS-encrypted disks with GRUB configured for TPM-based auto-decryption. When GRUB is set to automatically decrypt disks using keys stored in the TPM, it reads the decryption key into system memory. If an attacker with physical access can corrupt the underlyi...

CVE-2025-27720

The CVE-2025-27720 entry concerns Pixmeo OsiriX MD Web Portal, where credential information is transmitted without encryption. This unencrypted transmission is the root cause, enabling potential credential disclosure by an attacker over the network. Documented assessments assign high risk (CVSS v...

Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 : Corosync vulnerability (USN-7478-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 host has packages installed that are affected by a vulnerability as referenced in the USN-7478-1 advisory. It was discovered that Corosync incorrectly handled certain large UDP packets. If encryption is disabled, or an attacker knows the...

CVE-2025-32881

An issue was discovered on goTenna v1 devices with app 5.5.3 and firmware 0.25.5. By default, the GID is the user's phone number unless they specifically opt out. A phone number is very sensitive information because it can be tied back to individuals. The app does not encrypt the GID in messages...

CVE-2025-32890

An issue was discovered on goTenna Mesh devices with app 5.5.3 and firmware 1.1.12. It uses a custom implementation of encryption without any additional integrity checking mechanisms. This leaves messages malleable to an attacker that can access the message...

CVE-2025-32882

An issue was discovered on goTenna v1 devices with app 5.5.3 and firmware 0.25.5. The app uses a custom implementation of encryption without any additional integrity checking mechanisms. This leaves messages malleable to an attacker that can access the message...

CVE-2025-32890

CVE-2025-32890 affects goTenna Mesh devices running app 5.5.3 and firmware 1.1.12. The root cause is a custom encryption implementation without additional integrity checks, making messages malleable and potentially accessible to an attacker who can access the message. The connected documents conf...

PT-2025-18690 · Gotenna · Gotenna Mesh

Name of the Vulnerable Software and Affected Versions: goTenna Mesh versions 5.5.3 and firmware 1.1.12 Description: The issue concerns a custom encryption implementation without additional integrity checking mechanisms, making messages susceptible to tampering by an attacker with access to the...

CVE-2025-32881

An issue was discovered on goTenna v1 devices with app 5.5.3 and firmware 0.25.5. By default, the GID is the user's phone number unless they specifically opt out. A phone number is very sensitive information because it can be tied back to individuals. The app does not encrypt the GID in messages...

CVE-2025-32885

Affected software/hardware: goTenna v1 devices with app 5.5.3 and firmware 0.25.5. Vulnerability: The app enables injection of custom messages into existing v1 networks via a software‑defined radio, using any GID and Callsign. Root cause/condition: exploitation in unencrypted environments or when...

CVE-2025-32882

An issue was discovered on goTenna v1 devices with app 5.5.3 and firmware 0.25.5. The app uses a custom implementation of encryption without any additional integrity checking mechanisms. This leaves messages malleable to an attacker that can access the message...

CVE-2025-32882

An issue was discovered on goTenna v1 devices with app 5.5.3 and firmware 0.25.5. The app uses a custom implementation of encryption without any additional integrity checking mechanisms. This leaves messages malleable to an attacker that can access the message...