AutomationDirect CLICK PLUS 加密问题漏洞

AutomationDirect CLICK PLUS is a small programmable logic controller from AutomationDirect, Inc. An encryption issue vulnerability exists in AutomationDirect CLICK PLUS version 3.60, which stems from the use of an insecure RSA encryption algorithm implementation...

CVE-2025-42933

When a user logs in via SAP Business One native client, the SLD backend service fails to enforce proper encryption of certain APIs. This leads to exposure of sensitive credentials within http response body. As a result, it has a high impact on the confidentiality, integrity, and availability of t...

CVE-2025-10080

The CVE affects the API component of running-elephant Datart up to version 1.0.0-rc3, specifically the getTokensecret function in datart/security/src/main/java/datart/security/util/AESUtil.java, which uses a hard-coded cryptographic key. The issue is remotely exploitable with high complexity; exp...

IBM Concert Software 加密问题漏洞

IBM Concert Software is an application lifecycle risk identification software from International Business Machines IBM. An encryption issue vulnerability exists in IBM Concert Software versions 1.0.0 through 1.1.0 that stems from not properly enabling HTTP Strict Transport Security, which could...

CVE-2025-9604

A vulnerability was identified in coze-studio up to 0.2.4. The impacted element is an unknown function of the file backend/domain/plugin/encrypt/aes.go. The manipulation of the argument AuthSecretKey/StateSecretKey/OAuthTokenSecretKey leads to use of hard-coded cryptographic key . It is possible ...

CVE-2025-54870

VTun-ng is a Virtual Tunnel over TCP/IP network. In versions 3.0.17 and below, failure to initialize encryption modules might cause reversion to plaintext due to insufficient error handling. The bug was first introduced in VTun-ng version 3.0.12. This is fixed in version 3.0.18. To workaround thi...

CVE-2025-54870

VTun-ng (virtual tunnel over TCP/IP) contains a vulnerability in versions 3.0.17 and earlier where failure to initialize encryption modules can cause a fallback to plaintext due to insufficient error handling. The issue was introduced in 3.0.12 and fixed in 3.0.18. Remediation: upgrade to 3.0.18 ...

Endress+Hauser MEAC300-FNADE4 Information Disclosure Vulnerability (CNVD-2025-16353)

The Endress+Hauser MEAC300-FNADE4 is a cost-effective emissions data management computer from Endress+Hauser Vietnam. A security vulnerability exists in the Endress+Hauser MEAC300-FNADE4, which stems from the fact that all communications are not encrypted, and can be exploited by an attacker to...

CVE-2025-34099

An unauthenticated command injection vulnerability exists in VICIdial versions 2.9 RC1 through 2.13 RC1, within the vicidialsalesviewer.php component when password encryption is enabled a non-default configuration. The application improperly passes the HTTP Basic Authentication password directly ...

GHSA-8WP4-R84G-GCMW Jenkins Testsigma Test Plan vulnerability exposes API keys via job configuration form

Jenkins Testsigma Test Plan run Plugin stores Testsigma API keys in job config.xml files on the Jenkins controller as part of its configuration. While these API keys are stored encrypted on disk, in Testsigma Test Plan run Plugin 1.6 and earlier, the job configuration form does not mask these API...

PT-2025-28532 · Microsoft · Windows Bitlocker +1

Name of the Vulnerable Software and Affected Versions: Windows BitLocker affected versions not specified Description: A protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack. This issue enables attackers to access...

PT-2025-28467 · Ivanti · Ivanti Endpoint Manager

Name of the Vulnerable Software and Affected Versions: Ivanti Endpoint Manager versions prior to 2024 SU3 Ivanti Endpoint Manager versions prior to 2022 SU8 Security Update 1 Description: The issue is related to the improper use of encryption in the agent of Ivanti Endpoint Manager. This allows a...

PT-2025-27789 · Microsoft · Bitlocker +1

Name of the Vulnerable Software and Affected Versions: Windows affected versions not specified Description: The issue concerns the lack of full volume encryption on device hard drives, such as BitLocker. This allows an attacker with physical access to the device to use an alternative operating...

PT-2025-27788

Name of the Vulnerable Software and Affected Versions: VNC affected versions not specified Description: The VNC application stores its passwords encrypted within the registry but uses DES for encryption. As DES is broken, the original passwords can be recovered. Recommendations: At the moment,...

CVE-2025-34091 Chrome Cookie Encryption Bypass via Padding Oracle Attack on AppBound Encryption

A padding oracle vulnerability exists in Google Chrome’s AppBound cookie encryption mechanism due to observable decryption failure behavior in Windows Event Logs when handling malformed ciphertext in SYSTEM-DPAPI-encrypted blobs. A local attacker can repeatedly send malformed ciphertexts to the...

PT-2025-27583 · One Identity · One Identity Onelogin Active Directory Connector

Name of the Vulnerable Software and Affected Versions: One Identity OneLogin Active Directory Connector versions prior to 6.1.5 Description: The issue concerns the mishandling of DirectoryToken encryption, also known as ST-812. This problem occurred due to an error in the encryption process...

Trend Makers Sight Bulb Pro 加密问题漏洞

Trend Makers Sight Bulb Pro is a camera from Trend Makers, Inc. The Trend Makers Sight Bulb Pro suffers from an encryption issue vulnerability that stems from the plaintext transfer of an AES key during initial setup, which could lead to the decryption of communications and the disclosure of...

CVE-2014-6274

git-annex had a bug in the S3 and Glacier remotes where if embedcreds=yes was set, and the remote used encryption=pubkey or encryption=hybrid, the embedded AWS credentials were stored in the git repository in effectively plaintext, not encrypted as they were supposed to be. This issue affects...

CVE-2025-52883 Meshtastic-Android vulnerable to forged DMs with no PKC showing up as encrypted

Meshtastic-Android is an Android application for the mesh radio software Meshtastic. Prior to version 2.5.21, an attacker is able to send an unencrypted direct message to a victim impersonating any other node of the mesh. This message will be displayed in the same chat that the victim normally...

CVE-2025-52883 Meshtastic-Android vulnerable to forged DMs with no PKC showing up as encrypted

Meshtastic-Android is an Android application for the mesh radio software Meshtastic. Prior to version 2.5.21, an attacker is able to send an unencrypted direct message to a victim impersonating any other node of the mesh. This message will be displayed in the same chat that the victim normally...