PT-2025-50939

In Apache StreamPark versions 2.0.0 through 2.1.7, a security vulnerability involving a hard-coded encryption key exists. This vulnerability occurs because the system uses a fixed, immutable key for encryption instead of dynamically generating or securely configuring the key. Attackers may obtain...

Apache StreamPark 安全漏洞

Apache StreamPark is the United States Apache Apache Foundation of a streaming media application development framework. Apache StreamPark suffers from a security bypass vulnerability due to the use of a fixed, immutable encryption key. An attacker could exploit the vulnerability to decrypt...

Siemens SINEMA Remote Connect Server 安全漏洞

Siemens SINEMA Remote Connect Server is a remote network management platform from Siemens Germany. The platform is primarily used to remotely access, maintain, control and diagnose the underlying network. A security vulnerability exists in Siemens SINEMA Remote Connect Server versions prior to V3...

openssl: Out-of-bounds read & write in RFC 3211 KEK Unwrap

A flaw was found in the OpenSSL CMS implementation RFC 3211 KEK Unwrap. This vulnerability allows memory corruption, an application level denial of service, or potential execution of attacker-supplied code via crafted CMS messages using password-based encryption PWRI...

PT-2025-49179

Name of the Vulnerable Software and Affected Versions Apache StreamPark versions 2.0.0 through 2.1.6 Description The system utilizes weak encryption keys, either fixed or derived directly from user passwords, when encrypting sensitive data. Attackers may obtain these keys through reverse...

Exploit for CVE-2025-41744

Lab: CVE-2025-41744 - Use of Default Cryptographic Key in Spre...

RockyLinux 9 : openssl (RLSA-2025:21255)

The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2025:21255 advisory. openssl: Out-of-bounds read & write in RFC 3211 KEK Unwrap CVE-2025-9230 Tenable has extracted the preceding description block directly from the RockyLinux...

Sprecher Automation SPRECON-E-C和Sprecher Automation SPRECON-E-P 安全漏洞

The Sprecher Automation SPRECON-E-C and Sprecher Automation SPRECON-E-P are both an automation control and remote control device from Sprecher Automation of Austria. A security vulnerability exists in the Sprecher Automation SPRECON-E-C and Sprecher Automation SPRECON-E-P, which stems from the us...

Sprecherautomation Sprecher SPRECON-E 安全漏洞

Sprecherautomation Sprecher SPRECON-E is a service package application from Sprecherautomation Austria that provides operational consulting, planning, development, engineering and equipment site installation, commissioning and operator training. A security vulnerability exists in Sprecherautomati...

RNP 安全漏洞

RNP is a C++ library open-sourced by RNP. A security vulnerability exists in RNP version 0.18.0 that stems from an uninitialized symmetric session key used in PKESK packets, which could lead to a complete breach of confidentiality...

TencentOS Server 4: corosync (TSSA-2025:0287)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0287 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

Underflow in aes_key_unwrap function

The aeskeyunwrap function would panic if passed a ciphertext that was too short. In a debug build, it would panic due to a subtraction underflow. In a release build, it would use the small negative quantity to allocate a vector. Since the allocator expects an unsigned quantity, the negative value...

PHPGurukul News Portal 安全漏洞

News Portal is a news portal. News Portal has a hard-coded vulnerability that stems from the use of a fixed encryption key for the handling of the SECRETKEY parameter in the file /onps/settings.py. An attacker could exploit this vulnerability to obtain sensitive system information...

Security Bulletin: Sensitive Key Exposure in Snowflake JDBC Driver Logging (Versions 3.0.13 – 3.23.0), affects watsonx.data

Summary Snowflake, a platform for using artificial intelligence in the context of cloud computing, has a vulnerability in the Snowflake JDBC driver "Driver" in versions 3.0.13 through 3.23.0 of the driver. When the logging level was set to DEBUG, the Driver would log locally the client-side...

EUVD-2025-36186

StarCharge Artemis AC Charger 7-22 kW v1.0.4 was discovered to contain a hardcoded AES key which allows attackers to forge or decrypt valid login tokens...

CVE-2025-52268

StarCharge Artemis AC Charger 7-22 kW v1.0.4 was discovered to contain a hardcoded AES key which allows attackers to forge or decrypt valid login tokens...

PT-2025-43959

Name of the Vulnerable Software and Affected Versions StarCharge Artemis AC Charger version 1.0.4 Description The StarCharge Artemis AC Charger version 1.0.4 contains a hardcoded AES key. This allows attackers to forge or decrypt valid login tokens. Recommendations At the moment, there is no...

CVE-2025-34500

Deck Mate 2's firmware update mechanism accepts packages without cryptographic signature verification, encrypts them with a single hard-coded AES key shared across devices, and uses a truncated HMAC for integrity validation. Attackers with access to the update interface - typically via the unit's...

Predictable Seed in Pseudo-Random Number Generator (PRNG)

Overview Affected versions of this package are vulnerable to Predictable Seed in Pseudo-Random Number Generator PRNG via the use of RandomStringUtils with the default java.util.Random PRNG. An attacker can recover sensitive information by predicting the server-side encryption key if they can obta...

Predictable Seed in Pseudo-Random Number Generator (PRNG)

Overview Affected versions of this package are vulnerable to Predictable Seed in Pseudo-Random Number Generator PRNG via the use of RandomStringUtils with the default java.util.Random PRNG. An attacker can recover sensitive information by predicting the server-side encryption key if they can obta...