1413 matches found
CVE-2024-29958
A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a prints the encryption key in the console when a privileged user executes the script to replace the Brocade SANnav Management Portal standby node. This could provide attackers an additional, less protected path to acquiring the encryption...
CVE-2024-29957
When Brocade SANnav before v2.3.1 and v2.3.0a servers are configured in Disaster Recovery mode, the encryption key is stored in the DR log files. This could provide attackers with an additional, less-protected path to acquiring the encryption key...
CVE-2024-10284
The CE21 Suite plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.2.0. This is due to hardcoded encryption key in the 'ce21authenticationphrase' function. This makes it possible for unauthenticated attackers to log in as any existing user on the site,...
CVE-2024-4844
Hardcoded credentials vulnerability in Trellix ePolicy Orchestrator ePO on Premise prior to 5.10 Service Pack 1 Update 2 allows an attacker with admin privileges on the ePO server to read the contents of the orion.keystore file, allowing them to access the ePO database encryption key. This was...
CVE-2024-39866
A vulnerability has been identified in SINEMA Remote Connect Server All versions V3.2 SP1. The affected application allows users to upload encrypted backup files. This could allow an attacker with access to the backup encryption key and with the right to upload backup files to create a user with...
PT-2025-6824
Name of the Vulnerable Software and Affected Versions Brocade SANnav affected versions not specified Description Under certain error conditions during SANnav installation or upgrade, the encryption key can be written into and obtained from a Brocade SANnav supportsave. An attacker with privileged...
Qualcomm Chipsets 安全漏洞
Qualcomm Chipsets are a family of chipsets from Qualcomm Incorporated USA. A security vulnerability exists in Qualcomm Chipsets that stems from a denial of service when the modem receives a registration acceptance OTA with an incorrect encryption key data IE...
CVE-2024-12078 ECOVACS lawnmowers and vacuums static BLE GATT encryption key
ECOVACS robot lawn mowers and vacuums use a shared, static secret key to encrypt BLE GATT messages. An unauthenticated attacker within BLE range can control any robot using the same key...
WordPress Passwords Manager plugin <= 1.4.8 - Missing Authorization to Authenticated (Subscriber+) Add Password + Update Encryption Key vulnerability
Missing Authorization to Authenticated Subscriber+ Add Password + Update Encryption Key vulnerability discovered by Lucio Sá in WordPress Plugin Passwords Manager versions = 1.4.8...
Fortinet FortiClient Hardcoded Encryption Key Used for Named Pipe Communication (FG-IR-24-216)
The version of FortiClient installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-24-216 advisory. - Threat actors can gain access to a plain text encryption key that is saved as part of the FortiClient services executable...
CVE-2024-41885 Hardcoding sensitive information
Team ENVY, a Security Research TEAM has found a flaw that allows for a remote code execution on the NVR. The seed string for the encrypt key was hardcoding. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for details and workarounds...
PT-2024-29616 · Nvr · Nvr
Name of the Vulnerable Software and Affected Versions: NVR affected versions not specified Description: A security research team, Team ENVY, has discovered a flaw that allows for remote code execution on the NVR. The issue stems from a hardcoded seed string for the encryption key. The manufacture...
IBM Security Guardium Key Lifecycle Manager Log Information Disclosure Vulnerability
IBM Security Guardium Key Lifecycle Manager is an encryption key management tool from International Business Machines IBM. It centralizes, simplifies and automates the key management process. IBM Security Guardium Key Lifecycle Manager suffers from a log information disclosure vulnerability that...
IBM Security Guardium Key Lifecycle Manager Information Disclosure Vulnerability (CNVD-2025-01797)
IBM Security Guardium Key Lifecycle Manager is an encryption key management tool from International Business Machines IBM. It centralizes, simplifies and automates the key management process. IBM Security Guardium Key Lifecycle Manager suffers from an information disclosure vulnerability that ste...
IBM Security Guardium Key Lifecycle Manager 安全漏洞
IBM Security Guardium Key Lifecycle Manager is an encryption key management tool from International Business Machines IBM. It centralizes, simplifies and automates the key management process. An information vulnerability exists in IBM Security Guardium Key Lifecycle Manager, which can be exploite...
IBM Security Guardium Key Lifecycle Manager 日志信息泄露漏洞
IBM Security Guardium Key Lifecycle Manager is an encryption key management tool from International Business Machines IBM. It centralizes, simplifies and automates the key management process. IBM Security Guardium Key Lifecycle Manager suffers from a log information disclosure vulnerability that...
IBM Security Guardium Key Lifecycle Manager 安全漏洞
IBM Security Guardium Key Lifecycle Manager is an encryption key management tool from International Business Machines IBM. It centralizes, simplifies and automates the key management process. An information disclosure vulnerability exists in IBM Security Guardium Key Lifecycle Manager, which can ...
CVE-2024-55557
ui/pref/ProxyPrefView.java in weasis-core in Weasis 4.5.1 has a hardcoded key for symmetric encryption of proxy credentials...
Trellix Data Loss Prevention 安全漏洞
Trellix Data Loss Prevention Trellix DLP is a data loss prevention solution from American FireEye Trellix. It provides a comprehensive scan of inbound and outbound network traffic for all ports, protocols, etc. A security vulnerability exists in Trellix Data Loss Prevention Trellix DLP version...
CVE-2024-55557
ui/pref/ProxyPrefView.java in weasis-core in Weasis 4.5.1 has a hardcoded key for symmetric encryption of proxy credentials...