CVE-2023-3342 User Registration <= 3.0.2 - Authenticated (Subscriber+) Arbitrary File Upload

The User Registration plugin for WordPress is vulnerable to arbitrary file uploads due to a hardcoded encryption key and missing file type validation on the 'uruploadprofilepic' function in versions up to, and including, 3.0.2. This makes it possible for authenticated attackers with...

User Registration < 3.0.2.1 - Subscriber+ Arbitrary File Upload

The plugin uses a static encryption key and does not validate the file path when renaming profile pictures, which could allow any authenticated users, such as subscriber, to upload arbitrary files such as PHP on the server...

WordPress User Registration 3.0.2 Arbitrary File Upload

Description: User Registration = 3.0.2 – Authenticated Subscriber+ Arbitrary File Upload Affected Plugin: User Registration – Custom Registration Form, Login Form And User Profile For WordPress Plugin Slug: user-registration Affected Versions: = 3.0.2 CVE ID: CVE-2023-3342 CVSS Score: 9.9 Critica...

CVE-2023-3371

The EmbedPress plugin for WordPress is vulnerable to Sensitive Information Exposure due to hardcoded encryption key on the 'lockcontentformhandler' and 'displaypasswordform' function in versions up to, and including, 3.7.3. This makes it possible for unauthenticated attackers to decrypt and view...

Hardcoded credentials

The User Registration plugin for WordPress is vulnerable to Sensitive Information Exposure due to hardcoded encryption key on the 'lockcontentformhandler' and 'displaypasswordform' function in versions up to, and including, 3.7.3. This makes it possible for unauthenticated attackers to decrypt an...

CVE-2023-3371 EmbedPress <= 3.7.3 - Sensitive Information Exposure

The EmbedPress plugin for WordPress is vulnerable to Sensitive Information Exposure due to hardcoded encryption key on the 'lockcontentformhandler' and 'displaypasswordform' function in versions up to, and including, 3.7.3. This makes it possible for unauthenticated attackers to decrypt and view...

PT-2023-24453 · WordPress · User Registration

Name of the Vulnerable Software and Affected Versions: User Registration plugin for WordPress versions up to, and including, 3.7.3 Description: The issue is related to Sensitive Information Exposure due to a hardcoded encryption key in the lock content form handler and display password form...

CVE-2023-0971 Command Authentication Bypass in Z/IP Gateway

A logic error in SiLabs Z/IP Gateway SDK 7.18.02 and earlier allows authentication to be bypassed, remote administration of Z-Wave controllers, and S0/S2 encryption keys to be recovered...

PT-2025-40717

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw in the iwlwifi mvm module that could lead to an array out of bounds access. This issue is related to the handling of IWL SEC WEP KEY OFFSET during key...

CVE-2023-33283

Marval MSM through 14.19.0.12476 uses a static encryption key for secrets. An attacker that gains access to encrypted secrets can decrypt them by using this key...

CVE-2023-33283

Marval MSM through 14.19.0.12476 uses a static encryption key for secrets. An attacker that gains access to encrypted secrets can decrypt them by using this key...

CVE-2023-33283

Marval MSM through 14.19.0.12476 uses a static encryption key for secrets. An attacker that gains access to encrypted secrets can decrypt them by using this key...

Code injection

Marval MSM through 14.19.0.12476 uses a static encryption key for secrets. An attacker that gains access to encrypted secrets can decrypt them by using this key...

CVE-2023-33283

Marval MSM through 14.19.0.12476 uses a static encryption key for secrets. An attacker that gains access to encrypted secrets can decrypt them by using this key...

PT-2023-24268 · Marval · Marval Msm

Name of the Vulnerable Software and Affected Versions: Marval MSM versions 14.19.0.12476 and earlier Description: The issue concerns the use of a static encryption key for secrets in Marval MSM. An attacker who gains access to encrypted secrets can decrypt them by using this key. Recommendations:...

CVE-2023-33283

Marval MSM through 14.19.0.12476 uses a static encryption key for secrets. An attacker that gains access to encrypted secrets can decrypt them by using this key...

CVE-2023-33283

CVE-2023-33283 affects Marval MSM up to version 14.19.0.12476, where a static encryption key is used to protect secrets. The underlying issue is the use of a hard-coded/static key for encryption-at-rest, enabling an attacker who gains access to encrypted secrets to decrypt them. The available sou...

CVE-2023-27126

The AES Key-IV pair used by the TP-Link TAPO C200 camera V3 EU on firmware version 1.1.22 Build 220725 is reused across all cameras. An attacker with physical access to a camera is able to extract and decrypt sensitive data containing the Wifi password and the TP-LINK account credential of the...

Hitron Technologies CODA 信任管理问题漏洞

Hitron Technologies CODA is a wireless router from Hitron Technologies China. The Hitron Technologies CODA suffers from a trust management issue vulnerability that arises from a hard-coded encryption or decryption key in program code. A remote attacker could use the hard-coded key to decrypt syst...

CVE-2023-34258

An issue was discovered in BMC Patrol before 22.1.00. The agent's configuration can be remotely queried. This configuration contains the Patrol account password, encrypted with a default AES key. This account can then be used to achieve remote code execution...