CVE-2024-55023

Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was discovered to contain a hardcoded encryption key which could allow attackers to access sensitive information...

CVE-2024-55023

Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was discovered to contain a hardcoded encryption key which could allow attackers to access sensitive information...

CVE-2024-55023

Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was discovered to contain a hardcoded encryption key which could allow attackers to access sensitive information...

CVE-2024-55023

Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was discovered to contain a hardcoded encryption key which could allow attackers to access sensitive information...

CVE-2024-55023

Weintek cMT-3072XH2 easyweb v2.1.53 on OS v20231011 contains a hardcoded encryption key, enabling potential access to sensitive information (CVE-2024-55023). Affected component: easyweb (Weintek). Underlying cause: hardcoded key disclosed in description. Documented impact: confidentiality impact ...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-005684)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005684 advisory. In the Linux kernel, the following vulnerability has been resolved: ext4: don't set up encryption key during jbd2 transaction Commit a80f7fcf1867 ext4: fixup...

CVE-2024-55023

Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was discovered to contain a hardcoded encryption key which could allow attackers to access sensitive information...

Calero VeraSMART 信任管理问题漏洞

Calero VeraSMART is a telephone billing software developed by the American company Calero. Versions of Calero VeraSMART prior to 2026 R1 contained a trust management vulnerability. This vulnerability stemmed from the hardcoded static AES encryption key contained in the Veramark.Framework.dll, whi...

WeRSS 安全漏洞

WeRSS is a WeChat official account system developed by Rachel. Versions of WeRSS 1.4.8 and earlier contained security vulnerabilities. These vulnerabilities stemmed from incorrect handling of the SECRETKEY parameter in the core/auth.py file of the JWT Handler component, which could lead to the us...

CVE-2026-25815

Fortinet FortiOS through 7.6.6 allows attackers to decrypt LDAP credentials stored in device configuration files, as exploited in the wild from 2025-12-16 through 2026 by default, the encryption key is the same across all customers' installations. NOTE: the Supplier's position is that the instanc...

CVE-2026-25815

Fortinet FortiOS through 7.6.6 allows attackers to decrypt LDAP credentials stored in device configuration files, as exploited in the wild from 2025-12-16 through 2026 by default, the encryption key is the same across all customers' installations. NOTE: the Supplier's position is that the instanc...

CVE-2026-25815

Fortinet FortiOS up to version 7.6.6 is affected: an issue in the LDAP credential encryption in device configuration files allows attackers to decrypt credentials due to a common encryption key used across all installations. The vulnerability has been observed as exploited in the wild (around 202...

PT-2026-6632

Name of the Vulnerable Software and Affected Versions Fortinet FortiOS versions through 7.6.6 Description Fortinet FortiOS through version 7.6.6 allows attackers to decrypt LDAP credentials stored in device configuration files. This issue was exploited in the wild between December 16, 2025, and...

CVE-2025-12679 Plain text pbe key visible in audit log during Brocade SANnav migration from 2.4.0a to 3.0.0

A vulnerability in Brocade SANnav before 2.4.0b prints the Password-Based Encryption PBE key in plaintext in the system audit log file. The vulnerability could allow a remote authenticated attacker with access to the audit logs to access the pbe key. Note: The vulnerability is only triggered duri...

PT-2026-5694

A vulnerability in Brocade SANnav before 2.4.0b prints the Password-Based Encryption PBE key in plaintext in the system audit log file. The vulnerability could allow a remote authenticated attacker with access to the audit logs to access the pbe key. Note: The vulnerability is only triggered duri...

TP-Link VX800v security vulnerability

The TP-Link VX800v is a VoIP gateway produced by the TP-Link company. The TP-Link VX800v 1.0 version has a security vulnerability. This vulnerability stems from weaknesses in the Web interface’s application layer encryption. It could allow adjacent attackers to brute-force the weak AES key and...

CVE-2025-58740 Hardcoded Encryption Key Enables Database Credential Access in Milner ImageDirector Capture

The use of a hard-coded encryption key in calls to the Password function in C2SGlobalSettings.dll in Milner ImageDirector Capture on Windows allows a local attacker to decrypt database credentials by reading the cryptographic key from the executable. This issue affects ImageDirector Capture: from...

PT-2026-3665

Name of the Vulnerable Software and Affected Versions Milner ImageDirector Capture versions 7.0.9 through 7.6.3.25808 Description The software uses a hard-coded encryption key within the Password function in C2SGlobalSettings.dll on Windows. A local attacker can exploit this to decrypt database...

CVE-2026-23833

ESPHome is a system to control microcontrollers remotely through Home Automation systems. In versions 2025.9.0 through 2025.12.6, an integer overflow in the API component's protobuf decoder allows denial-of-service attacks when API encryption is not used. The bounds check ptr + fieldlength end in...

PT-2026-2766

Name of the Vulnerable Software and Affected Versions Windows versions affected versions not specified Windows Server versions affected versions not specified Description The issue centers around the approaching expiration of Microsoft certificates used in Windows Secure Boot, specifically those...