Lucene search
K

1455 matches found

Positive Technologies
Positive Technologies
added 2026/02/02 12:0 a.m.10 views

PT-2026-5694

A vulnerability in Brocade SANnav before 2.4.0b prints the Password-Based Encryption PBE key in plaintext in the system audit log file. The vulnerability could allow a remote authenticated attacker with access to the audit logs to access the pbe key. Note: The vulnerability is only triggered duri...

7.1CVSS5.5AI score0.00148EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/01/29 12:0 a.m.9 views

TP-Link VX800v security vulnerability

The TP-Link VX800v is a VoIP gateway produced by the TP-Link company. The TP-Link VX800v 1.0 version has a security vulnerability. This vulnerability stems from weaknesses in the Web interface’s application layer encryption. It could allow adjacent attackers to brute-force the weak AES key and...

8.8CVSS5.8AI score0.00151EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/01/20 9:36 p.m.4 views

CVE-2025-58740 Hardcoded Encryption Key Enables Database Credential Access in Milner ImageDirector Capture

The use of a hard-coded encryption key in calls to the Password function in C2SGlobalSettings.dll in Milner ImageDirector Capture on Windows allows a local attacker to decrypt database credentials by reading the cryptographic key from the executable. This issue affects ImageDirector Capture: from...

8.5CVSS5.4AI score0.00065EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/01/20 12:0 a.m.6 views

PT-2026-3665

Name of the Vulnerable Software and Affected Versions Milner ImageDirector Capture versions 7.0.9 through 7.6.3.25808 Description The software uses a hard-coded encryption key within the Password function in C2SGlobalSettings.dll on Windows. A local attacker can exploit this to decrypt database...

8.5CVSS5.5AI score0.00065EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/01/19 5:58 p.m.3 views

CVE-2026-23833

ESPHome is a system to control microcontrollers remotely through Home Automation systems. In versions 2025.9.0 through 2025.12.6, an integer overflow in the API component's protobuf decoder allows denial-of-service attacks when API encryption is not used. The bounds check ptr + fieldlength end in...

6.3CVSS5.5AI score0.00273EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/01/13 12:0 a.m.7 views

PT-2026-2766

Name of the Vulnerable Software and Affected Versions Windows versions affected versions not specified Windows Server versions affected versions not specified Description The issue centers around the approaching expiration of Microsoft certificates used in Windows Secure Boot, specifically those...

6.4CVSS5.9AI score0.00965EPSS
Exploits0References25
RedhatCVE
RedhatCVE
added 2026/01/09 12:36 p.m.6 views

CVE-2023-49113

The Kiuwan Local Analyzer KLA Java scanning application contains several hard-coded secrets in plain text format. In some cases, this can potentially compromise the confidentiality of the scan results. Several credentials were found in the JAR files of the Kiuwan Local Analyzer. The JAR file...

7.8CVSS6.9AI score0.00178EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:36 a.m.3 views

CVE-2021-41829

Zoho ManageEngine Remote Access Plus before 10.1.2121.1 relies on the application's build number to calculate a certain encryption key...

7.5CVSS6.9AI score0.03108EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:29 a.m.7 views

CVE-2021-27941

Unconstrained Web access to the device's private encryption key in the QR code pairing mode in the eWeLink mobile application through 4.9.2 on Android and through 4.9.1 on iOS allows a physically proximate attacker to eavesdrop on Wi-Fi credentials and other sensitive information by monitoring th...

4.6CVSS6.7AI score0.00214EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:44 a.m.9 views

CVE-2022-0444

The Backup, Restore and Migrate WordPress Sites With the XCloner Plugin WordPress plugin before 4.3.6 does not have authorisation and CSRF checks when resetting its settings, allowing unauthenticated attackers to reset them, including generating a new backup encryption key...

4.3CVSS6.9AI score0.00283EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:41 a.m.9 views

CVE-2022-26660

RunAsSpc 4.0 uses a universal and recoverable encryption key. In possession of a file encrypted by RunAsSpc, an attacker can recover the credentials that were used...

7.5CVSS7AI score0.00593EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:19 a.m.23 views

CVE-2019-18833

Barco ClickShare Button R9861500D01 devices before 1.9.0 allow Information exposure issue 2 of 2.. The encryption key of the media content which is shared between a ClickShare Button and a ClickShare Base Unit is randomly generated for each new session and communicated over a TLS connection. An...

5.9CVSS6.9AI score0.00365EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:17 a.m.7 views

CVE-2019-18832

Barco ClickShare Button R9861500D01 devices before 1.9.0 have incorrect Credentials Management. The ClickShare Button implements encryption at rest which uses a one-time programmable OTP AES encryption key. This key is shared across all ClickShare Buttons of model R9861500D01...

8.1CVSS7AI score0.00434EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:21 a.m.6 views

CVE-2021-27254

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R7800. Authentication is not required to exploit this vulnerability. The specific flaw exists within the applysave.cgi endpoint. This issue results from the use of hard-coded...

8.8CVSS7.5AI score0.00487EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:20 a.m.10 views

CVE-2021-33846

Fresenius Kabi Vigilant Software Suite Mastermed Dashboard version 2.0.1.3 issues authentication tokens to authenticated users that are signed with a symmetric encryption key. An attacker in possession of the key can issue valid JWTs and impersonate arbitrary users...

7.2CVSS7AI score0.00313EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:43 a.m.9 views

CVE-2022-33231

Memory corruption due to double free in core while initializing the encryption key...

9.3CVSS7.1AI score0.0008EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:36 a.m.10 views

CVE-2020-10884

This vulnerability allows network-adjacent attackers execute arbitrary code on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the tdpServer service, which listens on UDP...

8.8CVSS6.8AI score0.24495EPSS
Exploits4References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:32 a.m.6 views

CVE-2024-39888

A vulnerability has been identified in Mendix Encryption All versions = V10.0.0 V10.0.2. Affected versions of the module define a specific hard-coded default value for the EncryptionKey constant, which is used in projects where no individual EncryptionKey was specified. This could allow to an...

8.7CVSS6.7AI score0.00244EPSS
Exploits0References1
NCSC
NCSC
added 2026/01/08 12:28 p.m.16 views

Vulnerabilities fixed in Hanwha camera systems

Hanwha has fixed vulnerabilities in several camera systems, including issues with XML validation, certificate validation, permissions management for guest accounts, video analytics and hard-coded encryption key. The vulnerabilities include an issue with the validation of incoming XML requests,...

9.3CVSS7.1AI score0.00369EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:11 a.m.6 views

CVE-2025-1053

Under certain error conditions at time of SANnav installation or upgrade, the encryption key can be written into and obtained from a Brocade SANnav supportsave. An attacker with privileged access to the Brocade SANnav database could use the encryption key to obtain passwords used by Brocade SANna...

8.6CVSS6.6AI score0.00145EPSS
Exploits0References1
Rows per page
Query Builder