PT-2025-31579 · Hewlett Packard · Hpe Telco Network Function Virtual Orchestrator

Name of the Vulnerable Software and Affected Versions: HPE Telco Network Function Virtual Orchestrator affected versions not specified Description: A vulnerability exists in the storage policy for certain sets of encryption keys. Successful exploitation could lead to unauthorized access to...

HP Poly Clariti Manager 安全漏洞

HP Poly Clariti Manager is a centralized management, control, and optimization software for video conferencing infrastructure from Hewlett-Packard HP in the United States. A security vulnerability exists in HP Poly Clariti Manager versions prior to 10.12.1, which stems from a vulnerability that...

Credential Exposure

Overview Affected versions of this package are vulnerable to Credential Exposure in the storage of sensitive data in config.xml files on the controller. An attacker can obtain confidential API keys and encryption keys by gaining Item/Extended Read permission or accessing the controller file syste...

Insufficiently Protected Credentials

Overview Affected versions of this package are vulnerable to Insufficiently Protected Credentials in the job configuration form, where DiveCloud API Keys and Credentials Encryption Keys are displayed in plain text. An attacker can obtain sensitive authentication information by viewing the exposed...

CVE-2025-53671

Jenkins Nouvola DiveCloud Plugin 1.08 and earlier does not mask DiveCloud API Keys and Credentials Encryption Keys displayed on the job configuration form, increasing the potential for attackers to observe and capture them...

CVE-2025-53671

CVE-2025-53671 affects Jenkins Nouvola DiveCloud Plugin (versions 1.08 and earlier). The root cause is that DiveCloud API keys and Credentials Encryption Keys are displayed on the job configuration form and not masked, enabling observers with appropriate access to view them. Impact is exposure of...

PT-2025-28923 · Jenkins · Jenkins Nouvola Divecloud Plugin

Name of the Vulnerable Software and Affected Versions: Jenkins Nouvola DiveCloud Plugin versions 1.08 and earlier Description: The Jenkins Nouvola DiveCloud Plugin does not mask DiveCloud API Keys and Credentials Encryption Keys displayed on the job configuration form, potentially allowing...

ABB RMC-100 安全漏洞

The ABB RMC-100 is a remote modular controller from ABB Switzerland. Capable of managing automation, liquid and gas measurements, asset data centralization for large production and transmission facilities. A security vulnerability exists in the ABB RMC-100 that stems from the use of hard-coded...

Pure Storage FlashArray 安全漏洞

Pure Storage FlashArray is an all QLC flash storage array from Pure Storage, Inc. A security vulnerability exists in Pure Storage FlashArray that originates from logging key encryption keys during key rotation, which could lead to information disclosure...

CVE-2025-5749

WOLFBOX Level 2 EV Charger BLE Encryption Keys Uninitialized Variable Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of WOLFBOX Level 2 EV Charger devices. Authentication is not required to exploit this...

CVE-2025-5749

WOLFBOX Level 2 EV Charger BLE Encryption Keys Uninitialized Variable Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of WOLFBOX Level 2 EV Charger devices. Authentication is not required to exploit this...

CVE-2025-5749 WOLFBOX Level 2 EV Charger BLE Encryption Keys Uninitialized Variable Authentication Bypass Vulnerability

WOLFBOX Level 2 EV Charger BLE Encryption Keys Uninitialized Variable Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of WOLFBOX Level 2 EV Charger devices. Authentication is not required to exploit this...

CVE-2025-5749 WOLFBOX Level 2 EV Charger BLE Encryption Keys Uninitialized Variable Authentication Bypass Vulnerability

WOLFBOX Level 2 EV Charger BLE Encryption Keys Uninitialized Variable Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of WOLFBOX Level 2 EV Charger devices. Authentication is not required to exploit this...

CVE-2025-5749

The CVE-2025-5749 issue affects WOLFBOX Level 2 EV Charger devices, specifically the BLE communication path. The root cause is an uninitialized variable in the handling of cryptographic keys used in vendor-specific encrypted communications, enabling authentication bypass for network-adjacent atta...

PerfreeBlog 安全漏洞

PerfreeBlog is PerfreeBlog open source, a java-based blog/CMS builder. A security vulnerability exists in PerfreeBlog version 4.0.11, which stems from the use of hard-coded encryption keys...

CVE-2024-47127

In the goTenna Pro App there is a vulnerability that makes it possible to inject any custom message with any GID and Callsign using a software defined radio in existing goTenna mesh networks. This vulnerability can be exploited if the device is being used in an unencrypted environment or if the...

CVE-2024-47122

In the goTenna Pro App, the encryption keys are stored along with a static IV on the End User Device EUD. This allows for complete decryption of keys stored on the EUD if physically compromised. This allows an attacker to decrypt all encrypted broadcast communications based on encryption keys...

CVE-2024-25679

In PQUIC before 5bde5bb, retention of unused initial encryption keys allows attackers to disrupt a connection with a PSK configuration by sending a CONNECTIONCLOSE frame that is encrypted via the initial key computed. Network traffic sniffing is needed as part of exploitation...

CVE-2024-29941

Insecure storage of the ICT MIFARE and DESFire encryption keys in the firmware binary allows malicious actors to create credentials for any site code and card number that is using the default ICT encryption...

CVE-2024-31415

The Eaton Foreseer software provides the feasibility for the user to configure external servers for multiple purposes such as network management, user management, etc. The software uses encryption to store these configurations securely on the host machine. However, the keys used for this encrypti...