CVE-2023-27169

Xpand IT Write-back manager v2.3.1 uses a hardcoded salt in license class configuration which leads to the generation of a hardcoded and predictable symmetric encryption keys for license generation and validation...

CVE-2023-33778

Draytek Vigor Routers firmware versions below 3.9.6/4.2.4, Access Points firmware versions below v1.4.0, Switches firmware versions below 2.6.7, and Myvigor firmware versions below 2.3.2 were discovered to use hardcoded encryption keys which allows attackers to bind any affected device to their o...

CVE-2021-41588

In Gradle Enterprise before 2021.1.3, a crafted request can trigger deserialization of arbitrary unsafe Java objects. The attacker must have the encryption and signing keys...

CVE-2020-9315

PRODUCT NOT SUPPORTED WHEN ASSIGNED Oracle iPlanet Web Server 7.0.x has Incorrect Access Control for admingui/version URIs in the Administration console, as demonstrated by unauthenticated read access to encryption keys. NOTE: a related support policy can be found in the www.oracle.com references...

CVE-2020-11684

AT91bootstrap before 3.9.2 does not properly wipe encryption and authentication keys from memory before passing control to a less privileged software component. This can be exploited to disclose these keys and subsequently encrypt and sign the next boot stage such as the bootloader...

CVE-2019-15075

An issue was discovered in iNextrix ASTPP before 4.0.1. webinterface/astpp/application/config/config.php does not have strong random keys, as demonstrated by use of the 8YSDaBtDHAB3EQkxPAyTz2I5DttzA9uR private key and the rfddEw232f encryption key...

CVE-2019-18825

Barco ClickShare Huddle CS-100 devices before 1.9.0 and CSE-200 devices before 1.9.0 have incorrect Credentials Management. The ClickShare Base Unit implements encryption at rest using encryption keys which are shared across all ClickShare Base Units of models CS-100 & CSE-200...

CVE-2002-1810

D-Link DWL-900AP+ Access Point 2.1 and 2.2 allows remote attackers to access the TFTP server without authentication and read the config.img file, which contains sensitive information such as the administrative password, the WEP encryption keys, and network configuration information...

PT-2025-21936 · Undefined · Undefined

🚨 CVE-2025-190800 in Auth0 WordPress plugin allows brute force attacks on session cookies, risking unauthorized access. Update to version 5.3.0 or later and consider rotating cookie encryption keys.🔧 Read more: https://t.co/aLcSs7CcDK BruteForceAttack CyberSecurity Vulert https://t.co/3Z8lZDmI2j...

CVE-2025-47275

Auth0-PHP provides the PHP SDK for Auth0 Authentication and Management APIs. Starting in version 8.0.0-BETA1 and prior to version 8.14.0, session cookies of applications using the Auth0-PHP SDK configured with CookieStore have authentication tags that can be brute forced, which may result in...

GHSA-G98G-R7GF-2R25 Brute Force Authentication Tags of CookieStore Sessions in Auth0-PHP SDK

Overview Session cookies of applications using the Auth0-PHP SDK configured with CookieStore have authentication tags that can be brute forced, which may result in unauthorized access. Am I Affected? You are affected by this vulnerability if you meet the following pre-conditions: 1. Applications...

The vulnerability of the AES-128-CBC encryption algorithm in the microprogramming-based router software Tenda RX2 Pro allows a hacker to disclose the protected information.

The vulnerability of the AES-128-CBC encryption algorithm in the microprogramming-based router software Tenda RX2 Pro relates to the storage of encryption keys in an open manner. Exploiting this vulnerability could allow a malicious actor to disclose the protected information...

CVE-2025-47275

Auth0-PHP provides the PHP SDK for Auth0 Authentication and Management APIs. Starting in version 8.0.0-BETA1 and prior to version 8.14.0, session cookies of applications using the Auth0-PHP SDK configured with CookieStore have authentication tags that can be brute forced, which may result in...

CVE-2025-47275

Summary: CVE-2025-47275 affects Auth0-PHP SDKs used with CookieStore across multiple Auth0 integrations (Laravel, WordPress, Symfony). Affected versions: Auth0-PHP in 8.0.0-BETA1 up to, but not including, 8.14.0. Applications using the SDK or linked Auth0 wrappers relying on it may have session c...

CVE-2025-47275 Brute Force Authentication Tags of CookieStore Sessions in Auth0-PHP SDK

Auth0-PHP provides the PHP SDK for Auth0 Authentication and Management APIs. Starting in version 8.0.0-BETA1 and prior to version 8.14.0, session cookies of applications using the Auth0-PHP SDK configured with CookieStore have authentication tags that can be brute forced, which may result in...

CVE-2025-47275 Brute Force Authentication Tags of CookieStore Sessions in Auth0-PHP SDK

Auth0-PHP provides the PHP SDK for Auth0 Authentication and Management APIs. Starting in version 8.0.0-BETA1 and prior to version 8.14.0, session cookies of applications using the Auth0-PHP SDK configured with CookieStore have authentication tags that can be brute forced, which may result in...

CVE-2025-47275 Brute Force Authentication Tags of CookieStore Sessions in Auth0-PHP SDK

Auth0-PHP provides the PHP SDK for Auth0 Authentication and Management APIs. Starting in version 8.0.0-BETA1 and prior to version 8.14.0, session cookies of applications using the Auth0-PHP SDK configured with CookieStore have authentication tags that can be brute forced, which may result in...

CVE-2025-46329 Snowflake Connector for C/C++ inserts client-side encryption key in DEBUG logs

libsnowflakeclient is the Snowflake Connector for C/C++. Versions starting from 0.5.0 to before 2.2.0, are vulnerable to local logging of sensitive information. When the logging level was set to DEBUG, the Connector would log locally the client-side encryption master key of the target stage durin...

i-PRO Surveillance Cameras和i-PRO Recorders 安全漏洞

i-PRO Surveillance Cameras and i-PRO Recorders are both products of i-PRO Japan. i-PRO Surveillance Cameras are a line of surveillance cameras. i-PRO Recorders are a line of video recorders. A security vulnerability exists in i-PRO Surveillance Cameras and i-PRO Recorders that stems from the use ...

CVE-2025-32026

Element Web is a Matrix web client built using the Matrix React SDK. Element Web, starting from version 1.11.16 up to version 1.11.96, can be configured to load Element Call from an external URL. Under certain conditions, the external page is able to get access to the media encryption keys used f...