PT-2025-14782 · Element · Element

Name of the Vulnerable Software and Affected Versions: Element X Android versions 0.4.16 through 25.03.3 Description: The issue allows an entity in control of the element.json well-known file to access media encryption keys used for an Element Call under certain conditions. Recommendations: For...

Jenkins 安全漏洞

Jenkins is a Jenkins open source application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project. A security vulnerability exists in Jenkins 2.503 and earlier and LTS 2.492.2 and earlier, which stems from a lack of...

Fortinet FortiSandbox 安全漏洞

Fortinet FortiSandbox is an APT Advanced Persistent Threat protection appliance from Fortinet. The appliance offers dual sandboxing technology, dynamic threat intelligence system, real-time control panel and reporting. Fortinet FortiSandbox suffers from a security vulnerability that stems from th...

DocuSnap 安全漏洞

DocuSnap is an app from DocuSnap that turns mobile devices into portable scanners. Used to scan, edit, store and share documents to PDF. A security vulnerability exists in DocuSnap 13.0.1440.24261 and earlier versions, which stems from the use of hard-coded encryption keys...

CVE-2024-22588

Kwik commit 745fd4e2 does not discard unused encryption keys...

CVE-2023-6105

An information disclosure vulnerability exists in multiple ManageEngine products that can result in encryption keys being exposed. A low-privileged OS user with access to the host where an affected ManageEngine product is installed can view and use the exposed key to decrypt product database...

Fortinet FortiManager 安全漏洞

Fortinet FortiManager is a centralized network security management platform from Fortinet. The platform supports centralized management of any number of Fortinet devices and the ability to group devices into different administrative domains ADOMs to further simplify multi-device security deployme...

CVE-2024-43378

calamares-nixos-extensions provides Calamares branding and modules for NixOS, a distribution of GNU/Linux. Users who installed NixOS through the graphical installer who used manual disk partitioning to create a setup where the system was booted via legacy BIOS rather than UEFI; some disk partitio...

CVE-2024-45394

Authenticator is a browser extension that generates two-step verification codes. In versions 7.0.0 and below, encryption keys for user data were stored encrypted at-rest using only AES-256 and the EVPBytesToKey KDF. Therefore, attackers with a copy of a user's data are able to brute-force the...

CVE-2024-53357

Multiple SQL injection vulnerabilities in EasyVirt DCScope = 8.6.0 and CO2Scope = 1.3.0 allows remote authenticated attackers, with low privileges, to 1 add an admin user via the /api/user/addalias route; 2 modifiy a user via the /api/user/updatealiasroute; 4 delete users via the /api/user/delali...

CVE-2024-53357

Summary of CVE-2024-53357 : The affected products are EasyVirt DCScope (<= 8.6.0) and EasyVirt CO2Scope (

CVE-2024-53357

Multiple SQL injection vulnerabilities in EasyVirt DCScope = 8.6.0 and CO2Scope = 1.3.0 allows remote authenticated attackers, with low privileges, to 1 add an admin user via the /api/user/addalias route; 2 modifiy a user via the /api/user/updatealiasroute; 4 delete users via the /api/user/delali...

CVE-2024-38499

CA Client Automation ITCM allows non-admin/non-root users to encrypt a string using CAF CLI and SDACMD CLI. This would allow the non admin user to access the critical encryption keys which further causes the exploitation of stored credentials. This fix doesn't allow a non-admin/non-root user to...

CVE-2024-38499

CA Client Automation (ITCM) vulnerability CVE-2024-38499 involves improper privilege management that allows non-admin/non-root users to encrypt strings via CAF CLI and SD_ACMD CLI. This could expose encryption keys and enable credential compromise. The available fix prevents non-admin/non-root us...

CVE-2024-38499 Improper Privilege Management Vulnerability in CA Client Automation 14.5

CA Client Automation ITCM allows non-admin/non-root users to encrypt a string using CAF CLI and SDACMD CLI. This would allow the non admin user to access the critical encryption keys which further causes the exploitation of stored credentials. This fix doesn't allow a non-admin/non-root user to...

Broadcom CA Client Automation 安全漏洞

Broadcom CA Client Automation is a suite of IT asset management solutions from Broadcom USA. A security vulnerability exists in Broadcom CA Client Automation. An attacker could exploit the vulnerability to gain access to critical encryption keys...

Making sure your door access control system is secure: Top 5 things to check

Your door access control system aka a physical access control system or PACS, also referred to as RFID cards or ‘swipe’ cards often have a poor reputation for being vulnerable to cloning attacks. Here’s the thing: it’s generally possible to configure your system to be very resistant to card...

Devolutions XTS.NET 安全漏洞

Devolutions XTS.NET is a pure C implementation of the XTS encryption model from Devolutions Canada, primarily used for disk encryption. A security vulnerability exists in Devolutions XTS.NET version 2024.11.19 and earlier versions that stems from the use of non-constant time encryption operations...

mall 安全漏洞

mall is an e-commerce system for macro individual developers, including a frontend mall system and a backend management system. A security vulnerability exists in mall version 1.0.3 and earlier versions, which stems from allowing the use of default encryption keys...

Cybele Software Thinfinity Workspace 安全漏洞

Cybele Software Thinfinity Workspace is an integrated solution for virtualizing applications, desktops, data and accessing any host from a unified portal from Cybele Software, USA. A security vulnerability exists in Cybele Software Thinfinity Workspace versions prior to v7.0.2.113 that stems from...