CVE-2025-34234

Summary: CVE-2025-34234 affects Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to 25.1.102 and Application prior to 25.1.1413. Two hardcoded private keys are shipped inside application containers (printerlogic/pi, printerlogic/printer-admin-api, printercloud/pi) and stored in p...

CVE-2025-34234

Vasion Print formerly PrinterLogic Virtual Appliance Host prior to version 25.1.102 and Application prior to version 25.1.1413 VA/SaaS deployments contain two hardcoded private keys that are shipped in the application containers printerlogic/pi, printerlogic/printer-admin-api, and printercloud/pi...

PT-2025-39897

Name of the Vulnerable Software and Affected Versions Vasion Print versions prior to 25.1.102 Vasion Print Application versions prior to 25.1.1413 Description Vasion Print formerly PrinterLogic Virtual Appliance Host and Application deployments contain hardcoded private keys stored in clear text...

CVE-2025-36326

IBM Cognos Controller 11.0.0 through 11.0.1, and IBM Controller 11.1.0 through 11.1.1 could allow an attacker to obtain sensitive information due to the use of hardcoded cryptographic keys for signing session cookies...

CVE-2025-36326

IBM Cognos Controller 11.0.0 through 11.0.1, and IBM Controller 11.1.0 through 11.1.1 could allow an attacker to obtain sensitive information due to the use of hardcoded cryptographic keys for signing session cookies...

CVE-2025-36326

IBM Cognos Controller 11.0.0 through 11.0.1, and IBM Controller 11.1.0 through 11.1.1 could allow an attacker to obtain sensitive information due to the use of hardcoded cryptographic keys for signing session cookies...

CVE-2025-36326 IBM Controller information disclosure

IBM Cognos Controller 11.0.0 through 11.0.1, and IBM Controller 11.1.0 through 11.1.1 could allow an attacker to obtain sensitive information due to the use of hardcoded cryptographic keys for signing session cookies...

CVE-2025-36326 IBM Controller information disclosure

IBM Cognos Controller 11.0.0 through 11.0.1, and IBM Controller 11.1.0 through 11.1.1 could allow an attacker to obtain sensitive information due to the use of hardcoded cryptographic keys for signing session cookies...

CVE-2025-36326

CVE-2025-36326 affects IBM Cognos Controller 11.0.0–11.0.1 FP6 and IBM Controller 11.1.0–11.1.1. The issue arises from hardcoded cryptographic keys used to sign session cookies, enabling potential disclosure of sensitive information. The IBM security bulletin lists remediation: upgrade to IBM Cog...

PT-2025-39647

Name of the Vulnerable Software and Affected Versions IBM Cognos Controller versions 11.0.0 through 11.0.1 IBM Controller versions 11.1.0 through 11.1.1 Description The software uses hardcoded cryptographic keys for signing session cookies, potentially allowing an attacker to obtain sensitive...

CVE-2025-34198

Vasion Print formerly PrinterLogic Virtual Appliance Host versions prior to 22.0.951 and Application prior to 20.0.2368 VA and SaaS deployments contain shared, hardcoded SSH host private keys in the appliance image. The same private host keys RSA, ECDSA, and ED25519 are present across...

CVE-2025-34198

CVE-2025-34198 affects Vasion Print (formerly PrinterLogic) Virtual Appliance Host and Application where versions before 22.0.951 (Host) and 20.0.2368 (Application) include shared, hardcoded SSH host private keys (RSA, ECDSA, ED25519) embedded in the appliance image. Because the same keys are use...

CVE-2025-57174

An issue was discovered in Siklu Communications Etherhaul 8010TX and 1200FX devices, Firmware 7.4.0 through 10.7.3 and possibly other previous versions. The rfpiped service listening on TCP port 555 which uses static AES encryption keys hardcoded in the binary. These keys are identical across all...

CVE-2025-57174

An issue was discovered in Siklu Communications Etherhaul 8010TX and 1200FX devices, Firmware 7.4.0 through 10.7.3 and possibly other previous versions. The rfpiped service listening on TCP port 555 which uses static AES encryption keys hardcoded in the binary. These keys are identical across all...

CVE-2025-57174

An issue was discovered in Siklu Communications Etherhaul 8010TX and 1200FX devices, Firmware 7.4.0 through 10.7.3 and possibly other previous versions. The rfpiped service listening on TCP port 555 which uses static AES encryption keys hardcoded in the binary. These keys are identical across all...

shiro-exploit

This is a Python script for exploiting a vulnerability in Apache Shiro, a Java-based security framework. The script is designed to bypass authentication and authorization checks in Shiro, allowing an attacker to gain unauthorized access to sensitive data. The script uses the Crypto.Cipher module ...

PT-2025-37368

Name of the Vulnerable Software and Affected Versions Siklu Communications Etherhaul 8010TX and 1200FX devices versions 7.4.0 through 10.7.3 Description An issue exists in the rfpiped service, listening on TCP port 555, which utilizes static AES encryption keys hardcoded within the binary. These...

PT-2025-37369

Siklu EtherHaul 8010 siklu-uimage-nxp-enc-10 6 2-18707-ea552dc00b devices have a static root password...

Welotec多款产品 安全漏洞

Welotec EG400Mk2 series and Welotec EG500Mk2 series are a series of edge IoT computing gateways from Welotec, Germany. A security vulnerability exists in several Welotec products that stems from JWT keys hardcoded in the egOS WebGUI backend, which could lead to bypassing authentication and...

CVE-2025-43483

A potential security vulnerability has been identified in the Poly Clariti Manager for versions prior to 10.12.1. The vulnerability could allow the retrieval of hardcoded cryptographic keys. HP has addressed the issue in the latest software update...