CVE-2025-24525

Keysight Ixia Vision has an issue with hardcoded cryptographic material which may allow an attacker to intercept or decrypt payloads sent to the device via API calls or user authentication if the end user does not replace the TLS certificate that shipped with the device. Remediation is available ...

CVE-2025-40646

Stored Cross-Site Scripting XSS vulnerability in Energy CRM v2025 by Status Tracker Ltd, consisting of a stored XSS due to lack of proper validation of user input by sending a POST request to “/crm/createjobsubmit.php”, using the “JobCreatedBy” parameter. This vulnerability could allow a remote...

CVE-2025-40646

CVE-2025-40646 describes a Stored Cross-Site Scripting (XSS) in Energy CRM v2025 by Status Tracker Ltd. The vulnerability arises from insufficient validation of user input in a POST to /crm/create_job_submit.php, using the JobCreatedBy parameter. An attacker could craft a request that, when viewe...

CVE-2025-40646 Multiple vulnerabilities in Energy CRM by Status Tracker

Stored Cross-Site Scripting XSS vulnerability in Energy CRM v2025 by Status Tracker Ltd, consisting of a stored XSS due to lack of proper validation of user input by sending a POST request to “/crm/createjobsubmit.php”, using the “JobCreatedBy” parameter. This vulnerability could allow a remote...

PT-2025-40330

Name of the Vulnerable Software and Affected Versions Viday affected versions not specified Description The software exhibits a flaw that could allow an attacker to obtain sensitive customer information. This is achieved by intercepting HTTP requests and locating JWTs within the request payload...

CVE-2025-24525 Keysight Ixia Vision Product Family Use of Hard-coded Cryptographic Key

Keysight Ixia Vision has an issue with hardcoded cryptographic material which may allow an attacker to intercept or decrypt payloads sent to the device via API calls or user authentication if the end user does not replace the TLS certificate that shipped with the device. Remediation is available ...

CVE-2024-55017

Account Takeover in Corezoid 6.6.0 in the OAuth2 implementation via an open redirect in the redirecturi parameter allows attackers to intercept authorization codes and gain unauthorized access to victim accounts...

CVE-2025-11155

The credentials required to access the device's web server are sent in base64 within the HTTP headers. Since base64 is not considered a strong cipher, an attacker could intercept the web request handling the login and obtain the credentials...

PT-2025-40033

Name of the Vulnerable Software and Affected Versions Keysight Ixia Vision versions prior to 6.9.1 Description Keysight Ixia Vision contains hardcoded cryptographic material. This may allow an attacker to intercept or decrypt payloads sent to the device via API calls or user authentication. The...

PT-2025-40013

Name of the Vulnerable Software and Affected Versions NiceHash QuickMiner version 6.12.0 Description The software updates are performed over HTTP without validating digital signatures or hash checks. An attacker intercepting or redirecting traffic to the update URL can hijack the update process a...

Keysight Ixia Vision 安全漏洞

Keysight Ixia Vision is a series of network packet proxies from Keysight Corporation USA. A security vulnerability exists in Keysight Ixia Vision that stems from hard-coded cryptographic material that could lead to the interception or decryption of payloads...

CVE-2025-11155 WEAK ENCODING FOR PASSWORD IN DEVICE SERVER CONFIGURATION

The credentials required to access the device's web server are sent in base64 within the HTTP headers. Since base64 is not considered a strong cipher, an attacker could intercept the web request handling the login and obtain the credentials...

Vasion Print Virtual Appliance Host 安全漏洞

Vasion Print Virtual Appliance Host is a print management software from Vasion USA. A security vulnerability exists in Vasion Print Virtual Appliance Host versions prior to 22.0.1049, which stems from the fact that private and public key certificates are stored in clear text, which could lead to...

PT-2025-39833

Name of the Vulnerable Software and Affected Versions The product name cannot be determined. affected versions not specified Description The credentials needed to access the device’s web server are transmitted in base64 within the HTTP headers. Base64 encoding is not a secure cipher, allowing an...

PT-2025-39880

Name of the Vulnerable Software and Affected Versions Vasion Print formerly PrinterLogic Virtual Appliance Host versions prior to 22.0.1049 Vasion Print formerly PrinterLogic Application versions prior to 20.0.2786 Description The Vasion Print Virtual Appliance Host and Application store a privat...

CVE-2025-10540

iMonitor EAM 9.6394 transmits client/server and monitor/server communications in plaintext with no authentication. An attacker on the network can intercept credentials, keylogger data, PII, and data in transit, and can tamper with traffic, including issuing arbitrary commands to client agents. Do...

PT-2025-39376

Name of the Vulnerable Software and Affected Versions iMonitor EAM version 9.6394 Description The software transmits communication between the EAM client agent and the EAM server, and between the EAM monitor management software and the server, in plaintext without authentication or encryption. An...

PT-2025-38759

Name of the Vulnerable Software and Affected Versions 2wcom IP-4c version 2.15.5 Description The 2wcom IP-4c device version 2.15.5 is subject to a Broken Access Control issue. Manager-level users can bypass intended access restrictions on sensitive endpoints by intercepting and modifying requests...

CVE-2025-57438

The 2wcom IP-4c 2.15.5 device suffers from a Broken Access Control vulnerability. Certain sensitive endpoints are intended to be accessible only after the admin explicitly grants access to a manager-level account. However, a manager-level user can bypass these controls by intercepting and modifyi...

CVE-2025-34198

Vasion Print formerly PrinterLogic Virtual Appliance Host versions prior to 22.0.951 and Application prior to 20.0.2368 VA and SaaS deployments contain shared, hardcoded SSH host private keys in the appliance image. The same private host keys RSA, ECDSA, and ED25519 are present across...