BIT-POSTGRESQL-JDBC-DRIVER-2026-42198 pgjdbc: Unbounded PBKDF2 iterations in SCRAM authentication allows CPU exhaustion DoS

pgjdbc is an open source postgresql JDBC Driver. From version 42.2.0 to before version 42.7.11, pgjdbc is vulnerable to a client-side denial of service during SCRAM-SHA-256 authentication. A malicious server can instruct the driver to perform SCRAM authentication with a very large iteration count...

Inadequate Encryption Strength

github.com/cloudflare/gokey is vulnerable to Inadequate Encryption Strength. The vulnerability is due to flawed seed decryption logic that uses only limited entropy from the initialization vector and authentication tag, which allows an attacker with access to the seed file to derive generated...

Exploit for Improper Authentication in Controlid Idsecure

CVE-2023-6329 — Control iD iDSecure Authentication Bypass !P...

CVE-2025-15574

When connecting to the Solax Cloud MQTT server the username is the "registration number", which is the 10 character string printed on the SolaX Power Pocket device / the QR code on the device. The password is derived from the "registration number" using a proprietary XOR/transposition algorithm...

CVE-2025-15574 Insecure Credential Generation for Solax Power Pocket WiFi models MQTT Cloud Connection

When connecting to the Solax Cloud MQTT server the username is the "registration number", which is the 10 character string printed on the SolaX Power Pocket device / the QR code on the device. The password is derived from the "registration number" using a proprietary XOR/transposition algorithm...

CVE-2025-15574

CVE-2025-15574 affects Solax Power Pocket WiFi models connected to the Solax Cloud MQTT server. The vulnerability stems from using the device registration number as the username and deriving the password from the same registration number with a proprietary XOR/transposition algorithm, enabling an...

SolaX Power Pocket 安全漏洞

SolaX Power Pocket is a monitoring data collection tool developed by SolaX Energy in China. There is a security vulnerability in SolaX Power Pocket. This vulnerability arises when the password is derived from the registration number using a proprietary XOR/transpose algorithm during connection to...

CVE-2026-24449

For WRC-X1500GS-B and WRC-X1500GSA-B, the initial passwords can be calculated easily from the system information...

EUVD-2026-5271

For WRC-X1500GS-B and WRC-X1500GSA-B, the initial passwords can be calculated easily from the system information...

CVE-2025-11187

A flaw was found in OpenSSL. When an application processes a maliciously crafted PKCS12 file, an attacker can exploit a stack buffer overflow or a NULL pointer dereference. This can lead to a denial of service DoS by crashing the application, and in some cases, may enable arbitrary code execution...

CVE-2025-59093 Insecure Password Derivation Function for Database Administrator in dormakaba Kaba exos 9300

Exos 9300 instances are using a randomly generated database password to connect to the configured MSSQL server. The password is derived from static random values, which are concatenated to the hostname and a random string that can be read by every user from the registry. This allows an attacker t...

EUVD-2025-206354

Exos 9300 instances are using a randomly generated database password to connect to the configured MSSQL server. The password is derived from static random values, which are concatenated to the hostname and a random string that can be read by every user from the registry. This allows an attacker t...

CVE-2025-59093 Insecure Password Derivation Function for Database Administrator in dormakaba Kaba exos 9300

Exos 9300 instances are using a randomly generated database password to connect to the configured MSSQL server. The password is derived from static random values, which are concatenated to the hostname and a random string that can be read by every user from the registry. This allows an attacker t...

Dormakaba Exos 9300 security vulnerabilities

The Dormakaba Exos 9300 is an access control and security management system developed by the American company Dormakaba. The Dormakaba Exos 9300 has a security vulnerability, as the database passwords are derived from static random values. This vulnerability could allow attackers to derive...

PT-2026-4743

Exos 9300 instances are using a randomly generated database password to connect to the configured MSSQL server. The password is derived from static random values, which are concatenated to the hostname and a random string that can be read by every user from the registry. This allows an attacker t...

CVE-2022-26964

Weak password derivation for export in Devolutions Remote Desktop Manager before 2022.1 allows information disclosure via a password brute-force attack. An error caused base64 to be decoded...

CVE-2025-13955

Predictable default Wi-Fi Password in Access Point functionality in EZCast Pro II before version 1.17478.177 allows attackers in Wi-Fi range to gain access to the dongle by calculating the default password from observable device identifiers...

EUVD-2025-202407

Predictable default Wi-Fi Password in Access Point functionality in EZCast Pro II version 1.17478.146 allows attackers in Wi-Fi range to gain access to the dongle by calculating the default password from observable device identifiers...

CVE-2025-13955

CVE-2025-13955 describes a vulnerability in EZCast Pro II dongle (software version 1.17478.146) where the Wi‑Fi access point password is predictable. Attackers within Wi‑Fi range can deduce the default password from observable device identifiers, granting access to the dongle. The vulnerability i...

PT-2025-50310

Name of the Vulnerable Software and Affected Versions EZCast Pro II version 1.17478.146 Description The Access Point functionality in EZCast Pro II version 1.17478.146 has a predictable default Wi-Fi password. Attackers within Wi-Fi range can calculate the default password from observable device...