456 matches found
CVE-2025-43483
A potential security vulnerability has been identified in the Poly Clariti Manager for versions prior to 10.12.1. The vulnerability could allow the retrieval of hardcoded cryptographic keys. HP has addressed the issue in the latest software update...
Restricted Boltzmann Machine As a Probabilistic Enigma
We theoretically propose a symmetric encryption scheme based on Restricted Boltzmann Machines that functions as a probabilistic Enigma device, encoding information in the marginal distributions of visible states while utilizing bias permutations as cryptographic keys. Theoretical analysis reveals...
CVE-2025-43483
CVE-2025-43483 affects Hewlett-Packard Poly Clariti Manager prior to version 10.12.1. The issue could allow retrieval of hardcoded cryptographic keys due to the underlying vulnerability in Poly Clariti Manager components. HP has addressed the issue in the latest software update, with remediation ...
CVE-2025-43483 Poly Clariti Manager - Multiple Security Vulnerabilities
A potential security vulnerability has been identified in the Poly Clariti Manager for versions prior to 10.12.1. The vulnerability could allow the retrieval of hardcoded cryptographic keys. HP has addressed the issue in the latest software update...
CVE-2025-53770 - Zero-day exploitation in the wild of Microsoft SharePoint servers
Overview On Saturday July 19, 2025, Microsoft released an advisory for CVE-2025-53770, a critical Remote Code Execution RCE vulnerability affecting on-premise SharePoint servers. This vulnerability has been exploited in the wild as a zero-day by an unknown threat actor prior to the disclosure fro...
CBL Mariner 2.0 Security Update: libssh (CVE-2025-5372)
The version of libssh installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-5372 advisory. - A flaw was found in libssh versions built with OpenSSL versions older than 3.0, specifically in the sshkdf...
AMD EPYC 安全漏洞
AMD EPYC is an x86 architecture server microprocessor product line from AMD, known as "Xiao Long" in Chinese, which utilizes the Zen microarchitecture. A security vulnerability exists in AMD EPYC that stems from improper register access control, which could allow a privileged attacker to gain...
CVE-2025-5749
WOLFBOX Level 2 EV Charger BLE Encryption Keys Uninitialized Variable Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of WOLFBOX Level 2 EV Charger devices. Authentication is not required to exploit this...
(0Day) (Pwn2Own) WOLFBOX Level 2 EV Charger BLE Encryption Keys Uninitialized Variable Authentication Bypass Vulnerability
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of WOLFBOX Level 2 EV Charger devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of cryptographic keys used in vendor-specific...
The Hashed Fractal Key Recovery (HFKR) Problem: from Symbolic Path Inversion to Post-Quantum Cryptographic Keys
Classical cryptographic systems rely heavily on structured algebraic problems, such as factorization, discrete logarithms, or lattice-based assumptions, which are increasingly vulnerable to quantum attacks and structural cryptanalysis. In response, this work introduces the Hashed Fractal Key...
CVE-2022-29229
CaSS is a Competency and Skills System. CaSS Library, npm:cassproject has a missing cryptographic step when storing cryptographic keys that can allow a server administrator access to an account’s cryptographic keys. This affects CaSS servers using standalone username/password authentication, whic...
CVE-2022-43917
IBM WebSphere Application Server 8.5 and 9.0 traditional container uses weaker than expected cryptographic keys that could allow an attacker to decrypt sensitive information. This affects only the containerized version of WebSphere Application Server traditional. IBM X-Force ID: 241045...
CVE-2022-29330
Missing access control in the backup system of Telesoft VitalPBX before 3.2.1 allows attackers to access the PJSIP and SIP extension credentials, cryptographic keys and voicemails files via unspecified vectors...
CVE-2021-24005
Usage of hard-coded cryptographic keys to encrypt configuration files and debug logs in FortiAuthenticator versions before 6.3.0 may allow an attacker with access to the files or the CLI configuration to decrypt the sensitive data, via knowledge of the hard-coded key...
CVE-2020-35861
An issue was discovered in the bumpalo crate before 3.2.1 for Rust. The realloc feature allows the reading of unknown memory. Attackers can potentially read cryptographic keys...
CVE-2002-20002
The Net::EasyTCP package before 0.15 for Perl always uses Perl's builtin rand, which is not a strong random number generator, for cryptographic keys...
CVE-2005-4755
BEA WebLogic Server and WebLogic Express 8.1 SP3 and earlier 1 stores the private key passphrase CustomTrustKeyStorePassPhrase in cleartext in nodemanager.config; or, during domain creation with the Configuration Wizard, renders an SSL private key passphrase in cleartext 2 on a terminal or 3 in a...
Blockchain Offers Security Benefits – But Don't Neglect Your Passwords
Blockchain is best known for its use in cryptocurrencies like Bitcoin, but it also holds significant applications for online authentication. As businesses in varying sectors increasingly embrace blockchain-based security tools, could the technology one day replace passwords? How blockchain works...
PT-2025-9109 · Minut · Minut M2
Name of the Vulnerable Software and Affected Versions: Minut M2 version 15142 Description: The issue allows physically proximate attackers to extract cryptographic keys from the internal flash of Minut M2 devices with the specified firmware version. This can be used to inject modified firmware in...
Azure Linux 3.0 Security Update: kernel (CVE-2024-42229)
The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-42229 advisory. - In the Linux kernel, the following vulnerability has been resolved: crypto: aead,cipher - zeroize key buffer...