456 matches found
CVE-2026-21765 HCL BigFix Platform is affected by insecure permissions on private cryptographic keys
HCL BigFix Platform is affected by insecure permissions on private cryptographic keys. The private cryptographic keys located on a Windows host machine might be subject to overly permissive file system permissions...
LightGuard: Transparent WiFi Security Via Physical-Layer LiFi Key Bootstrapping
WiFi is inherently vulnerable to eavesdropping because RF signals may penetrate many physical boundaries, such as walls and floors. LiFi, by contrast, is an optical method confined to line-of-sight and blocked by opaque surfaces. We present LightGuard, a dual-link architecture built on this...
PT-2026-29651
HCL BigFix Platform is affected by insecure permissions on private cryptographic keys. The private cryptographic keys located on a Windows host machine might be subject to overly permissive file system permissions...
Information Disclosure
Glances is vulnerable to Information Disclosure. The vulnerability is due to missing access control and filtering in the /api/4/config endpoint, which returns the full configuration including sensitive data such as passwords, API tokens, and cryptographic keys...
Infostealer Steals OpenClaw AI Agent Configuration Files and Gateway Tokens
Cybersecurity researchers disclosed they have detected a case of an information stealer infection successfully exfiltrating a victim's OpenClaw formerly Clawdbot and Moltbot configuration environment. "This finding marks a significant milestone in the evolution of infostealer behavior: the...
CVE-2026-2103
Infor SyteLine ERP uses hard-coded static cryptographic keys to encrypt stored credentials, including user passwords, database connection strings, and API keys. The encryption keys are identical across all installations. An attacker with access to the application binary and database can decrypt a...
CVE-2025-59105
With physical access to the device and enough time an attacker can desolder the flash memory, modify it and then reinstall it because of missing encryption. Thus, essential files, such as "/etc/passwd", as well as stored certificates, cryptographic keys, stored PINs and so on can be modified and...
CVE-2025-59105 Unencrypted Flash Storage in dormakaba access manager
With physical access to the device and enough time an attacker can desolder the flash memory, modify it and then reinstall it because of missing encryption. Thus, essential files, such as "/etc/passwd", as well as stored certificates, cryptographic keys, stored PINs and so on can be modified and...
EUVD-2025-206374
With physical access to the device and enough time an attacker can desolder the flash memory, modify it and then reinstall it because of missing encryption. Thus, essential files, such as "/etc/passwd", as well as stored certificates, cryptographic keys, stored PINs and so on can be modified and...
CVE-2025-65396
A vulnerability in the boot process of Blurams Flare Camera version 24.1114.151.929 and earlier allows a physically proximate attacker to hijack the boot mechanism and gain a bootloader shell via the UART interface. This is achieved by inducing a read error from the SPI flash memory during the...
CVE-2025-65396
A vulnerability in the boot process of Blurams Flare Camera version 24.1114.151.929 and earlier allows a physically proximate attacker to hijack the boot mechanism and gain a bootloader shell via the UART interface. This is achieved by inducing a read error from the SPI flash memory during the...
CVE-2025-65396
A vulnerability in the boot process of Blurams Flare Camera version 24.1114.151.929 and earlier allows a physically proximate attacker to hijack the boot mechanism and gain a bootloader shell via the UART interface. This is achieved by inducing a read error from the SPI flash memory during the...
CVE-2025-65396
A vulnerability in the boot process of Blurams Flare Camera version 24.1114.151.929 and earlier allows a physically proximate attacker to hijack the boot mechanism and gain a bootloader shell via the UART interface. This is achieved by inducing a read error from the SPI flash memory during the...
CVE-2025-65396
A vulnerability in the boot process of Blurams Flare Camera version 24.1114.151.929 and earlier allows a physically proximate attacker to hijack the boot mechanism and gain a bootloader shell via the UART interface. This is achieved by inducing a read error from the SPI flash memory during the...
CVE-2025-65396
Affected product: Blurams Flare Camera (versions 24.1114.151.929 and earlier). Vulnerability cause: In the boot process, a read error from the SPI flash memory is induced by shorting a data pin to ground, allowing a physically proximate attacker to hijack the boot mechanism and gain a bootloader ...
PT-2026-2919
Name of the Vulnerable Software and Affected Versions Blurams Flare Camera versions 24.1114.151.929 and earlier Description A flaw exists in the boot process of the Blurams Flare Camera that allows a nearby attacker to take control of the boot mechanism and obtain a bootloader shell through the...
CVE-2025-65396
A vulnerability in the boot process of Blurams Flare Camera version 24.1114.151.929 and earlier allows a physically proximate attacker to hijack the boot mechanism and gain a bootloader shell via the UART interface. This is achieved by inducing a read error from the SPI flash memory during the...
CVE-2022-38692
In BootROM, there is a missing size check for RSA keys in Certificate Type 0 validation. This could lead to memory buffer overflow without requiring additional execution privileges...
PT-2026-1358
Name of the Vulnerable Software and Affected Versions badkeys versions 0.0.15 and below Description badkeys is a tool and library used for checking cryptographic public keys for known issues. In versions 0.0.15 and below, an attacker can inject content containing ASCII control characters, such as...
📄 Dahua TPC-AEBF5201 P2P Camera ToolsComplete Security Analysis Suite
This PHP proof-of-concept provides defensive tooling to analyze DH-P2P / Easy4IP behaviors observed during DFIR activities. It includes routines to decrypt Account1SecEData, derive device-specific cryptographic keys, and reproduce authentication code generation logic. The project is intended to...