CVE-2025-55279

This vulnerability exists in ZKTeco WL20 due to hard-coded private key stored in plaintext within the device firmware. An attacker with physical access could exploit this vulnerability by extracting the firmware and analyzing the binary data to retrieve private key stored in the firmware of the...

CVE-2025-55279 Hard-coded Private Key Vulnerability in ZKTeco WL20

This vulnerability exists in ZKTeco WL20 due to hard-coded private key stored in plaintext within the device firmware. An attacker with physical access could exploit this vulnerability by extracting the firmware and analyzing the binary data to retrieve private key stored in the firmware of the...

ZKTeco WL20 信任管理问题漏洞

The ZKTeco WL20 is an intelligent fingerprint time and attendance machine from China's Entropy Base Technology ZKTeco. The ZKTeco WL20 suffers from a trust management issue vulnerability that stems from a hard-coded private key stored in the device firmware, which could allow a physical access...

Ivanti Desktop and Server Management 安全漏洞

Ivanti Desktop and Server Management Ivanti DSM is a multi-platform, unified endpoint management solution from Ivanti Corporation, USA. A security vulnerability exists in Ivanti Desktop and Server Management versions prior to 2024.2, which stems from a hard-coded key that could allow an...

CVE-2023-21443

Improper cryptographic implementation in Samsung Flow for Android prior to version 4.9.04 allows adjacent attackers to decrypt encrypted messages or inject commands...

CVE-2023-20038

A vulnerability in the monitoring application of Cisco Industrial Network Director could allow an authenticated, local attacker to access a static secret key used to store both local data and credentials for accessing remote systems. This vulnerability is due to a static key value stored in the...

CVE-2020-9069

There is an information leakage vulnerability in some Huawei products. An unauthenticated, adjacent attacker could exploit this vulnerability to decrypt data. Successful exploitation may leak information randomly. Affected product versions include: Anne-AL00 Versions earlier than...

PT-2025-12815 · Ibm · Ibm Spss Statistics

Name of the Vulnerable Software and Affected Versions: IBM SPSS Statistics versions 26.0 through 29.0.2 Description: The issue concerns the use of weaker than expected cryptographic algorithms, which could allow an attacker to decrypt highly sensitive information. Recommendations: For versions 26...

IBM Storage Protect 加密问题漏洞

IBM Storage Protect IBM Spectrum Protect is a backup software from International Business Machines IBM. It provides comprehensive data data disaster recovery capabilities for physical file servers, virtual environments, and various applications. IBM Storage Protect has an encryption issue...

CVE-2024-41763

IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information...

PT-2024-4963 · Ibm · Ibm Datacap Navigator

Name of the Vulnerable Software and Affected Versions: IBM Datacap Navigator versions 9.1.5 through 9.1.9 Description: The issue is related to the use of weaker than expected cryptographic algorithms in IBM Datacap Navigator, which could allow an attacker to decrypt highly sensitive information...

Siemens Mendix 安全漏洞

The Mendix Encryption module takes care of the following encryption requirements: plain text encryption e.g. passwords and FileDocument encryption e.g. documents or photos. A hard-coded default encryption key vulnerability exists in the Siemens Mendix Encryption module, which can be exploited by ...

CVE-2023-38371

IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 261198...

AVSystem Unified Management Platform Security Vulnerability

AVSystem Unified Management Platform is a comprehensive management platform from AVSystem designed to help enterprises, service providers and carriers manage and monitor their network devices, Internet of Things IoT devices and services. A security vulnerability exists in AVSystem Unified...

QNAP QTS / QuTS hero Vulnerability in QTS and QuTS hero (QSA-23-60)

The version of QNAP QTS / QuTS hero installed on the remote host is affected by a vulnerability as referenced in the QSA-23-60 advisory. An inadequate encryption strength vulnerability has been reported to affect QNAP operating systems. If exploited, the vulnerability possibly allows local networ...

CVE-2023-34971

An inadequate encryption strength vulnerability has been reported to affect QNAP operating systems. If exploited, the vulnerability possibly allows local network clients to decrypt the data using brute force attacks via unspecified vectors. We have already fixed the vulnerability in the following...

PT-2023-12344 · Ibm · Ibm Sterling Connect:Direct For Unix

Name of the Vulnerable Software and Affected Versions: IBM Sterling Connect:Direct for UNIX version 1.5 Description: The issue is related to the use of weaker than expected cryptographic algorithms, which could allow an attacker to decrypt highly sensitive information. Recommendations: For IBM...

CVE-2023-33842

IBM SPSS Modeler on Windows 17.0, 18.0, 18.2.2, 18.3, 18.4, and 18.5 requires the end user to have access to the server SSL key which could allow a local user to decrypt and obtain sensitive information. IBM X-Force ID: 256117...

JINS MEME CORE uses a hard-coded cryptographic key

Overview JINS MEME CORE provided by JINS Inc. is a nose pad type sensor attached to a glass frame. JINS MEME CORE uses a hard-coded cryptographic key CWE-321. MASAHIRO IIDA of LAC Co.,Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Earl...

Akuvox E11 安全漏洞

Akuvox E11 is a SIP visual doorbell from Akuvox designed for villas, houses and apartments. A security vulnerability exists in Akuvox E11 that stems from the fact that Akuvox E11 uses hard-coded encryption keys, which could allow an attacker to decrypt sensitive information...