CVE-2025-59107

Dormakaba provides the software FWServiceTool to update the firmware version of the Access Managers via the network. The firmware in some instances is provided in an encrypted ZIP file. Within this tool, the password used to decrypt the ZIP and extract the firmware is set statically and can be...

CVE-2025-15128 ZKTeco BioTime Endpoint safe_setting credentials storage

A vulnerability was detected in ZKTeco BioTime up to 9.0.3/9.0.4/9.5.2. This affects an unknown part of the file /base/safesetting/ of the component Endpoint. Performing a manipulation of the argument backupencryptionpassworddecrypt/exportencryptionpassworddecrypt results in unprotected storage o...

Linux Distros Unpatched Vulnerability : CVE-2020-28086

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - pass through 1.7.3 has a possibility of using a password for an unintended resource. For exploitation to occur, the user must do a git pull, decrypt a password,...

CVE-2025-22463

A hardcoded key in Ivanti Workspace Control before version 10.19.10.0 allows a local authenticated attacker to decrypt the stored environment password...

CVE-2025-22463

A hardcoded key in Ivanti Workspace Control before version 10.19.10.0 allows a local authenticated attacker to decrypt the stored environment password...

CVE-2023-24018

A stack-based buffer overflow vulnerability exists in the libzebra.so.0.0.0 securitydecryptpassword functionality of Milesight UR32L v32.3.0.5. A specially crafted HTTP request can lead to a buffer overflow. An authenticated attacker can send an HTTP request to trigger this vulnerability...

CVE-2023-24018

A stack-based buffer overflow vulnerability exists in the libzebra.so.0.0.0 securitydecryptpassword functionality of Milesight UR32L v32.3.0.5. A specially crafted HTTP request can lead to a buffer overflow. An authenticated attacker can send an HTTP request to trigger this vulnerability...

CVE-2023-24018

A stack-based buffer overflow vulnerability exists in the libzebra.so.0.0.0 securitydecryptpassword functionality of Milesight UR32L v32.3.0.5. A specially crafted HTTP request can lead to a buffer overflow. An authenticated attacker can send an HTTP request to trigger this vulnerability...

CVE-2023-25184

Use of weak credentials exists in Seiko Solutions SkyBridge and SkySpider series, which may allow a remote unauthenticated attacker to decrypt password for the WebUI of the product. Affected products and versions are as follows: SkyBridge MB-A200 firmware Ver. 01.00.05 and earlier, SkyBridge BASI...

PT-2022-9257 · Ovarro · Ovarro Tbox

Name of the Vulnerable Software and Affected Versions: Ovarro TBox affected versions not specified Description: An attacker can decrypt the Ovarro TBox login password by capturing communication and using brute force attacks. Recommendations: At the moment, there is no information about a newer...

SalonErp SQL注入漏洞

SalonErp is a salon management software by Thomas Sparber Personal Developer. A SQL injection vulnerability exists in SalonERP 3.0.1. The vulnerability allows an attacker to inject payloads using sql parameters in SQL queries when generating reports. After successfully discovering the login...

CVE-2018-15593

An issue was discovered in Ivanti Workspace Control before 10.3.10.0 and RES One Workspace. A local authenticated user can decrypt the encrypted datastore or relay server password by leveraging an unspecified attack vector...

CVE-2002-0706

UserManager.js in the Web Reports Server for SurfControl SuperScout WebFilter uses weak encryption for administrator functions, which allows remote attackers to decrypt the administrative password using a hard-coded key in a Javascript function...