OESA-2025-2324 python-pyinstaller security update

PyInstaller bundles a Python application and all its dependencies into a single package. The user can run the packaged app without installing a Python interpreter or any modules. Security Fixes: Due to a special entry being appended to sys.path during the bootstrap process of a PyInstaller-frozen...

CVE-2025-60250

Unitree Go2, G1, H1, and B2 devices through 2025-09-20 decrypt BLE packet data by using the df98b715d5c6ed2b25817b6f2554124a key and the 2841ae97419c2973296a0d4bdfe19a4f IV...

CVE-2025-60250

Unitree Go2, G1, H1, and B2 devices have a vulnerability (CVE-2025-60250) where BLE packet data can be decrypted using the specific key df98b715d5c6ed2b25817b6f2554124a and IV 2841ae97419c2973296a0d4bdfe19a4f. Connected sources confirm this cryptographic exposure through 2025-09-20; CVSS shows Ad...

PT-2025-39470

Name of the Vulnerable Software and Affected Versions Unitree Go2, G1, H1, and B2 devices through 2025-09-20 Description The devices decrypt Bluetooth Low Energy BLE packet data using a fixed key df98b715d5c6ed2b25817b6f2554124a and Initialization Vector IV 2841ae97419c2973296a0d4bdfe19a4f. This...

CVE-2025-60250

Unitree Go2, G1, H1, and B2 devices through 2025-09-20 decrypt BLE packet data by using the df98b715d5c6ed2b25817b6f2554124a key and the 2841ae97419c2973296a0d4bdfe19a4f IV...

CVE-2025-60250

Unitree Go2, G1, H1, and B2 devices through 2025-09-20 decrypt BLE packet data by using the df98b715d5c6ed2b25817b6f2554124a key and the 2841ae97419c2973296a0d4bdfe19a4f IV...

CVE-2025-54754 Cognex In-Sight Explorer and In-Sight Camera Firmware Use of Hard-coded Password

An attacker with adjacent access, without authentication, can exploit this vulnerability to retrieve a hard-coded password embedded in publicly available software. This password can then be used to decrypt sensitive network traffic, affecting the Cognex device...

CVE-2025-54754 Cognex In-Sight Explorer and In-Sight Camera Firmware Use of Hard-coded Password

An attacker with adjacent access, without authentication, can exploit this vulnerability to retrieve a hard-coded password embedded in publicly available software. This password can then be used to decrypt sensitive network traffic, affecting the Cognex device...

CVE-2025-55112

Out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 and potentially earlier unsupported versions that are configured to use the non-default Blowfish cryptography algorithm use a hardcoded key. An attacker with access to network traffic and to this key could decrypt network traffic between th...

Cognex多款产品 安全漏洞

Cognex In-Sight Explorer and Cognex In-Sight Camera Firmware are both products of Cognex Corporation, U.S.A. Cognex In-Sight Explorer is a tool that has the ability to debug and program the software of its line of smart cameras.Cognex In-Sight Camera Firmware is firmware for a range of smart...

CVE-2025-55112

Out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 and potentially earlier unsupported versions that are configured to use the non-default Blowfish cryptography algorithm use a hardcoded key. An attacker with access to network traffic and to this key could decrypt network traffic between th...

CVE-2025-55112

Out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 and potentially earlier unsupported versions that are configured to use the non-default Blowfish cryptography algorithm use a hardcoded key. An attacker with access to network traffic and to this key could decrypt network traffic between th...

CVE-2025-55112 BMC Control-M/Agent hardcoded Blowfish keys

Out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 and potentially earlier unsupported versions that are configured to use the non-default Blowfish cryptography algorithm use a hardcoded key. An attacker with access to network traffic and to this key could decrypt network traffic between th...

CVE-2025-55112

Control-M/Agent, versions 9.0.18–9.0.20 (out-of-support) configured to use a non-default Blowfish encryption implementation rely on a hardcoded key, enabling an attacker with access to network traffic and the key to decrypt traffic between the Control-M/Agent and the Server. Root cause: hardcoded...

CVE-2025-55112 BMC Control-M/Agent hardcoded Blowfish keys

Out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 and potentially earlier unsupported versions that are configured to use the non-default Blowfish cryptography algorithm use a hardcoded key. An attacker with access to network traffic and to this key could decrypt network traffic between th...

BMC Control-M 安全漏洞

BMC Control-M is an application from BMC, Inc. simplifies application and data workflow orchestration locally or as a service. A security vulnerability exists in BMC Control-M versions 9.0.18 through 9.0.20, which stems from the Blowfish encryption algorithm that uses a hard-coded key, and could...

PT-2025-37942

Name of the Vulnerable Software and Affected Versions: Control-M/Agent versions 9.0.18 through 9.0.20 Description: Out-of-support versions of Control-M/Agent configured to use the non-default Blowfish cryptography algorithm utilize a hardcoded key. An attacker with network access and knowledge of...

Amazon Linux 2 : kernel, --advisory ALAS2KERNEL-5.10-2025-104 (ALASKERNEL-5.10-2025-104)

The version of kernel installed on the remote host is prior to 5.10.242-239.961. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.10-2025-104 advisory. In the Linux kernel, the following vulnerability has been resolved: btrfs: fix deadlock when cloning...

CVE-2025-7970

A security issue exists within FactoryTalk Activation Manager. An error in the implementation of cryptography within the software could allow attackers to decrypt traffic. This could result in data exposure, session hijacking, or full communication compromise...

CVE-2024-45671

IBM Security Verify Information Queue 10.0.5, 10.0.6, 10.0.7, and 10.0.8 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information...