CVE-2025-26469

An incorrect default permissions vulnerability exists in the CServerSettings::SetRegistryValues functionality of MedDream PACS Premium 7.3.3.840. A specially crafted application can decrypt credentials stored in a configuration-related registry key. An attacker can execute a malicious script or...

CVE-2025-26469

CVE-2025-26469 affects MedDream PACS Premium 7.3.3.840. Cisco Talos reports an incorrect default permissions issue in CServerSettings::SetRegistryValues. This misconfiguration allows anyone with login access to read registry-stored credentials and decrypt them using RC4 with a hardcoded key, givi...

MedDream PACS Premium 安全漏洞

MedDream PACS Premium is an enterprise-class image storage and management server suite from MedDream. A security bypass vulnerability exists in MedDream PACS Premium that stems from improper default permissions in the CServerSettings::SetRegistryValues function, which can be exploited by an...

PT-2025-31101 · Unknown · Meddream Pacs Premium

Name of the Vulnerable Software and Affected Versions: MedDream PACS Premium version 7.3.3.840 Description: An incorrect default permissions vulnerability exists in the CServerSettings::SetRegistryValues functionality. A specially crafted application can decrypt credentials stored in a...

CVE-2025-52373

Use of hardcoded cryptographic key in BlowFish.cpp in hMailServer 5.8.6 and 5.6.9-beta allows attacker to decrypt passwords used in database connections from hMailServer.ini config file...

PT-2025-33788

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.15.0-rc7 for upstream min debug 2025 05 27 22 44 Description: A flaw exists in the Linux kernel's net/mlx5e module related to handling XFRM eXact Forwarding Path states during packet decryption. Specifically, ...

Security update for libgcrypt

This update for libgcrypt fixes the following issues: CVE-2024-2236: timing-based side-channel flaw in RSA implementation can lead to decryption of RSA ciphertexts bsc1221107. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or...

SUSE-SU-2025:02464-1 Security update for libgcrypt

This update for libgcrypt fixes the following issues: - CVE-2024-2236: timing-based side-channel flaw in RSA implementation can lead to decryption of RSA ciphertexts bsc1221107...

Use of Hard-coded Cryptographic Key

Overview Affected versions of this package are vulnerable to Use of Hard-coded Cryptographic Key via the use of hardcoded cryptographic key in Encryption.cs. A local attacker can obtain decrypted credentials to other servers from hMailAdmin.exe.config file and access other hMailServer admin...

CVE-2025-52374

Use of hardcoded cryptographic key in Encryption.cs in hMailServer 5.8.6 and 5.6.9-beta allows attacker to decrypt passwords to other servers from hMailAdmin.exe.config file to access other hMailServer admin consoles with configured connections...

CVE-2025-52374

Use of hardcoded cryptographic key in Encryption.cs in hMailServer 5.8.6 and 5.6.9-beta allows attacker to decrypt passwords to other servers from hMailAdmin.exe.config file to access other hMailServer admin consoles with configured connections...

CVE-2025-52373

The CVE-2025-52373 entry describes a vulnerability in hMailServer where a hardcoded cryptographic key in BlowFish.cpp affects versions 5.8.6 and 5.6.9-beta. This enables an attacker to decrypt passwords used for database connections from hMailServer.ini. The impact is disclosure of stored DB cred...

CVE-2025-52374

Use of hardcoded cryptographic key in Encryption.cs in hMailServer 5.8.6 and 5.6.9-beta allows attacker to decrypt passwords to other servers from hMailAdmin.exe.config file to access other hMailServer admin consoles with configured connections...

CVE-2025-52374

Use of hardcoded cryptographic key in Encryption.cs in hMailServer 5.8.6 and 5.6.9-beta allows attacker to decrypt passwords to other servers from hMailAdmin.exe.config file to access other hMailServer admin consoles with configured connections...

PT-2025-30302 · Unknown · Hmailserver

Name of the Vulnerable Software and Affected Versions: hMailServer versions 5.6.9-beta through 5.8.6 Description: The software uses a hardcoded cryptographic key in the Encryption.cs file. This allows an attacker to decrypt passwords for other servers stored in the hMailAdmin.exe.config file,...

CVE-2025-52373

Use of hardcoded cryptographic key in BlowFish.cpp in hMailServer 5.8.6 and 5.6.9-beta allows attacker to decrypt passwords used in database connections from hMailServer.ini config file...

Ivanti Endpoint Manager Encryption Misuse Vulnerability (CNVD-2025-18155)

Ivanti Endpoint Manager is a comprehensive endpoint management solution developed by Ivanti to manage all endpoint devices in an enterprise network. An encryption misuse vulnerability exists in Ivanti Endpoint Manager, which can be exploited by an attacker to decrypt other users' passwords...

Covert Timing Channel

Overview Affected versions of this package are vulnerable to Covert Timing Channel in block cipher padding removal. An attacker can recover plaintext data by exploiting timing discrepancies during decryption when PKCS7 padding mode is used. Remediation Upgrade mbedtls to version 3.6.4 or higher...

CVE-2025-6982

Use of Hard-coded Credentials in TP-Link Archer C50 V3 = 180703/V4 = 250117 /V5 = 200407 , and C20 V5...

CVE-2025-6982

Use of Hard-coded Credentials in TP-Link Archer C50 V3 = 180703/V4 = 250117 /V5 = 200407 , and C20 V5 USV5260419 or EUV5260317 allows attackers to decrypt the config.xml files...