CVE-2025-6995 Improper Encryption in Ivanti Endpoint Manager

Improper use of encryption in the agent of Ivanti Endpoint Manager before version 2024 SU3 and 2022 SU8 Security Update 1 allows a local authenticated attacker to decrypt other users’ passwords...

CVE-2025-6995 Improper Encryption in Ivanti Endpoint Manager

Improper use of encryption in the agent of Ivanti Endpoint Manager before version 2024 SU3 and 2022 SU8 Security Update 1 allows a local authenticated attacker to decrypt other users’ passwords...

PT-2025-28466 · Ivanti · Ivanti Endpoint Manager

Name of the Vulnerable Software and Affected Versions: Ivanti Endpoint Manager versions prior to 2024 SU3 Ivanti Endpoint Manager versions prior to 2022 SU8 Security Update 1 Description: The issue is related to the improper use of encryption in the agent of Ivanti Endpoint Manager. This allows a...

PT-2025-28467 · Ivanti · Ivanti Endpoint Manager

Name of the Vulnerable Software and Affected Versions: Ivanti Endpoint Manager versions prior to 2024 SU3 Ivanti Endpoint Manager versions prior to 2022 SU8 Security Update 1 Description: The issue is related to the improper use of encryption in the agent of Ivanti Endpoint Manager. This allows a...

Ivanti Endpoint Manager 安全漏洞

Ivanti Endpoint Manager is a comprehensive endpoint management solution developed by Ivanti to manage all endpoint devices in an enterprise network. Ivanti Endpoint Manager suffers from a cryptographic misuse vulnerability that stems from an incorrect cryptographic implementation, which can be...

CVE-2025-6071

Use of Hard-coded Cryptographic Key vulnerability in ABB RMC-100, ABB RMC-100 LITE. An attacker can gain access to salted information to decrypt MQTT information. This issue affects RMC-100: from 2105457-043 through 2105457-045; RMC-100 LITE: from 2106229-015 through 2106229-016...

CVE-2025-6071

Use of Hard-coded Cryptographic Key vulnerability in ABB RMC-100, ABB RMC-100 LITE. An attacker can gain access to salted information to decrypt MQTT information. This issue affects RMC-100: from 2105457-043 through 2105457-045; RMC-100 LITE: from 2106229-015 through 2106229-016...

ABB RMC-100 安全漏洞

The ABB RMC-100 is a remote modular controller from ABB Switzerland. Capable of managing automation, liquid and gas measurements, asset data centralization for large production and transmission facilities. A security vulnerability exists in the ABB RMC-100 that stems from the use of hard-coded...

CVE-2025-34091

Rejected reason: Neither filed by Chrome nor a valid security vulnerability...

Security Bulletin: Cryptography expose cryptographic primitives and recipes

Summary cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Calling loadpempkcs7certificates or loadderpkcs7certificates could lead to a NULL-pointer dereference and segfault. Exploitation of this vulnerability poses a serious risk of Denial of...

CVE-2015-20112

RLPx 5 has two CTR streams based on the same key, IV, and nonce. This can facilitate decryption on a private network...

CVE-2015-20112

RLPx 5 has two CTR streams based on the same key, IV, and nonce. This can facilitate decryption on a private network...

Missing Cryptographic Step

Overview Affected versions of this package are vulnerable to Missing Cryptographic Step via the RLPx process. An attacker can potentially access confidential information by exploiting the use of two CTR streams that share the same key, IV, and nonce, which may allow decryption of network traffic...

CVE-2015-20112

RLPx 5 has two CTR streams based on the same key, IV, and nonce. This can facilitate decryption on a private network...

CVE-2015-20112

RLPx 5 has two CTR streams based on the same key, IV, and nonce. This can facilitate decryption on a private network...

CVE-2015-20112

CVE-2015-20112 concerns Ethereum’s RLPx 5 transport. The vulnerability arises because two CTR streams run from the same key, IV, and nonce, which could allow an adversary to decrypt traffic on a private network. Affected component: RLPx 5. Underlying issue: re-use of CTR parameters across streams...

📄 McAfee Agent 5.7.6 Insecure Storage

This script demonstrates the vulnerability in McAfee's Trellix Agent Database where attackers can retrieve and decrypt credentials from the ma.db database file. Version 5.7.6 is affected. Exploit Title: McAfee Agent 5.7.6 - Insecure Storage of Sensitive Information Date: 24 June 2025 Exploit...

Trend Makers Sight Bulb Pro 加密问题漏洞

Trend Makers Sight Bulb Pro is a camera from Trend Makers, Inc. The Trend Makers Sight Bulb Pro suffers from an encryption issue vulnerability that stems from the plaintext transfer of an AES key during initial setup, which could lead to the decryption of communications and the disclosure of...

McAfee Agent 5.7.6 - Insecure Storage of Sensitive Information

Exploit Title: McAfee Agent 5.7.6 - Insecure Storage of Sensitive Information Date: 24 June 2025 Exploit Author: Keenan Scott Vendor Homepage: hxxps://www.mcafee.com/ Software Download: N/A Unable to find Version: Arguments CmdletBinding param string$DbSource =...

CVE-2025-6513

Standard Windows users can access the configuration file for database access of the BRAIN2 application and decrypt it...