5908 matches found
CVE-2025-13399
A weakness in the web interface’s application layer encryption in VX800v v1.0 allows an adjacent attacker to brute force the weak AES key and decrypt intercepted traffic. Successful exploitation requires network proximity but no authentication, and may result in high impact to confidentiality,...
CVE-2025-13399 Insecure Encryption in Communication with the Web Interface on TP-Link VX800v
A weakness in the web interface’s application layer encryption in VX800v v1.0 allows an adjacent attacker to brute force the weak AES key and decrypt intercepted traffic. Successful exploitation requires network proximity but no authentication, and may result in high impact to confidentiality,...
CVE-2026-24772
OpenProject is an open-source, web-based project management software. To enable the real time collaboration on documents, OpenProject 17.0 introduced a synchronization server. The OpenPrioject backend generates an authentication token that is currently valid for 24 hours, encrypts it with a share...
CVE-2025-57796
Explorance Blue versions prior to 8.14.12 use reversible symmetric encryption with a hardcoded static key to protect sensitive data, including user passwords and system configurations. This approach allows stored values to be decrypted offline if the encrypted data are obtained...
CVE-2025-57796
Explorance Blue versions prior to 8.14.12 use reversible symmetric encryption with a hardcoded static key to protect sensitive data, including user passwords and system configurations. This approach allows stored values to be decrypted offline if the encrypted data are obtained...
CVE-2026-24772
OpenProject 17.0 introduced a synchronization server that exchanges an encrypted authentication token with the backend. The backend generates a 24-hour token, encrypted with a shared secret, which the frontend passes to the synchronization server. The synchronization server fails to validate the ...
CVE-2026-24772 OpenProject has SSRF and CSWSH in Hocuspocus Synchronization Server
OpenProject is an open-source, web-based project management software. To enable the real time collaboration on documents, OpenProject 17.0 introduced a synchronization server. The OpenPrioject backend generates an authentication token that is currently valid for 24 hours, encrypts it with a share...
CVE-2026-24772 OpenProject has SSRF and CSWSH in Hocuspocus Synchronization Server
OpenProject is an open-source, web-based project management software. To enable the real time collaboration on documents, OpenProject 17.0 introduced a synchronization server. The OpenPrioject backend generates an authentication token that is currently valid for 24 hours, encrypts it with a share...
CVE-2025-57796
Explorance Blue versions prior to 8.14.12 use reversible symmetric encryption with a hardcoded static key to protect sensitive data, including user passwords and system configurations. This approach allows stored values to be decrypted offline if the encrypted data are obtained...
CVE-2025-57796 Use of a hardcoded static key to protect sensitive data in Explorance Blue
Explorance Blue versions prior to 8.14.12 use reversible symmetric encryption with a hardcoded static key to protect sensitive data, including user passwords and system configurations. This approach allows stored values to be decrypted offline if the encrypted data are obtained...
EUVD-2025-206466
Explorance Blue versions prior to 8.14.12 use reversible symmetric encryption with a hardcoded static key to protect sensitive data, including user passwords and system configurations. This approach allows stored values to be decrypted offline if the encrypted data are obtained...
CVE-2025-57796 Use of a hardcoded static key to protect sensitive data in Explorance Blue
Explorance Blue versions prior to 8.14.12 use reversible symmetric encryption with a hardcoded static key to protect sensitive data, including user passwords and system configurations. This approach allows stored values to be decrypted offline if the encrypted data are obtained...
CVE-2025-57796
CVE-2025-57796 concerns Explorance Blue versions prior to 8.14.12 that use reversible symmetric encryption with a hardcoded static key to protect sensitive data (including user passwords and system configurations). The design allows offline decryption if encrypted data are obtained, representing ...
Security update for the Linux Kernel
The SUSE Linux Enterprise 15 SP5 kernel was updated to fix various security issues The following security issues were fixed: CVE-2022-50630: mm: hugetlb: fix UAF in hugetlbhandleuserfault bsc1254785. CVE-2022-50700: wifi: ath10k: Delay the unmapping of the buffer bsc1255576. CVE-2023-53254:...
CVE-2025-41351
Vulnerability that allows a Padding Oracle Attack to be performed on the Funambol v30.0.0.20 cloud server. The thumbnail display URL allows an attacker to decrypt and encrypt the parameters used by the application to generate ‘self-signed’ access URLs...
CVE-2025-41351 Weak encryption on Funambol's cloud server
Vulnerability that allows a Padding Oracle Attack to be performed on the Funambol v30.0.0.20 cloud server. The thumbnail display URL allows an attacker to decrypt and encrypt the parameters used by the application to generate ‘self-signed’ access URLs...
Explorance Blue security vulnerabilities
Explorance Blue is a learning experience management software developed by the Canadian company Explorance. Versions of Explorance Blue prior to 8.14.12 contained security vulnerabilities. These vulnerabilities stemmed from the use of reversible symmetric encryption with hardcoded static keys to...
PT-2026-5175
Explorance Blue versions prior to 8.14.12 use reversible symmetric encryption with a hardcoded static key to protect sensitive data, including user passwords and system configurations. This approach allows stored values to be decrypted offline if the encrypted data are obtained...
AZL-75911 CVE-2025-69421 affecting package edk2 for versions less than 20240524git3e722403cd16-14
Issue summary: Processing a malformed PKCS12 file can trigger a NULL pointer dereference in the PKCS12itemdecryptd2iex function. Impact summary: A NULL pointer dereference can trigger a crash which leads to Denial of Service for an application processing PKCS12 files. The PKCS12itemdecryptd2iex...
CVE-2025-69421
Issue summary: Processing a malformed PKCS12 file can trigger a NULL pointer dereference in the PKCS12itemdecryptd2iex function. Impact summary: A NULL pointer dereference can trigger a crash which leads to Denial of Service for an application processing PKCS12 files. The PKCS12itemdecryptd2iex...