EUVD-2025-20193

Malicious code in bioql PyPI...

CVE-2025-41672

A remote unauthenticated attacker may use default certificates to generate JWT Tokens and gain full access to the tool and all connected devices...

CVE-2025-41672

A remote unauthenticated attacker may use default certificates to generate JWT Tokens and gain full access to the tool and all connected devices...

WAGO Device Sphere 安全漏洞

WAGO Device Sphere is a device management system from WAGO Germany. A security vulnerability exists in WAGO Device Sphere, which can be exploited by a remote, unauthenticated attacker to generate a JWT token using default certificates to gain full access...

PT-2025-28136

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: A remote unauthenticated attacker may use default certificates to generate JWT Tokens and gain full access to the tool and all connected devices. Recommendations: At the moment, there is no...

CVE-2024-7346

Host name validation for TLS certificates is bypassed when the installed OpenEdge default certificates are used to perform the TLS handshake for a networked connection. This has been corrected so that default certificates are no longer capable of overriding host name validation and will need to b...

CVE-2024-7346

Host name validation for TLS certificates is bypassed when the installed OpenEdge default certificates are used to perform the TLS handshake for a networked connection. This has been corrected so that default certificates are no longer capable of overriding host name validation and will need to b...

PT-2024-38279 · Progress · Openedge

Name of the Vulnerable Software and Affected Versions: OpenEdge affected versions not specified Description: The issue concerns the bypassing of host name validation for TLS certificates when using the installed OpenEdge default certificates to perform the TLS handshake for a networked connection...

SpliceCom Maximiser Soft PBX Security Breach

Splicecom Maximiser Soft PBX is an IP phone. A security vulnerability exists in SpliceCom Maximiser Soft PBX v1.5 version and earlier versions, which stems from the use of default SSL certificates...

CVE-2019-3710

Dell EMC Networking OS10 versions prior to 10.4.3 contain a cryptographic key vulnerability due to an underlying application using undocumented, pre-installed X.509v3 key/certificate pairs. An unauthenticated remote attacker with the knowledge of the default keys may potentially be able to...

Cisco Elastic Services Controller Unauthorized Access Vulnerability

Cisco Elastic Services Controller ESC is an open source modular system from Cisco USA. A security vulnerability exists in Play Framework in Cisco ESC versions prior to 2.3.1.434 and prior to 2.3.2, which stems from the use of static default certificates in the Cisco ESC UI. A remote attacker coul...

Unspecified Vulnerability in Barracuda Networks Web Filter

Barracuda Networks Web Filter is a Web security gateway from Barracuda Networks USA. The gateway supports content filtering, advanced policies, and web threat protection. A security vulnerability exists in versions prior to Barracuda Networks Web Filter 8.1.0.005, which stems from multiple device...