Intel Core Processors 安全漏洞

Intel Core Processors are central processing units CPUs from Intel Corporation in the Intel Core series. Intel Core Processors have a security vulnerability that arises from using the default encryption key, which may lead to an increase in privileges...

CVE-2026-33072 FileRise: Default Encryption Key Enables Token Forgery and Config Decryption

FileRise is a self-hosted web file manager / WebDAV server. In versions prior to 3.9.0, a hardcoded default encryption key defaultpleasechangethiskey is used for all cryptographic operations — HMAC token generation, AES config encryption, and session tokens — allowing any unauthenticated attacker...

CVE-2026-33072 FileRise: Default Encryption Key Enables Token Forgery and Config Decryption

FileRise is a self-hosted web file manager / WebDAV server. In versions prior to 3.9.0, a hardcoded default encryption key defaultpleasechangethiskey is used for all cryptographic operations — HMAC token generation, AES config encryption, and session tokens — allowing any unauthenticated attacker...

CVE-2026-25815

Fortinet FortiOS through 7.6.6 allows attackers to decrypt LDAP credentials stored in device configuration files, as exploited in the wild from 2025-12-16 through 2026 by default, the encryption key is the same across all customers' installations. NOTE: the Supplier's position is that the instanc...

CVE-2026-25815

Fortinet FortiOS up to version 7.6.6 is affected: an issue in the LDAP credential encryption in device configuration files allows attackers to decrypt credentials due to a common encryption key used across all installations. The vulnerability has been observed as exploited in the wild (around 202...

PT-2026-6632

Name of the Vulnerable Software and Affected Versions Fortinet FortiOS versions through 7.6.6 Description Fortinet FortiOS through version 7.6.6 allows attackers to decrypt LDAP credentials stored in device configuration files. This issue was exploited in the wild between December 16, 2025, and...

CVE-2025-64769

The Process Optimization application suite leverages connection channels/protocols that by-default are not encrypted and could become subject to hijacking or data leakage in certain man-in-the-middle or passive inspection scenarios...

Cleartext Password Disclosure

Apache Syncope is vulnerable to Cleartext Password Disclosure. The issue arises from use of a hard-coded default AES key when AES-based password storage is enabled, allowing an attacker with access to the internal database to decrypt and recover user passwords...

Exploit for CVE-2025-41744

Lab: CVE-2025-41744 - Use of Default Cryptographic Key in Spre...

Sprecher Automation SPRECON-E-C和Sprecher Automation SPRECON-E-P 安全漏洞

The Sprecher Automation SPRECON-E-C and Sprecher Automation SPRECON-E-P are both an automation control and remote control device from Sprecher Automation of Austria. A security vulnerability exists in the Sprecher Automation SPRECON-E-C and Sprecher Automation SPRECON-E-P, which stems from the us...

Sprecherautomation Sprecher SPRECON-E 安全漏洞

Sprecherautomation Sprecher SPRECON-E is a service package application from Sprecherautomation Austria that provides operational consulting, planning, development, engineering and equipment site installation, commissioning and operator training. A security vulnerability exists in Sprecherautomati...

Apache Spark Encryption Problem Vulnerability (CNVD-2025-25376)

Apache Spark is a large-scale data processing engine that supports acyclic data streaming and in-memory computing from the Apache Foundation. Apache Spark suffers from a cryptographic issue vulnerability that stems from the use of insecure default network encryption ciphers for inter-node RPC...

CVE-2025-55039

This issue affects Apache Spark versions before 3.4.4, 3.5.2 and 4.0.0. Apache Spark versions before 4.0.0, 3.5.2 and 3.4.4 use an insecure default network encryption cipher for RPC communication between nodes. When spark.network.crypto.enabled is set to true it is set to false by default, but...

EUVD-2020-26461

Malware in sbrugna...

EUVD-2021-27521

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2020-5248

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GLPI before before version 9.4.6 has a vulnerability involving a default encryption key. GLPIKEY is public and is used on every instance. This means anyone can...

Baicells NEUTRINO430 安全漏洞

Baicells NEUTRINO430 is an LTE base station from Baicells. A security vulnerability exists in the Baicells NEUTRINO430 that stems from the use of a default encryption key could lead to a security feature bypass...

📄 Xorux XorMon-NG 1.8 Information Disclosure

Xorux XorMon-NG versions 1.8 and below has an API endpoint that should be limited to web application administrators. It is hidden from, but accessible by, lower-level read only web application users. The endpoint can be used to export the appliance configuration, exposing sensitive information...

mall 安全漏洞

mall is an e-commerce system for macro individual developers, including a frontend mall system and a backend management system. A security vulnerability exists in mall version 1.0.3 and earlier versions, which stems from allowing the use of default encryption keys...

Dell Client Platform 安全漏洞

Dell Client Platform is a client platform from Dell USA. A security vulnerability exists in the Dell Client Platform BIOS that stems from the use of a default encryption key. An attacker could exploit the vulnerability to execute arbitrary code...