Intel Core Processors 安全漏洞

Intel Core Processors are central processing units CPUs from Intel Corporation in the Intel Core series. Intel Core Processors have a security vulnerability that arises from using the default encryption key, which may lead to an increase in privileges...

CVE-2026-33072 FileRise: Default Encryption Key Enables Token Forgery and Config Decryption

FileRise is a self-hosted web file manager / WebDAV server. In versions prior to 3.9.0, a hardcoded default encryption key defaultpleasechangethiskey is used for all cryptographic operations — HMAC token generation, AES config encryption, and session tokens — allowing any unauthenticated attacker...

CVE-2026-25815

Fortinet FortiOS through 7.6.6 allows attackers to decrypt LDAP credentials stored in device configuration files, as exploited in the wild from 2025-12-16 through 2026 by default, the encryption key is the same across all customers' installations. NOTE: the Supplier's position is that the instanc...

CVE-2026-25815

Fortinet FortiOS up to version 7.6.6 is affected: an issue in the LDAP credential encryption in device configuration files allows attackers to decrypt credentials due to a common encryption key used across all installations. The vulnerability has been observed as exploited in the wild (around 202...

PT-2026-6632

Name of the Vulnerable Software and Affected Versions Fortinet FortiOS versions through 7.6.6 Description Fortinet FortiOS through version 7.6.6 allows attackers to decrypt LDAP credentials stored in device configuration files. This issue was exploited in the wild between December 16, 2025, and...

Cleartext Password Disclosure

Apache Syncope is vulnerable to Cleartext Password Disclosure. The issue arises from use of a hard-coded default AES key when AES-based password storage is enabled, allowing an attacker with access to the internal database to decrypt and recover user passwords...

Exploit for CVE-2025-41744

Lab: CVE-2025-41744 - Use of Default Cryptographic Key in Spre...

Sprecher Automation SPRECON-E-C和Sprecher Automation SPRECON-E-P 安全漏洞

The Sprecher Automation SPRECON-E-C and Sprecher Automation SPRECON-E-P are both an automation control and remote control device from Sprecher Automation of Austria. A security vulnerability exists in the Sprecher Automation SPRECON-E-C and Sprecher Automation SPRECON-E-P, which stems from the us...

Sprecherautomation Sprecher SPRECON-E 安全漏洞

Sprecherautomation Sprecher SPRECON-E is a service package application from Sprecherautomation Austria that provides operational consulting, planning, development, engineering and equipment site installation, commissioning and operator training. A security vulnerability exists in Sprecherautomati...

EUVD-2020-26461

Malware in sbrugna...

EUVD-2021-27521

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2020-5248

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GLPI before before version 9.4.6 has a vulnerability involving a default encryption key. GLPIKEY is public and is used on every instance. This means anyone can...

Baicells NEUTRINO430 安全漏洞

Baicells NEUTRINO430 is an LTE base station from Baicells. A security vulnerability exists in the Baicells NEUTRINO430 that stems from the use of a default encryption key could lead to a security feature bypass...

Dell Client Platform 安全漏洞

Dell Client Platform is a client platform from Dell USA. A security vulnerability exists in the Dell Client Platform BIOS that stems from the use of a default encryption key. An attacker could exploit the vulnerability to execute arbitrary code...

Siemens Mendix 安全漏洞

The Mendix Encryption module takes care of the following encryption requirements: plain text encryption e.g. passwords and FileDocument encryption e.g. documents or photos. A hard-coded default encryption key vulnerability exists in the Siemens Mendix Encryption module, which can be exploited by ...

Baxter Welch Ally Connex Spot Monitor Security Vulnerability

Baxter Welch Ally Connex Spot Monitor is a monitor from Baxter, Inc. A security vulnerability exists in Baxter Welch Ally Connex Spot Monitor versions prior to 1.52 that stems from the use of a default encryption key...

CVE-2023-34258

An issue was discovered in BMC Patrol before 22.1.00. The agent's configuration can be remotely queried. This configuration contains the Patrol account password, encrypted with a default AES key. This account can then be used to achieve remote code execution...

PT-2023-24780 · Bmc · Bmc Patrol

Name of the Vulnerable Software and Affected Versions: BMC Patrol versions prior to 22.1.00 Description: An issue was discovered where the agent's configuration can be remotely queried, containing the Patrol account password encrypted with a default AES key. This account can then be used to achie...

CVE-2021-40342 Use of default key for encryption

In the DES implementation, the affected product versions use a default key for encryption. Successful exploitation allows an attacker to obtain sensitive information and gain access to the network elements that are managed by the affected products versions. This issue affects FOXMAN-UN product:...

CVE-2020-5248

GLPI before before version 9.4.6 has a vulnerability involving a default encryption key. GLPIKEY is public and is used on every instance. This means anyone can decrypt sensitive data stored using this key. It is possible to change the key before installing GLPI. But on existing instances, data mu...