Lucene search
K

139 matches found

Vulnrichment
Vulnrichment
added 2025/12/02 10:38 a.m.3 views

CVE-2025-41744 Sprecher Automation: SPRECON-E series has static default key material for TLS connections

Sprecher Automations SPRECON-E series uses default cryptographic keys that allow an unprivileged remote attacker to access all encrypted communications, thereby compromising confidentiality and integrity...

9.1CVSS6.6AI score0.00366EPSS
Exploits4References1
CNNVD
CNNVD
added 2025/12/02 12:0 a.m.9 views

Arcade MCP Server Framework 信任管理问题漏洞

Arcade MCP Server Framework is an open source MCP server framework from Arcade.dev. A trust management issue vulnerability exists in Arcade MCP Server Framework versions prior to 1.5.4, which stems from hard-coding the default working key, which could lead to bypassing the authentication layer...

6.5CVSS6.6AI score0.00281EPSS
Exploits0References4
OSV
OSV
added 2025/11/24 3:30 p.m.3 views

GHSA-JQG8-M35Q-JH7J Apache Syncope's AES encryption stores hard-coded passwords in internal database

Apache Syncope can be configured to store the user password values in the internal database with AES encryption, though this is not the default option. When AES is configured, the default key value, hard-coded in the source code, is always used. This allows a malicious attacker, once obtained...

7.5CVSS6.7AI score0.00448EPSS
Exploits0References6
CVE
CVE
added 2025/11/24 1:47 p.m.42 views

CVE-2025-65998

CVE-2025-65998 affects Apache Syncope where storing user passwords in the internal database with AES can expose cleartext passwords if the AES key is hard-coded in the source. The issue occurs when the AES option is enabled; the default key value is always used, enabling an attacker with internal...

7.5CVSS6.4AI score0.00448EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2025/10/08 2:15 p.m.3 views

CVE-2025-60830

redragon-erp v1.0 was discovered to contain a Shiro deserialization vulnerability caused by the default Shiro key...

6.5CVSS5.8AI score0.00334EPSS
Exploits1References2
NVD
NVD
added 2025/10/08 2:15 p.m.21 views

CVE-2025-60830

redragon-erp v1.0 was discovered to contain a Shiro deserialization vulnerability caused by the default Shiro key...

6.5CVSS0.00334EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/10/08 12:0 a.m.4 views

CVE-2025-60830

redragon-erp v1.0 was discovered to contain a Shiro deserialization vulnerability caused by the default Shiro key...

7AI score0.00334EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/10/08 12:0 a.m.10 views

PT-2025-41265

Name of the Vulnerable Software and Affected Versions redragon-erp version 1.0 Description The software contains a Shiro deserialization issue stemming from the use of a default Shiro key. This could allow for unauthorized access or control of the system. Recommendations Replace the default Shiro...

6.5CVSS6.7AI score0.00334EPSS
Exploits1References5
CVE
CVE
added 2025/10/08 12:0 a.m.18 views

CVE-2025-60830

The CVE-2025-60830 entry affects redragon-erp v1.0, where a Shiro deserialization vulnerability arises from the default Shiro key. The issue enables deserialization-based impact on the application as described in multiple sources (Red Hat, NVD, CNNVD), with impact: partial integrity and low avail...

6.5CVSS7AI score0.00334EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2025/10/08 12:0 a.m.11 views

CVE-2025-60830

redragon-erp v1.0 was discovered to contain a Shiro deserialization vulnerability caused by the default Shiro key...

0.00334EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2016-6284

Malware in sbrugna...

9.8CVSS9.4AI score0.02509EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2021-27986

Malicious code in bioql PyPI...

8.6CVSS8.6AI score0.01125EPSS
Exploits0References2
CVE
CVE
added 2025/09/09 6:52 p.m.13 views

CVE-2025-55049

CVE-2025-55049: Use of a default cryptographic key (CWE-1394) with a root cause of hard-coded/public key in affected components. Concrete detail in sources identifies Baicells NEUTRINO430 LTE base stations as affected; other entries confirm the vulnerability name. Exploitation status is not provi...

9.1CVSS6.5AI score0.00276EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/09/04 8:31 p.m.13 views

CVE-2025-8300

Realtek rtl81xx SDK Wi-Fi Driver rtwlanu Heap-based Buffer Overflow Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Realtek rtl81xx SDK Wi-Fi driver. An attacker must first obtain the ability to execute...

8.8CVSS7.7AI score0.00137EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/09/04 8:31 p.m.19 views

CVE-2025-8302

Realtek rtl81xx SDK Wi-Fi Driver rtwlanu Heap-based Buffer Overflow Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Realtek rtl81xx SDK Wi-Fi driver. An attacker must first obtain the ability to execute...

8.8CVSS7.7AI score0.00137EPSS
Exploits0References1
NVD
NVD
added 2025/09/02 8:15 p.m.6 views

CVE-2025-8302

Realtek rtl81xx SDK Wi-Fi Driver rtwlanu Heap-based Buffer Overflow Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Realtek rtl81xx SDK Wi-Fi driver. An attacker must first obtain the ability to execute...

8.8CVSS0.00137EPSS
Exploits0References1
OSV
OSV
added 2025/09/02 8:15 p.m.2 views

CVE-2025-8302

Realtek rtl81xx SDK Wi-Fi Driver rtwlanu Heap-based Buffer Overflow Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Realtek rtl81xx SDK Wi-Fi driver. An attacker must first obtain the ability to execute...

8.8CVSS6.2AI score0.00137EPSS
Exploits0References1
CVE
CVE
added 2025/09/02 8:2 p.m.23 views

CVE-2025-8300

Realtek rtl81xx SDK Wi‑Fi Driver rtwlanu vulnerability (CVE-2025-8300): a heap-based overflow in N6CSet_DOT11_CIPHER_DEFAULT_KEY due to inadequate validation of user data length, enabling local privilege escalation to SYSTEM after an attacker gains low-privilege code execution. Affected component...

8.8CVSS7.1AI score0.00137EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/09/02 8:2 p.m.30 views

CVE-2025-8300 Realtek rtl81xx SDK Wi-Fi Driver rtwlanu Heap-based Buffer Overflow Local Privilege Escalation Vulnerability

Realtek rtl81xx SDK Wi-Fi Driver rtwlanu Heap-based Buffer Overflow Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Realtek rtl81xx SDK Wi-Fi driver. An attacker must first obtain the ability to execute...

8.8CVSS0.00137EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/09/02 12:0 a.m.7 views

Realtek RTL8811AU 安全漏洞

The Realtek RTL8811AU is a controller chip from Realtek Semiconductor Realtek, a Chinese company. A security vulnerability exists in the Realtek RTL8811AU that stems from insufficient validation of the N6CSetDOT11CIPHERDEFAULTKEY function, which could lead to local elevation of privilege...

7.8CVSS7.3AI score0.00137EPSS
Exploits0References2
Rows per page
Query Builder