CVE-2018-25361

Soroush IM Desktop App 0.17.0 contains an authentication bypass vulnerability that allows local attackers to remove passcodes by injecting pre-encrypted database entries using a constant encryption key. Attackers can inject malicious database records into the application's database files to unloc...

PT-2026-43214

Soroush IM Desktop App 0.17.0 contains an authentication bypass vulnerability that allows local attackers to remove passcodes by injecting pre-encrypted database entries using a constant encryption key. Attackers can inject malicious database records into the application's database files to unloc...

[SECURITY] Fedora 42 Update: keepassxc-2.7.10-4.fc42

KeePassXC is a community fork of KeePassX KeePassXC is an application for people with extremely high demands on secure personal data management. KeePassXC saves many different information e.g. user names, passwords, urls, attachemts and comments in one single database. For a better management...

EUVD-2022-24590

Malicious code in bioql PyPI...

CVE-2025-40757

A vulnerability has been identified in APOGEE PXC Series BACnet All versions, APOGEE PXC Series P2 Ethernet All versions, TALON TC Series BACnet All versions. Affected devices connected to the network allow unrestricted access to sensitive files, such as databases. This could allow an attacker to...

Siemens Apogee PXC and Talon TC Devices

SUMMARY Apogee PXC and Talon TC contain a vulnerability that could allow an attacker to download the device encrypted database file. Siemens is preparing fix versions and recommends specific countermeasures for products where fixes are not, or not yet available. 2. GENERAL RECOMMENDATIONS As a...

CVE-2025-24975 Firebird Non-Authorized Access to Encrypted Database Using Execute Statement on External

Firebird is a relational database. Prior to snapshot versions 4.0.6.3183, 5.0.2.1610, and 6.0.0.609, Firebird is vulnerable if ExtConnPoolSize is not set equal to 0. If connections stored in ExtConnPool are not verified for presence and suitability of the CryptCallback interface is used when...

CVE-2025-43925

An issue was discovered in Unicom Focal Point 7.6.1. The database is encrypted with a hardcoded key, making it easier to recover the cleartext data...

CVE-2022-1257

Insecure storage of sensitive information vulnerability in MA for Linux, macOS, and Windows prior to 5.7.6 allows a local user to gain access to sensitive information through storage in ma.db. The sensitive information has been moved to encrypted database files...

Default credentials

Encrypted database credentials in LaborOfficeFree affecting version 19.10. This vulnerability allows an attacker to read and extract the username and password from the database of 'LOFservice.exe' and 'LaborOfficeFree.exe' located in the '%programfilesx86%\LaborOfficeFree' directory. This user ca...

CVE-2024-1344 Encrypted database credentials in LaborOfficeFree

Encrypted database credentials in LaborOfficeFree affecting version 19.10. This vulnerability allows an attacker to read and extract the username and password from the database of 'LOFservice.exe' and 'LaborOfficeFree.exe' located in the '%programfilesx86%\LaborOfficeFree' directory. This user ca...

McAfee Agent 安全漏洞

The Mcafee McAfee Agent MA is a set of client-side components from Mcafee, Inc. that provides secure communication between ePolicy Orchestrator antivirus management platform and managed products. A security vulnerability previously existed in McAfee Agent for Linux, macOS, and Windows 5.7.6 that...

UBUNTU-CVE-2021-22170

Assuming a database breach, nonce reuse issues in GitLab 11.6+ allows an attacker to decrypt some of the database's encrypted content...

Ivanti Workspace Control and RES One Workspace Information Disclosure Vulnerability

Ivanti Workspace Control formerly known as RES One Workspace is a set of workspace control software from the American company Ivanti. The software includes features such as user management, application management and report management. A security vulnerability exists in Ivanti Workspace Control...

Arbitrary file deletion

In postgresql 9.3.x before 9.3.21, 9.4.x before 9.4.16, 9.5.x before 9.5.11, 9.6.x before 9.6.7 and 10.x before 10.2, pgupgrade creates file in current working directory containing the output of pgdumpall -g under umask which was in effect when the user invoked pgupgrade, and not under 0077 which...

Restoring Encrypted Databases with Veeam Explorer for Microsoft SQL Server

Challenge Restoring an encrypted database with Veeam Explorer for Microsoft SQL Server fails with one of the following errors: Cannot find server certificate with thumbprint '' Transparent Data Encryption is not available in the edition of this SQL Server instance. You are unable to check "Perfor...

Данные из взломанного процессинга Хронопэй

Ровно неделя прошла с момента опубликования заявления группы хакеров о взломе платежной системы «Chronopay», краже массива кредитных карт http://chronoplay.livejournal.com/586.html и личных данных миллионов россиян. Поскольку официальные лица компании продолжают делать вид, что ничего не произошл...