CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

18 matches found

NVD•added 2026/01/26 10:16 a.m.•3 views

CVE-2025-59107

Dormakaba provides the software FWServiceTool to update the firmware version of the Access Managers via the network. The firmware in some instances is provided in an encrypted ZIP file. Within this tool, the password used to decrypt the ZIP and extract the firmware is set statically and can be...

8.5CVSS0.00024EPSS

Exploits0References3

EUVD•added 2026/01/26 10:6 a.m.•4 views

EUVD-2025-206367

8.5CVSS5.9AI score0.00024EPSS

Exploits0References3

Cvelist•added 2026/01/26 10:6 a.m.•32 views

CVE-2025-59107 Static Firmware Encryption Password in dormakaba access manager

8.5CVSS0.00024EPSS

Exploits0References3

CVE•added 2026/01/26 10:6 a.m.•4 views

CVE-2025-59107

Dormakaba’s FWServiceTool uses an encrypted ZIP to deliver firmware for Access Managers. A static password is embedded to decrypt and extract the firmware, and this password has been valid across multiple firmware versions. This enables local access to firmware content, affecting confidentiality ...

8.5CVSS5.9AI score0.00024EPSS

Exploits0References3

Positive Technologies•added 2026/01/26 12:0 a.m.•3 views

PT-2026-4757

8.5CVSS5.9AI score0.00024EPSS

Exploits0References4

The Hacker News•added 2025/11/11 3:44 p.m.•4 views

GootLoader Is Back, Using a New Font Trick to Hide Malware on WordPress Sites

The malware known as GootLoader has resurfaced yet again after a brief spike in activity earlier this March, according to new findings from Huntress. The cybersecurity company said it observed three GootLoader infections since October 27, 2025, out of which two resulted in hands-on keyboard...

6.8AI score

Exploits0

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2004-2340

Malware in sbrugna...

5CVSS6.4AI score0.00763EPSS

Exploits0References5

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2019-13515

Malware in sbrugna...

7.5CVSS7.5AI score0.00639EPSS

Exploits0References3

Veracode•added 2023/02/17 7:54 a.m.•32 views

Improper Signature Validation

Zip4j is vulnerable to Improper Signature Validation. The vulnerability is due to improper AES Message Authentication Code MAC validation when the MAC signature got corrupted in an encrypted ZIP archive. This flaw can result in an attacker modifying the archive without the library detecting the...

5.9CVSS6.1AI score0.00261EPSS

Exploits1References11Affected Software1

Hacker One•added 2020/12/27 8:52 a.m.•40 views

h1-ctf: [ Hacky Holidays CTF ] Completely taken down the Grinch Networks

Day 1 - Robot flag We're presented with sample ui page without any function. So I guessed content discovery is the best way to find flag. And robots.txt came to my mind and found the flag. https://hackyholidays.h1ctf.com/robots.txt Response User-agent: Disallow: /s3cr3t-ar3a Flag:...

6.8AI score

Exploits0

HackRead•added 2020/08/10 4:3 p.m.•17 views

Researcher retrieves $300,000 worth of Bitcoin from an encrypted Zip file

By Waqas An investor had locked $300k worth of Bitcoin in an encrypted Zip file and forgot its password. This is a post from HackRead.com Read the original post: Researcher retrieves $300,000 worth of Bitcoin from an encrypted Zip file...

1.1AI score

Exploits0

NVD•added 2019/01/18 6:29 p.m.•7 views

CVE-2019-3908

Premisys Identicard version 3.1.190 stores backup files as encrypted zip files. The password to the zip is hard-coded and unchangeable. An attacker with access to these backups can decrypt them and obtain sensitive data...

7.5CVSS7.9AI score0.00639EPSS

Exploits0References2

Prion•added 2019/01/18 6:29 p.m.•12 views

Hardcoded credentials

5CVSS7.8AI score0.00639EPSS

Exploits0References2Affected Software1

CVE•added 2019/01/18 6:0 p.m.•43 views

CVE-2019-3908

CVE-2019-3908 affects Premisys Identicard v3.1.190 where backups are stored as encrypted zip files with a hard-coded, non-changeable password, enabling decrypting backups if accessible. The ICSA/ICS-CERT advisory confirms the vulnerability class and that versions prior to 4.2 are affected; mitiga...

7.5CVSS7.5AI score0.00639EPSS

Exploits0References2Affected Software1

Positive Technologies•added 2019/01/18 12:0 a.m.•1 views

PT-2019-16763 · Premisys · Premisys Identicard

Name of the Vulnerable Software and Affected Versions: Premisys Identicard version 3.1.190 Description: The issue concerns the storage of backup files as encrypted zip files with a hard-coded and unchangeable password. This allows an attacker with access to these backups to decrypt them and obtai...

7.5CVSS7.5AI score0.00639EPSS

Exploits0References3

CVE•added 2005/08/16 4:0 a.m.•45 views

CVE-2004-2348

CVE-2004-2348 affects Sybari AntiGen for Domino 7.0 Build 722 SR2. The vulnerability allows remote attackers to cause a denial of service (hang) by processing an encrypted ZIP file with the “include full path info” option, as observed in variants of the Beagle/Bagle worm. The available documents ...

5CVSS7AI score0.00763EPSS

Exploits0References4Affected Software1

Cvelist•added 2005/08/16 4:0 a.m.•13 views

CVE-2004-2348

Sybari AntiGen for Domino 7.0 Build 722 SR2 allows remote attackers to cause a denial of service hang via an encrypted ZIP file with the "include full path info" option set, as used by certain variants of the Beagle/Bagle worm...

6.7AI score0.00763EPSS

Exploits0References4

NVD•added 2004/12/31 5:0 a.m.•10 views

CVE-2004-2348

5CVSS6.7AI score0.00763EPSS

Exploits0References4

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by