PT-2025-50939

In Apache StreamPark versions 2.0.0 through 2.1.7, a security vulnerability involving a hard-coded encryption key exists. This vulnerability occurs because the system uses a fixed, immutable key for encryption instead of dynamically generating or securely configuring the key. Attackers may obtain...

EUVD-2019-14711

Malware in sbrugna...

EUVD-2019-9484

Malware in sbrugna...

EUVD-2016-0915

Malware in sbrugna...

EUVD-2024-26929

Malicious code in bioql PyPI...

EUVD-2025-23308

Malicious code in bioql PyPI...

CVE-2023-4489

The first S0 encryption key is generated with an uninitialized PRNG in Z/IP Gateway products running Silicon Labs Z/IP Gateway SDK v7.18.3 and earlier. This makes the first S0 key generated at startup predictable, potentially allowing network key prediction and unauthorized S0 network access...

CVE-2019-19891

An encryption key vulnerability on Mitel SIP-DECT wireless devices 8.0 and 8.1 could allow an attacker to launch a man-in-the-middle attack. A successful exploit may allow the attacker to intercept sensitive information...

CVE-2021-35252 Common Key Vulnerability in Serv-U FTP Server

Common encryption key appears to be used across all deployed instances of Serv-U FTP Server. Because of this an encrypted value that is exposed to an attacker can be simply recovered to plaintext...

CVE-2022-34045

Wavlink WN530HG4 M30HG4.V5030.191116 was discovered to contain a hardcoded encryption/decryption key for its configuration files at /etcro/lighttpd/www/cgi-bin/ExportAllSettings.sh...

IBM Security Verify Information Queue Information Disclosure Vulnerability (CNVD-2021-11361)

IBM Security Verify Information Queue is a cross-product integrator that leverages Kafka technology and a publish/subscribe model to integrate data between IBM security products. An information disclosure vulnerability exists in IBM Security Verify Information Queue. The vulnerability stems from...

New Bluetooth Vulnerability Exposes Billions of Devices to Hackers

Academics from École Polytechnique Fédérale de Lausanne EPFL disclosed a security vulnerability in Bluetooth that could potentially allow an attacker to spoof a remotely paired device, exposing over a billion of modern devices to hackers. The attacks, dubbed Bluetooth Impersonation AttackS or BIA...

CVE-2019-19891

CVE-2019-19891 concerns an encryption key vulnerability in Mitel SIP-DECT wireless devices (firmware versions 8.0 and 8.1) that could allow an attacker to perform a man-in-the-middle (MITM) attack and potentially intercept sensitive information. The CVE is referenced across multiple sources (NVD,...

Mitel SIP-DECT Encryption Key Vulnerability

Mitel SIP-DECT provides organizations of all sizes with a comprehensive solution for cordless IP network-based telephony by combining Session Initiation Protocol SIP innovation with DECT. An encryption key vulnerability exists in Mitel SIP-DECT using firmware versions 8.1 and 8.0, which could be...

Unspecified vulnerability in ShapeShift KeepKey finite state machine

ShapeShift KeepKey is an e-wallet device for cryptocurrency storage. An unspecified vulnerability exists in the ShapeShift KeepKey finite state machine, which stems from the program not being sufficiently authenticated. The vulnerability can be exploited to reset a portion of the encryption key t...

CVE-2017-13101

Musical.ly Inc., musical.ly - your video social network, 6.1.6, 2017-10-03, iOS application uses a hard-coded key for encryption. Data stored using this key can be decrypted by anyone able to access this key...

Red Lion Controls Sixnet-Managed Industrial Switches and Stride-Managed Ethernet Switches Hard-Coded Encryption Key Vulnerability

Red Lion Controls Sixnet-Managed Industrial Switches and Stride-Managed Ethernet Switches are both industrial Ethernet managed switches from Red Lion Controls, USA. A hard-coded encryption key vulnerability exists in Red Lion Controls Sixnet-Managed Industrial Switches version 5.0.196 and earlier...

Advantech SUSIAccess Server Local Elevation of Privilege Vulnerability

SUSIAccess is an easy-to-use remote device management software solution. A local elevation of privilege vulnerability exists in Advantech SUSIAccess Server. Since the admin password is stored on the system and encrypted using a hard-coded static key in the program. An attacker can exploit the...

CVE-2015-1453

The qm class in Fortinet FortiClient 5.2.3.091 for Android uses a hardcoded encryption key of FoRtInEt!AnDrOiD, which makes it easier for attackers to obtain passwords and possibly other sensitive data by leveraging the key to decrypt data in the Shared Preferences...