Lucene search
K

25567 matches found

RedhatCVE
RedhatCVE
added 2026/01/30 9:23 p.m.8 views

CVE-2025-13399

A weakness in the web interface’s application layer encryption in VX800v v1.0 allows an adjacent attacker to brute force the weak AES key and decrypt intercepted traffic. Successful exploitation requires network proximity but no authentication, and may result in high impact to confidentiality,...

8.8CVSS5.9AI score0.00151EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/29 9:21 p.m.8 views

CVE-2025-57796

Explorance Blue versions prior to 8.14.12 use reversible symmetric encryption with a hardcoded static key to protect sensitive data, including user passwords and system configurations. This approach allows stored values to be decrypted offline if the encrypted data are obtained...

6.8CVSS5.9AI score0.00186EPSS
Exploits0References1
OSV
OSV
added 2026/01/29 7:16 p.m.4 views

CVE-2025-13399

A weakness in the web interface’s application layer encryption in VX800v v1.0 allows an adjacent attacker to brute force the weak AES key and decrypt intercepted traffic. Successful exploitation requires network proximity but no authentication, and may result in high impact to confidentiality,...

8.8CVSS5.8AI score0.00151EPSS
Exploits0References2
NVD
NVD
added 2026/01/29 7:16 p.m.6 views

CVE-2025-13399

A weakness in the web interface’s application layer encryption in VX800v v1.0 allows an adjacent attacker to brute force the weak AES key and decrypt intercepted traffic. Successful exploitation requires network proximity but no authentication, and may result in high impact to confidentiality,...

8.8CVSS0.00151EPSS
Exploits0References2
EUVD
EUVD
added 2026/01/29 6:5 p.m.5 views

EUVD-2025-206515

A weakness in the web interface’s application layer encryption in VX800v v1.0 allows an adjacent attacker to brute force the weak AES key and decrypt intercepted traffic. Successful exploitation requires network proximity but no authentication, and may result in high impact to confidentiality,...

7.7CVSS5.9AI score0.00151EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/01/29 6:5 p.m.33 views

CVE-2025-13399 Insecure Encryption in Communication with the Web Interface on TP-Link VX800v

A weakness in the web interface’s application layer encryption in VX800v v1.0 allows an adjacent attacker to brute force the weak AES key and decrypt intercepted traffic. Successful exploitation requires network proximity but no authentication, and may result in high impact to confidentiality,...

7.7CVSS0.00151EPSS
Exploits0References2
CVE
CVE
added 2026/01/29 6:5 p.m.12 views

CVE-2025-13399

The CVE-2025-13399 entry covers a weakness in the VX800v v1.0 web interface where the application-layer encryption uses a weak AES key. An adjacent attacker can brute-force this key to decrypt intercepted traffic without authentication. Impact is described as high for confidentiality, integrity, ...

8.8CVSS5.9AI score0.00151EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/01/29 6:5 p.m.4 views

CVE-2025-13399 Insecure Encryption in Communication with the Web Interface on TP-Link VX800v

A weakness in the web interface’s application layer encryption in VX800v v1.0 allows an adjacent attacker to brute force the weak AES key and decrypt intercepted traffic. Successful exploitation requires network proximity but no authentication, and may result in high impact to confidentiality,...

7.7CVSS5.9AI score0.00151EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/01/29 6:5 p.m.5 views

CVE-2025-13399

A weakness in the web interface’s application layer encryption in VX800v v1.0 allows an adjacent attacker to brute force the weak AES key and decrypt intercepted traffic. Successful exploitation requires network proximity but no authentication, and may result in high impact to confidentiality,...

7.7CVSS5.9AI score0.00151EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/01/29 5:22 p.m.1 views

openssl: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing

A flaw was found in OpenSSL. A remote attacker can exploit a stack buffer overflow vulnerability by supplying a crafted Cryptographic Message Syntax CMS message with an oversized Initialization Vector IV when parsing AuthEnvelopedData structures that use Authenticated Encryption with Associated...

8.8CVSS6.3AI score0.47621EPSS
Exploits7References4
RedhatCVE
RedhatCVE
added 2026/01/29 3:19 p.m.8 views

CVE-2025-41351

Vulnerability that allows a Padding Oracle Attack to be performed on the Funambol v30.0.0.20 cloud server. The thumbnail display URL allows an attacker to decrypt and encrypt the parameters used by the application to generate ‘self-signed’ access URLs...

6CVSS5.9AI score0.00194EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2026/01/29 5:6 a.m.483 views

xtream-ui-security-audit

🔐 Xtream UI Security Audit & Exploitation Framework !Python...

6AI score
Exploits0
RedHat Linux
RedHat Linux
added 2026/01/29 12:24 a.m.9 views

openssl: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing

A flaw was found in OpenSSL. A remote attacker can exploit a stack buffer overflow vulnerability by supplying a crafted Cryptographic Message Syntax CMS message with an oversized Initialization Vector IV when parsing AuthEnvelopedData structures that use Authenticated Encryption with Associated...

8.8CVSS6.3AI score0.47621EPSS
Exploits7References4
Packet Storm News
Packet Storm News
added 2026/01/29 12:0 a.m.5 views

Libgcrypt 1.12.0

Libgcrypt is a general-purpose cryptographic library based on the code from GnuPG. It provides functions for all cryptographic building blocks: symmetric ciphers AES, DES, Blowfish, CAST5, Twofish, and Arcfour, hash algorithms MD4, MD5, RIPE-MD160, SHA-1, and TIGER-192, MACs HMAC for all hash...

6AI score
Exploits0
Positive Technologies
Positive Technologies
added 2026/01/29 12:0 a.m.7 views

PT-2026-5319

A weakness in the web interface’s application layer encryption in VX800v v1.0 allows an adjacent attacker to brute force the weak AES key and decrypt intercepted traffic. Successful exploitation requires network proximity but no authentication, and may result in high impact to confidentiality,...

7.7CVSS5.9AI score0.00151EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/01/29 12:0 a.m.5 views

TP-Link VX800v security vulnerability

The TP-Link VX800v is a VoIP gateway produced by the TP-Link company. The TP-Link VX800v 1.0 version has a security vulnerability. This vulnerability stems from weaknesses in the Web interface’s application layer encryption. It could allow adjacent attackers to brute-force the weak AES key and...

8.8CVSS5.8AI score0.00151EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/01/29 12:0 a.m.8 views

PT-2026-5323

Name of the Vulnerable Software and Affected Versions VX800v version 1.0 Description The web interface of VX800v version 1.0 transmits sensitive information over unencrypted HTTP due to missing application layer encryption. This allows a network-adjacent attacker to intercept the traffic and...

5.3CVSS5.9AI score0.00068EPSS
Exploits0References5
NVD
NVD
added 2026/01/28 8:16 p.m.6 views

CVE-2025-61730

During the TLS 1.3 handshake if multiple messages are sent in records that span encryption level boundaries for instance the Client Hello and Encrypted Extensions messages, the subsequent messages may be processed before the encryption level changes. This can cause some minor information disclosu...

5.3CVSS0.00276EPSS
Exploits0References4
OSV
OSV
added 2026/01/28 8:16 p.m.7 views

AZL-75648 CVE-2025-61730 affecting package msft-golang for versions less than 1.24.12-1

During the TLS 1.3 handshake if multiple messages are sent in records that span encryption level boundaries for instance the Client Hello and Encrypted Extensions messages, the subsequent messages may be processed before the encryption level changes. This can cause some minor information disclosu...

5.3CVSS6.6AI score0.00276EPSS
Exploits0References1
OSV
OSV
added 2026/01/28 8:16 p.m.4 views

CVE-2025-61730

During the TLS 1.3 handshake if multiple messages are sent in records that span encryption level boundaries for instance the Client Hello and Encrypted Extensions messages, the subsequent messages may be processed before the encryption level changes. This can cause some minor information disclosu...

5.3CVSS5.3AI score
Exploits0References4
Rows per page
Query Builder