MAL-2026-4581 Malicious code in idlidosa (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5c6cba2c58d95d705af7dc5bb1c630129127835fb1ef15d4ccf43ec2818bf632 The package is purpose-built tooling to defeat exam-proctoring / lockdown software, with multiple installer-machine integrity harms triggered when th...

PT-2025-49179

Name of the Vulnerable Software and Affected Versions Apache StreamPark versions 2.0.0 through 2.1.6 Description The system utilizes weak encryption keys, either fixed or derived directly from user passwords, when encrypting sensitive data. Attackers may obtain these keys through reverse...

PHPGurukul News Portal 安全漏洞

News Portal is a news portal. News Portal has a hard-coded vulnerability that stems from the use of a fixed encryption key for the handling of the SECRETKEY parameter in the file /onps/settings.py. An attacker could exploit this vulnerability to obtain sensitive system information...

EUVD-2010-0259

Malware in sbrugna...

CVE-2010-0228

Verbatim Corporate Secure and Corporate Secure FIPS Edition USB flash drives use a fixed 256-bit key for obtaining access to the cleartext drive contents, which makes it easier for physically proximate attackers to read or modify data by determining and providing this key...

The vulnerability of the repository for Trusted Platform Module tpm2-tools, related to the disclosure of information, allows a perpetrator to gain access to confidential data.

The vulnerability of the repository for Trusted Platform Module tpm2-tools is related to the use of a fixed AES key for internal encryption. Exploiting this vulnerability could allow an attacker, operating remotely, to gain access to confidential data...

A flaw was found in tpm2-tools in versions before 5.1.1 and before 4.3.2. tpm2_import used a fixed AES key for the inner wrapper potentially allowing a MITM attacker to unwrap the inner portion and reveal the key being imported. The highest threat from this vulnerability is to data confidentiality.

...

UBUNTU-CVE-2021-3565

A flaw was found in tpm2-tools in versions before 5.1.1 and before 4.3.2. tpm2import used a fixed AES key for the inner wrapper, potentially allowing a MITM attacker to unwrap the inner portion and reveal the key being imported. The highest threat from this vulnerability is to data confidentialit...

ZOHO ManageEngine ADSelfService Plus Information Disclosure Vulnerability

ZOHO ManageEngine ADSelfService Plus is a Web-based end-user password management software from ZOHO. An information disclosure vulnerability exists in Zoho ManageEngine ADSelfService Plus 5.x =build 5704, which stems from the product's use of a fixed encryption key to protect information, and can...

CVE-2017-17704

A door-unlocking issue was discovered on Software House iStar Ultra devices through 6.5.2.20569 when used in conjunction with the IP-ACM Ethernet Door Module. The communications between the IP-ACM and the iStar Ultra is encrypted using a fixed AES key and IV. Each message is encrypted in CBC mode...

Arbitrary User Password Reset Vulnerability in sentcms v3.0.170127

SentCMS website management system is a simple and easy-to-use website management system created by Nanchang Tengshu Technology Co. SentCMS v3.0.170127 has an arbitrary user password reset vulnerability, which occurs because the system fixes the encryption key. An attacker can reset any user's...