Lucene search
K

578 matches found

Positive Technologies
Positive Technologies
added 2023/10/24 12:0 a.m.5 views

PT-2023-23397 · Dromara · Dromara Sureness

Name of the Vulnerable Software and Affected Versions: Dromara Sureness versions prior to 1.0.8 Description: The issue is related to the use of a hardcoded key in Dromara Sureness. Recommendations: For versions prior to 1.0.8, update to version 1.0.8 or later to resolve the issue...

9.8CVSS9.2AI score0.00808EPSS
Exploits1References9
Packet Storm
Packet Storm
added 2023/08/16 12:0 a.m.524 views

AudioCodes VoIP Phones Hardcoded Key

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2022-054 Product: AudioCodes VoIP Phones Manufacturer: AudioCodes Ltd. Affected Versions: Firmware Versions = 3.4.8.M4 Tested Versions: Firmware Version 3.4.4.1000 Vulnerability Type: Use of Hard-coded Cryptographic Key CWE-321 Ris...

7.1AI score0.01131EPSS
Exploits2
Positive Technologies
Positive Technologies
added 2023/08/14 12:0 a.m.4 views

PT-2023-7583 · Aleos · Aleos

Name of the Vulnerable Software and Affected Versions: ALEOS versions 4.16.0 and earlier Description: The issue is related to the use of a hardcoded SSL certificate and private key in several versions of ALEOS. This could allow an attacker with access to these items to perform a man-in-the-middle...

8.5CVSS6.4AI score0.00296EPSS
Exploits0References11
ATTACKERKB
ATTACKERKB
added 2023/08/03 1:15 a.m.3 views

CVE-2023-33371

Control ID IDSecure 4.7.26.0 and prior uses a hardcoded cryptographic key in order to sign and verify JWT session tokens, allowing attackers to sign arbitrary session tokens and bypass authentication...

9.8CVSS5.9AI score0.0085EPSS
Exploits0References3
OSV
OSV
added 2023/08/03 1:15 a.m.7 views

CVE-2023-33371

Control ID IDSecure 4.7.26.0 and prior uses a hardcoded cryptographic key in order to sign and verify JWT session tokens, allowing attackers to sign arbitrary session tokens and bypass authentication...

9.8CVSS5.9AI score0.0085EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/08/03 12:0 a.m.9 views

PT-2023-24320 · Control Id · Idsecure

Name of the Vulnerable Software and Affected Versions: Control ID IDSecure versions 4.7.26.0 and prior Description: The issue allows attackers to sign arbitrary session tokens and bypass authentication due to the use of a hardcoded cryptographic key for signing and verifying JWT session tokens...

9.8CVSS7.4AI score0.0085EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2023/07/26 12:0 a.m.9 views

PT-2023-26960 · WordPress · Video Conferencing With Zoom

Name of the Vulnerable Software and Affected Versions: Video Conferencing with Zoom plugin for WordPress versions up to, and including, 4.2.1 Description: The issue is related to Sensitive Information Exposure due to a hardcoded encryption key in the vczapi encrypt decrypt function. This allows...

5.3CVSS6.1AI score0.00322EPSS
Exploits0References7
OSV
OSV
added 2023/07/13 3:15 a.m.8 views

CVE-2023-3342

The User Registration plugin for WordPress is vulnerable to arbitrary file uploads due to a hardcoded encryption key and missing file type validation on the 'uruploadprofilepic' function in versions up to, and including, 3.0.2. This makes it possible for authenticated attackers with...

9.9CVSS8AI score0.01454EPSS
Exploits2References5
OSV
OSV
added 2023/07/13 2:15 a.m.6 views

CVE-2023-34130

SonicWall GMS and Analytics use outdated Tiny Encryption Algorithm TEA with a hardcoded key to encrypt sensitive data. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions...

9.8CVSS5.8AI score0.0026EPSS
Exploits0References2
CVE
CVE
added 2023/07/13 1:6 a.m.177 views

CVE-2023-34130

CVE-2023-34130 affects SonicWall GMS (versions 9.3.2-SP1 and earlier) and SonicWall Analytics (versions 2.5.0.4-R7 and earlier). The root cause is use of an outdated encryption algorithm (TEA) with a hardcoded key to encrypt sensitive data, per the CVE description. The NVD metrics indicate a CRIT...

9.8CVSS9.3AI score0.0026EPSS
In wildExploits0References2Affected Software2
Cvelist
Cvelist
added 2023/07/13 1:6 a.m.32 views

CVE-2023-34130

SonicWall GMS and Analytics use outdated Tiny Encryption Algorithm TEA with a hardcoded key to encrypt sensitive data. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions...

9.6AI score0.0026EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/07/13 1:6 a.m.17 views

CVE-2023-34130

SonicWall GMS and Analytics use outdated Tiny Encryption Algorithm TEA with a hardcoded key to encrypt sensitive data. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions...

6.7AI score0.0026EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/07/13 12:0 a.m.11 views

PT-2023-24339 · WordPress · User Registration

Name of the Vulnerable Software and Affected Versions: User Registration plugin for WordPress versions up to, and including, 3.0.2 Description: The issue arises from a hardcoded encryption key and missing file type validation on the ur upload profile pic function. This allows authenticated...

9.9CVSS9.6AI score0.01454EPSS
Exploits2References10
0day.today
0day.today
added 2023/06/28 12:0 a.m.331 views

WordPress Social Login And Register 7.6.4 Authentication Bypass Vulnerability

Description: WordPress Social Login and Register Discord, Google, Twitter, LinkedIn = 7.6.4 – Authentication Bypass Affected Plugin: WordPress Social Login and Register Discord, Google, Twitter, LinkedIn Plugin Slug: woocommerce-abandoned-cart Affected Versions: = 7.6.4 CVE ID: CVE-2023-2982 CVSS...

9.8CVSS9.6AI score0.46947EPSS
Exploits4
OSV
OSV
added 2023/06/27 2:15 a.m.12 views

CVE-2023-3371

The User Registration plugin for WordPress is vulnerable to Sensitive Information Exposure due to hardcoded encryption key on the 'lockcontentformhandler' and 'displaypasswordform' function in versions up to, and including, 3.7.3. This makes it possible for unauthenticated attackers to decrypt an...

7.5CVSS5.8AI score0.00544EPSS
Exploits0References6
CVE
CVE
added 2023/06/01 12:0 a.m.61 views

CVE-2023-28937

DataSpider Servista 4.4 and earlier is affected by a vulnerability where a cryptographic key is hard-coded into ScriptRunner and ScriptRunner for Amazon SQS. If an attacker with access to a target DataSpider Servista instance can obtain a Launch Settings file, they may operate with the user’s enc...

8.8CVSS8.6AI score0.00812EPSS
Exploits0References8Affected Software1
OSV
OSV
added 2023/02/09 7:15 p.m.4 views

CVE-2023-21426

Hardcoded AES key to encrypt cardemulation PINs in NFC prior to SMR Jan-2023 Release 1 allows attackers to access cardemulation PIN...

5.5CVSS6.1AI score0.00158EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/02/09 12:0 a.m.5 views

PT-2023-18193 · Smr · Smr

Name of the Vulnerable Software and Affected Versions: SMR versions prior to Jan-2023 Release 1 Description: A hardcoded AES key is used to encrypt card emulation PINs in NFC, allowing attackers to access the PIN. Recommendations: For versions prior to Jan-2023 Release 1, update to Jan-2023 Relea...

5.5CVSS5.4AI score0.00158EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2022/12/12 12:0 a.m.6 views

PT-2022-6464 · Mgt Commerce · Mgt-Commerce Cloudpanel

Name of the Vulnerable Software and Affected Versions: MGT-COMMERCE CloudPanel version 2.2.0 Description: The issue is related to the use of a static SSL certificate with a hardcoded cryptographic key in MGT-COMMERCE CloudPanel, which is shared across every installation. This could allow a remote...

8.1CVSS8AI score0.00599EPSS
Exploits1References11
Positive Technologies
Positive Technologies
added 2022/11/09 12:0 a.m.7 views

PT-2022-10357 · Kaden · Kaden Picoflux Air

Name of the Vulnerable Software and Affected Versions: Kaden PICOFLUX AiR water meter affected versions not specified Description: The issue allows an adversary to read values from the device through wireless M-Bus mode 5, utilizing a hardcoded shared key, provided they are adjacent to the device...

6.5CVSS6.3AI score0.00269EPSS
Exploits0References3
Rows per page
Query Builder