7547 matches found
EUVD-2025-208943
A hardcoded cryptographic key within the configuration mechanism on TP-Link Archer NX200, NX210, NX500 and NX600 enables decryption and re-encryption of device configuration data. An authenticated attacker may decrypt configuration files, modify them, and re-encrypt them, affecting the...
CVE-2025-15605
A hardcoded cryptographic key within the configuration mechanism on TP-Link Archer NX200, NX210, NX500 and NX600 enables decryption and re-encryption of device configuration data. An authenticated attacker may decrypt configuration files, modify them, and re-encrypt them, affecting the...
CVE-2025-15605
A hardcoded cryptographic key within the configuration mechanism on TP-Link Archer NX200, NX210, NX500 and NX600 enables decryption and re-encryption of device configuration data. An authenticated attacker may decrypt configuration files, modify them, and re-encrypt them, affecting the...
CVE-2025-15605 Hardcoded Cryptographic Key in Configuration Encryption Mechanism on TP-Link Archer NX200, NX210, NX500 and NX600
A hardcoded cryptographic key within the configuration mechanism on TP-Link Archer NX200, NX210, NX500 and NX600 enables decryption and re-encryption of device configuration data. An authenticated attacker may decrypt configuration files, modify them, and re-encrypt them, affecting the...
CVE-2025-15605
This CVE affects TP-Link Archer NX200, NX210, NX500, and NX600 models. The root cause is a hardcoded cryptographic key in the configuration encryption mechanism, enabling an attacker (authenticated, adjacent access) to decrypt, modify, and re-encrypt device configuration data, compromising confid...
CVE-2025-15605 Hardcoded Cryptographic Key in Configuration Encryption Mechanism on TP-Link Archer NX200, NX210, NX500 and NX600
A hardcoded cryptographic key within the configuration mechanism on TP-Link Archer NX200, NX210, NX500 and NX600 enables decryption and re-encryption of device configuration data. An authenticated attacker may decrypt configuration files, modify them, and re-encrypt them, affecting the...
Exploit for CVE-2024-51347
CVE-2024-51347: Unauthenticated Remote Code Execution in LSC I...
Harbor 安全漏洞
Harbor is an open-source registry developed by Harbor Open Source. It protects artifacts through policy-based and role-based access control, ensures that images are scanned for vulnerabilities, and signs images as trustworthy. Versions of Harbor prior to 2.15.0 have security vulnerabilities; thes...
Kalcaddle Kodbox 安全漏洞
Kalcaddle Kodbox is a private cloud storage and online collaborative office platform developed by Kalcaddle Corporation. A security vulnerability exists in the kalcaddle kodbox version 1.64, which stems from the Site-level API key Handler component using hardcoded keys...
KlinikaXP Klinika XP和KlinikaXP Insertino 信任管理问题漏洞
KlinikaXP and KlinikaXP Insertino are software products developed by the Polish company KlinikaXP, used for managing medical clinics. They offer features such as appointment management, patient records, and billing processing. Previous versions of Klinika XP 5.39.01.01.01 and KlinikaXP Insertino...
PT-2026-27165
Name of the Vulnerable Software and Affected Versions TP-Link Archer NX200 TP-Link Archer NX210 TP-Link Archer NX500 TP-Link Archer NX600 Description A cryptographic key that is hardcoded into the configuration mechanism allows decryption and re-encryption of device configuration data. An...
Exploit for CVE-2026-21994
CVE-2026-21994 Summary Oracle OKIT oci-designer-tool...
Malicious code in cfgmgr-sync (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 e3f72f18351a20c172ef8154055917c9e977fe782b32a4716faed582d67f3071 The code exfiltrates content copied to clipboard content to a hardcoded location. The code is obfuscated and has a persistence mechanism. --- Category: MALICIO...
CVE-2026-33072
FileRise is a self-hosted web file manager / WebDAV server. In versions prior to 3.9.0, a hardcoded default encryption key defaultpleasechangethiskey is used for all cryptographic operations — HMAC token generation, AES config encryption, and session tokens — allowing any unauthenticated attacker...
EUVD-2026-13643
FileRise is a self-hosted web file manager / WebDAV server. In versions prior to 3.9.0, a hardcoded default encryption key defaultpleasechangethiskey is used for all cryptographic operations — HMAC token generation, AES config encryption, and session tokens — allowing any unauthenticated attacker...
CVE-2026-33072 FileRise: Default Encryption Key Enables Token Forgery and Config Decryption
FileRise is a self-hosted web file manager / WebDAV server. In versions prior to 3.9.0, a hardcoded default encryption key defaultpleasechangethiskey is used for all cryptographic operations — HMAC token generation, AES config encryption, and session tokens — allowing any unauthenticated attacker...
CVE-2026-33072
FileRise is a self-hosted web file manager / WebDAV server. In versions prior to 3.9.0, a hardcoded default encryption key defaultpleasechangethiskey is used for all cryptographic operations — HMAC token generation, AES config encryption, and session tokens — allowing any unauthenticated attacker...
CVE-2026-33072 FileRise: Default Encryption Key Enables Token Forgery and Config Decryption
FileRise is a self-hosted web file manager / WebDAV server. In versions prior to 3.9.0, a hardcoded default encryption key defaultpleasechangethiskey is used for all cryptographic operations — HMAC token generation, AES config encryption, and session tokens — allowing any unauthenticated attacker...
CVE-2026-33072
Summary. CVE-2026-33072 affects FileRise, a self-hosted web file manager/WebDAV server. In versions prior to 3.9.0, a hardcoded default encryption key (default_please_change_this_key) is used for all crypto operations (HMAC token generation, AES config encryption, and session tokens), enabling an...
QNAP Systems QuNetSwitch 信任管理问题漏洞
QNAP Systems QuNetSwitch is a network management software developed by QNAP Systems, a company based in Taiwan, China. It provides centralized switch management and network configuration monitoring capabilities. Previous versions of QNAP Systems QuNetSwitch, such as 2.0.5.0906, had a vulnerabilit...