95 matches found
CVE-2025-38402
In the Linux kernel, the following vulnerability has been resolved: idpf: return 0 size for RSS key if not supported Returning -EOPNOTSUPP from function returning u32 is leading to cast and invalid size value as a result. -EOPNOTSUPP as a size probably will lead to allocation fail. Command: ethto...
CVE-2025-38402
In the Linux kernel, the following vulnerability has been resolved: idpf: return 0 size for RSS key if not supported Returning -EOPNOTSUPP from function returning u32 is leading to cast and invalid size value as a result. -EOPNOTSUPP as a size probably will lead to allocation fail. Command: ethto...
CVE-2022-50012
CVE-2022-50012 affects the Linux kernel on 64-bit PowerPC (powerpc/64). The root cause is that jump_label_init() is invoked in setup_feature_keys() too late, since static keys may be used by subroutines of parse_early_param(), which itself is a subroutine of early_init_devtree(). The result is th...
PT-2025-25343 · Vantage6 · Vantage6
Name of the Vulnerable Software and Affected Versions: vantage6 versions prior to 4.11.0 Description: The vantage6 server has a predictable JWT secret key generation issue. The auto-generated key is a UUID1, which is not cryptographically secure as it is predictable to some extent. This issue...
CVE-2025-48960
Weak server key used for TLS encryption. The following products are affected: Acronis Cyber Protect 16 Linux, macOS, Windows before build 39938...
CVE-2024-5674
The Newsletter - API v1 and v2 addon plugin for WordPress is vulnerable to unauthorized subscribers management due to PHP type juggling issue on the checkapikey function in all versions up to, and including, 2.4.5. This makes it possible for unauthenticated attackers to list, create or delete...
CVE-2024-13370
The Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the saveaddonkeylicense function in all versions up to, and including, 1.3.3. This makes it possible fo...
CVE-2023-51840
DoraCMS 2.1.8 is vulnerable to Use of Hard-coded Cryptographic Key...
CVE-2022-35945
GLPI stands for Gestionnaire Libre de Parc Informatique and is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. Information associated to registration key are not properly escaped in registration key configuration...
CVE-2021-38599
WAL-G before 1.1, when a non-libsodium build e.g., one of the official binary releases published as GitHub Releases is used, silently ignores the libsodium encryption key and uploads cleartext backups. This is arguably a Principle of Least Surprise violation because "the user likely wanted to...
CVE-2013-0148
The Data Camouflage aka FairCom Standard Encryption algorithm in FairCom c-treeACE does not ensure that a decryption key is needed for accessing database contents, which allows context-dependent attackers to read cleartext database records by copying a database to another system that has a certai...
CVE-2025-47278
Flask is a web server gateway interface WSGI web application framework. In Flask 3.1.0, the way fallback key configuration was handled resulted in the last fallback key being used for signing, rather than the current signing key. Signing is provided by the itsdangerous library. A list of keys can...
CVE-2025-47278 Flask uses fallback key instead of current signing key
Flask is a web server gateway interface WSGI web application framework. In Flask 3.1.0, the way fallback key configuration was handled resulted in the last fallback key being used for signing, rather than the current signing key. Signing is provided by the itsdangerous library. A list of keys can...
PT-2025-20926
Name of the Vulnerable Software and Affected Versions: Flask versions 3.1.0 Description: The issue arises from the incorrect handling of fallback key configuration in Flask, where the last fallback key is used for signing instead of the current signing key. This is due to Flask constructing the...
CVE-2025-31362
BizRobo! is affected by CVE-2025-31362 due to use of a hard-coded cryptographic key (CWE-321). Credentials inside robot files may be obtained if the encryption key is available. Affected product: BizRobo! all versions. Impact stated: credentials in robot files may be disclosed when the key is kno...
CVE-2025-0628 Improper Authorization in BerriAI/litellm
An improper authorization vulnerability exists in the main-latest version of BerriAI/litellm. When a user with the role 'internaluserviewer' logs into the application, they are provided with an overly privileged API key. This key can be used to access all the admin functionality of the applicatio...
CVE-2025-27685
Vasion Print formerly PrinterLogic before Virtual Appliance Host 1.0.735 Application 20.0.1330 allows Configuration File Contains CA & Private Key V-2022-001...
CVE-2025-26849
CVE-2025-26849 affects Docusnap 13.0.1440.24261 and earlier/later versions due to a hard-coded cryptographic key. This key can be used to decrypt inventory files containing sensitive information (e.g., firewall rules). The description and connected sources confirm the root cause as a hard-coded k...
Linux Distros Unpatched Vulnerability : CVE-2016-8614
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in Ansible before version 2.2.0. The aptkey module does not properly verify key fingerprints, allowing remote adversary to create an OpenPGP ke...
CVE-2025-0714
The vulnerability exists in the password storage of Mobateks MobaXterm in versions below 25.0. MobaXTerm uses an initialisation vector IV consisting only of zero bytes and a master key to encrypt each password individually. In the default configuration, on opening MobaXTerm, the user is prompted...