CVE-2026-50208

CVE-2026-50208 describes a vulnerability where TrustAllCerts routines bypass TLS certificate validation and are combined with hard-coded DES keys, enabling a MitM actor to decrypt network traffic. Documented impact includes high confidentiality and integrity risks with network traffic exposure; n...

EUVD-2026-34220

High-risk TrustAllCerts routines disable standard TLS certificate validation. Combined with hard-coded DES symmetric encryption keys, a Man-in-the-Middle MITM actor could decrypt network traffic...

EUVD-2012-4623

Malware in sbrugna...

EUVD-2017-4274

Malware in sbrugna...

EUVD-2023-38106

Malicious code in bioql PyPI...

CVE-2025-54754 Cognex In-Sight Explorer and In-Sight Camera Firmware Use of Hard-coded Password

An attacker with adjacent access, without authentication, can exploit this vulnerability to retrieve a hard-coded password embedded in publicly available software. This password can then be used to decrypt sensitive network traffic, affecting the Cognex device...

Cognex多款产品 安全漏洞

Cognex In-Sight Explorer and Cognex In-Sight Camera Firmware are both products of Cognex Corporation, U.S.A. Cognex In-Sight Explorer is a tool that has the ability to debug and program the software of its line of smart cameras.Cognex In-Sight Camera Firmware is firmware for a range of smart...

BMC Control-M 安全漏洞

BMC Control-M is an application from BMC, Inc. simplifies application and data workflow orchestration locally or as a service. A security vulnerability exists in BMC Control-M versions 9.0.18 through 9.0.20, which stems from the Blowfish encryption algorithm that uses a hard-coded key, and could...

CVE-2009-4295

Sun Ray Server Software 4.0 and 4.1 does not generate a unique DSA private key for the firmware on each Sun Ray 1, 1g, 100, and 150 DTU device, which makes it easier for remote attackers to obtain sensitive information by predicting a key and then using it to decrypt sniffed network traffic...

Code injection

Communication to the AMC2 uses a state-of-the-art cryptographic algorithm for symmetric encryption called Blowfish. An attacker could retrieve the key from the firmware to decrypt network traffic between the AMC2 and the host system. Thus, an attacker can exploit this vulnerability to decrypt and...

Weidmueller Industrial WLAN 信任管理问题漏洞

Weidmueller Industrial WLAN devices is an industrial WIAN from Weidmueller, Germany. Weidmueller Industrial WLAN devices Trust Management Issue vulnerability, which stems from the use of hard-coded keys in the service agent binary, can be exploited by an attacker to decrypt captured traffic from ...

CVE-2019-5137

The Moxa AWK-3131A Series (firmware 1.13) ServiceAgent uses a hard-coded cryptographic key, enabling decryption of network traffic to/from the device. CVE-2019-5137 (CVSSv3 7.5) details the root cause and impact (confidentiality HIGH). A vendor patch is available; apply the security update from M...

CVE-2017-12735

A vulnerability has been identified in LOGO! 8 BM incl. SIPLUS variants All versions V8.3. An attacker who performs a Man-in-the-Middle attack between the LOGO! BM and other devices could potentially decrypt and modify network traffic...

Blue Coat ProxySG 6.5.x < 6.5.9.8 / 6.6.x < 6.6.4.1 Multiple OpenSSL Vulnerabilities

The self-reported SGOS version installed on the remote Blue Coat ProxySG device is 6.5.x prior to 6.5.9.8 or 6.6.x prior to 6.6.4.1. It is, therefore, affected by multiple vulnerabilities in its bundled version of OpenSSL : - Multiple flaws exist in the aesnicbchmacsha1cipher function in file...

Microsoft XML Core Services Man-in-the-Middle Information Disclosure Vulnerability (CNVD-2015-05495)

Microsoft XML Core Services MSXML is a user to allow the use of JScript, VBScript and Visual Studio 6.0 users to develop XML-based applications , in order to interoperate with other applications that follow the XML 1.0 standard . A security vulnerability exists in Microsoft XML Core Services that...

CVE-2012-4698

Siemens RuggedCom Rugged Operating System ROS before 3.12, ROX I OS through 1.14.5, ROX II OS through 2.3.0, and RuggedMax OS through 4.2.1.4621.22 use hardcoded private keys for SSL and SSH communication, which makes it easier for man-in-the-middle attackers to spoof servers and decrypt network...

SOL13607 - Hosts may generate weak RSA keys under low entropy conditions

A recent study, linked in the Supplemental Information section, has revealed that when a system generates new RSA keys under low-entropy conditions, such as during the first system boot, the resulting keys may not be cryptographically strong. During its first boot, the BIG-IP system generates...

CVE-2009-1473

The 1 Windows and 2 Java client programs for the ATEN KH1516i IP KVM switch with firmware 1.0.063 and the KN9116 IP KVM switch with firmware 1.1.104 do not properly use RSA cryptography for a symmetric session-key negotiation, which makes it easier for remote attackers to a decrypt network traffi...