Lucene search
+L

27 matches found

CVE
CVE
added 2 days ago7 views

CVE-2026-47085

CVE-2026-47085 affects Cyrus IMAPD (up to 3.12.2). The flaw: URLAUTH token forgery via a missing mboxkey, allowing an attacker who knows a folder name the user never authorized to forge a valid URLAUTH by computing an HMAC-SHA1 with a predictable key, granting read access to the mailbox. Impact i...

4CVSS6.1AI score0.00188EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/02 8:33 a.m.7 views

EUVD-2026-41260

The Appointment Bookings for Zoom GoogleMeet and more – Wappointment plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to and including 2.7.6 via the appointmentkey parameter due to the appointment editkey — the sole authorization token consumed by tryCance...

5.3CVSS5.8AI score0.00297EPSS
Exploits0References10
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.16 views

WordPress plugin UpdraftPlus: WP Backup & Migration Plugin 数据伪造问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. One...

8.1CVSS6.6AI score0.03578EPSS
Exploits3References1
EUVD
EUVD
added 2026/05/27 3:33 p.m.14 views

EUVD-2026-32277

In Slican telephone exchanges secure key is generated in a predictable manner using properties of the telephone exchange which can be obtained without authentication. An unauthenticated attacker can deduce the secure key and obtain admin credentials. This issue was fixed in versions below: - IPx...

9.3CVSS5.8AI score0.00662EPSS
Exploits0References2
CVE
CVE
added 2026/05/27 12:42 p.m.22 views

CVE-2026-35089

Slican telephone exchanges expose admin credentials because the secure key is generated predictably from exchange properties without authentication. CVE-2026-35089 (and CVE-2026-35087) describe an unauthenticated path to deduce the secure key and gain admin access. Remediations (per affected entr...

8.7CVSS5.8AI score0.00662EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/11 6:31 p.m.9 views

EUVD-2026-29105

In Meari IoT SDK image handling libmrplayer.so as observed in CloudEdge 5.5.0 build 220, Arenti 1.8.1 build 220, and related white-label apps = 1.8.x, baby monitor ".jpgx3" files use reversible XOR over only the first 1024 bytes with a predictable key derivation model...

7.5CVSS5.8AI score0.00167EPSS
Exploits0References3
NVD
NVD
added 2026/05/11 5:16 p.m.14 views

CVE-2026-33361

In Meari IoT SDK image handling libmrplayer.so as observed in CloudEdge 5.5.0 build 220, Arenti 1.8.1 build 220, and related white-label apps = 1.8.x, baby monitor ".jpgx3" files use reversible XOR over only the first 1024 bytes with a predictable key derivation model...

7.5CVSS0.00167EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.10 views

Meari IoT SDK 加密问题漏洞

Meari IoT SDK is a software development kit provided by Meari Corporation, aimed at developing applications for smart devices. There are encryption-related vulnerabilities in the Meari IoT SDK. These vulnerabilities stem from the use of a predictable key derivation method to perform reversible XO...

7.5CVSS5.8AI score0.00167EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/23 4:10 p.m.38 views

CVE-2026-5039 Predictable Default Cryptographic Key Used for DES Encryption in TP-Link TL-WL841N

TP-Link TL-WR841N v13 uses DES-CBC encryption in the TDDPv2 debug protocol with a cryptographic key derived from default web management credentials, making the key predictable if device is left in default configuration. A network-adjacent attacker can exploit this weakness to gain unauthorized...

6.1CVSS0.0013EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/23 12:0 a.m.10 views

TP-Link TL-WR841N 安全漏洞

The TP-Link TL-WR841N is a router produced by the TP-Link company. The TP-Link TL-WR841N v13 version has a security vulnerability. This vulnerability stems from the use of DES-CBC encryption in the TDDPv2 debugging protocol, where the key is predictable. This could allow unauthorized attackers to...

8.8CVSS5.8AI score0.0013EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/12/13 8:2 p.m.6 views

CVE-2024-58311

Dormakaba Saflok System 6000 contains a predictable key generation algorithm that allows attackers to derive card access keys from a 32-bit unique identifier. Attackers can exploit the deterministic key generation process by calculating valid access keys using a simple mathematical transformation...

9.8CVSS6.8AI score0.00392EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/12 9:31 p.m.6 views

EUVD-2024-55350

Dormakaba Saflok System 6000 contains a predictable key generation algorithm that allows attackers to derive card access keys from a 32-bit unique identifier. Attackers can exploit the deterministic key generation process by calculating valid access keys using a simple mathematical transformation...

9.8CVSS6.3AI score0.00392EPSS
Exploits0References4
NVD
NVD
added 2025/12/12 8:15 p.m.5 views

CVE-2024-58311

Dormakaba Saflok System 6000 contains a predictable key generation algorithm that allows attackers to derive card access keys from a 32-bit unique identifier. Attackers can exploit the deterministic key generation process by calculating valid access keys using a simple mathematical transformation...

9.8CVSS0.00392EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/12/12 7:57 p.m.4 views

CVE-2024-58311 Dormakaba Saflok System 6000 Key Generation Cryptographic Weakness

Dormakaba Saflok System 6000 contains a predictable key generation algorithm that allows attackers to derive card access keys from a 32-bit unique identifier. Attackers can exploit the deterministic key generation process by calculating valid access keys using a simple mathematical transformation...

9.8CVSS6.5AI score0.00392EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/12/12 7:57 p.m.25 views

CVE-2024-58311 Dormakaba Saflok System 6000 Key Generation Cryptographic Weakness

Dormakaba Saflok System 6000 contains a predictable key generation algorithm that allows attackers to derive card access keys from a 32-bit unique identifier. Attackers can exploit the deterministic key generation process by calculating valid access keys using a simple mathematical transformation...

9.8CVSS0.00392EPSS
Exploits0References3
CVE
CVE
added 2025/12/12 7:57 p.m.12 views

CVE-2024-58311

Dormakaba Saflok System 6000 is affected by CVE-2024-58311 due to a predictable key generation algorithm that lets an attacker derive card access keys from a 32-bit card identifier. The underlying issue is a deterministic key derivation process, enabling key computation without requiring addition...

9.8CVSS6.5AI score0.00392EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/12/12 12:0 a.m.7 views

Dormakaba Saflok System 安全漏洞

Dormakaba Saflok System is a hotel access control and security management system from Dormakaba USA. A security vulnerability exists in Dormakaba Saflok System 6000 that stems from a predictable key generation algorithm that could lead to the derivation of card access keys...

9.8CVSS6.6AI score0.00392EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/12/12 12:0 a.m.12 views

PT-2025-50973

Name of the Vulnerable Software and Affected Versions Dormakaba Saflok System 6000 affected versions not specified Description The Dormakaba Saflok System 6000 uses a key generation algorithm that is predictable. This allows attackers to calculate card access keys from a 32-bit unique identifier...

9.8CVSS6.4AI score0.00392EPSS
Exploits0References7
CVE
CVE
added 2025/09/26 3:25 a.m.24 views

CVE-2025-10745

CVE-2025-10745 affects Banhammer – Monitor Site Traffic, Block Bad Users and Bots (WordPress) up to version 3.4.8. Root cause: a deterministically generated secret key (using md5 and base64_encode) stored in banhammer_secret_key enables unauthenticated bypass by appending a GET parameter banhamme...

5.3CVSS5.5AI score0.00343EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/09/12 12:0 a.m.4 views

Silicon Labs Wi-SUN Stack 安全漏洞

Silicon Labs Wi-SUN Stack is a communications stack from Silicon Labs, Inc. A security vulnerability exists in Silicon Labs Wi-SUN Stack that stems from the fact that accidental reception of a 4-Way Handshake packet may result in a predictable key, potentially triggering a man-in-the-middle attac...

8.6CVSS6.7AI score0.00164EPSS
Exploits0References3
Rows per page
Query Builder