EUVD-2025-30807

Malicious code in bioql PyPI...

CVE-2025-57602

Insufficient hardening of the proxyuser account in the AiKaan IoT management platform, combined with the use of a shared, hardcoded SSH private key, allows remote attackers to authenticate to the cloud controller, gain interactive shell access, and pivot into other connected IoT devices. This can...

CVE-2025-57602

Insufficient hardening of the proxyuser account in the AiKaan IoT management platform, combined with the use of a shared, hardcoded SSH private key, allows remote attackers to authenticate to the cloud controller, gain interactive shell access, and pivot into other connected IoT devices. This can...

CVE-2025-57602

CVE-2025-57602 affects the AiKaan IoT management platform. The issue stems from insufficient hardening of the proxyuser account and the use of a shared, hardcoded SSH private key, which can allow remote attackers to authenticate to the cloud controller, obtain an interactive shell, and pivot to o...

CVE-2025-55739

api is a module for FreePBX@, which is an open source GUI that controls and manages Asterisk© PBX. In versions lower than 15.0.13, 16.0.2 through 16.0.14, 17.0.1 and 17.0.2, there is an identical OAuth private key used across multiple systems that installed the same FreePBX RPM or DEB package. An...

CVE-2025-55739

The CVE-2025-55739 issue affects the FreePBX api module: an identical OAuth private key is reused across multiple FreePBX installations when using the same package. Versions affected include FreePBX prior to 15.0.13, 16.0.2–16.0.14, and 17.0.1–17.0.2. An attacker with access to the shared private...

CVE-2025-55739 api: Shared OAuth Signing Key Between Different Instances

api is a module for FreePBX@, which is an open source GUI that controls and manages Asterisk© PBX. In versions lower than 15.0.13, 16.0.2 through 16.0.14, 17.0.1 and 17.0.2, there is an identical OAuth private key used across multiple systems that installed the same FreePBX RPM or DEB package. An...

PT-2025-36101

Name of the Vulnerable Software and Affected Versions: FreePBX versions prior to 15.0.13 FreePBX versions 16.0.2 through 16.0.14 FreePBX versions 17.0.1 and 17.0.2 Description: The api module for FreePBX, an open-source GUI for Asterisk, is susceptible to an issue where a shared OAuth private key...

CVE-2020-25256

An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. PKI certificates have a private key that is the same across different customers' installations...

CVE-2016-2364

The Chrome HUDweb plugin before 2016-05-05 for Fonality previously trixbox Pro 12.6 through 14.1i uses the same hardcoded private key across different customers' installations, which allows remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from...

NetNanny Found Using Shared Private Key, Root CA

An issue with the content-control software NetNanny could open users’ systems up to man-in-the-middle MiTM attacks, HTTPS spoofing and intercept, researchers warned Monday. First released in 1995, the internet filtering service is primarily used by parents to control their children’s online...

PT-2012-4669 · Cyberoam · Cyberoam Utm

Name of the Vulnerable Software and Affected Versions: Cyberoam UTM appliances affected versions not specified Description: The default configuration of Cyberoam UTM appliances uses the same Certification Authority certificate and same private key across different customers' installations. This...

Multiple Sourcefire weak encryption vulnerability

Same private key is used in all devices...