ConnectWise-Password-Encryption-Utility.exe in ConnectWise Risk Assessment allows an attacker to extract a hardcoded AES decryption key via reverse engineering. This key is embedded in plaintext withi
A low-privileged attacker can remotely access the PKI folder of the CODESYS Control runtime system and thus read and write certificates and its keys. This allows sensitive data to be extracted or to a
Vanetza is an open-source implementation of the ETSI C-ITS protocol suite. In 26.02 and earlier, a denial-of-service vulnerability was identified in the cryptographic verification pipeline of Vanetza.
Barix – CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
A third-party NAT traversal module fails to validate SSL/TLS certificates when connecting to the signaling server. While subsequent access to device services requires additional authentication, a Man-
Path traversal vulnerability in the Bluetooth module
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
An improper certificate validation vulnerability was reported in the Lenovo Universal Device Client (UDC) that could allow a user capable of intercepting network traffic to obtain application metadata
OpenPLC v3 contains an authenticated remote code execution vulnerability that allows attackers with valid credentials to inject malicious code through the hardware configuration interface. Attackers c
The com.uaudio.bsd.helper service, responsible for handling privileged operations, fails to implement critical client validation during XPC inter-process communication (IPC). Specifically, the service
Deserialization of Untrusted Data vulnerability in strongholdthemes Dental Care CPT dentalcare-cpt allows Object Injection.This issue affects Dental Care CPT: from n/a through <= 20.2.
A TLS certificate verification issue discovered in cortex v0.42.1 allows attackers to obtain sensitive information via the makeOperatorRequest function.
A hardcoded cryptographic key within the configuration mechanism on TP-Link Archer NX200, NX210, NX500 and NX600 enables decryption and re-encryption of device configuration data. An authenticated att
A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series devices could allow an authenticated, remote attacker to cause a denial of service (DoS) condition in th
An issue was discovered in AudioCodes One Voice Operations Center (OVOC) before 8.4.582. Due to the use of a hard-coded key, an attacker is able to decrypt sensitive data such as passwords extracted f
RouterOS provides various services that rely on correct
verification of client and server certificates to secure confidentiality and
integrity of communications. This includes OpenVPN, CAPsMAN, Dot1x
Meshtastic is an open source mesh networking solution. The Meshtastic firmware (starting from version 2.5) introduces asymmetric encryption (PKI) for direct messages, but when the `pki_encrypted` flag
Insecure file retrieval process that facilitates potential for file manipulation to affect product stability and confidentiality, integrity, authenticity, and attestation of stored data.
A vulnerability in the web-based Cisco IOx application hosting environment management interface of Cisco IOS XE Software could allow an unauthenticated, remote attacker to perform a carriage return li
A vulnerability in the upload module of Cisco RV340 and RV345 Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device.
This vulner
Access control vulnerability in the security verification module
mpact: Successful exploitation of this vulnerability will affect integrity and confidentiality.