Lucene search
K

210 matches found

Positive Technologies
Positive Technologies
added 2025/12/12 12:0 a.m.11 views

PT-2025-50981

Name of the Vulnerable Software and Affected Versions Gladinet CentreStack and Triofox versions prior to 16.12.10420.56791 Description Gladinet CentreStack and Triofox utilize hardcoded values in their AES cryptoscheme implementation. This weakens security, particularly for publicly exposed...

9.8CVSS6.7AI score0.50949EPSS
Exploits3References28
OSV
OSV
added 2025/11/24 3:30 p.m.3 views

GHSA-JQG8-M35Q-JH7J Apache Syncope's AES encryption stores hard-coded passwords in internal database

Apache Syncope can be configured to store the user password values in the internal database with AES encryption, though this is not the default option. When AES is configured, the default key value, hard-coded in the source code, is always used. This allows a malicious attacker, once obtained...

7.5CVSS6.7AI score0.00448EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2025/11/24 12:0 a.m.8 views

PT-2025-47918

Name of the Vulnerable Software and Affected Versions Apache Syncope versions prior to 3.0.15 Apache Syncope versions prior to 4.0.3 Description Apache Syncope, when configured to use AES encryption for storing user passwords in its internal database, utilizes a hard-coded default key. This allow...

7.5CVSS6.7AI score0.00448EPSS
Exploits0References23
Packet Storm News
Packet Storm News
added 2025/11/17 12:0 a.m.5 views

A Fuzzy Logic-Based Cryptographic Framework for Real-Time Dynamic Key Generation for Enhanced Data Encryption

With the ever-growing demand for cybersecurity, static key encryption mechanisms are increasingly vulnerable to adversarial attacks due to their deterministic and non-adaptive nature. Brute-force attacks, key compromise, and unauthorized access have become highly common cyber threats. This resear...

6.8AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/11/13 12:0 a.m.2 views

Siemens SIMATIC S7-1500 Exposure of Resource to Wrong Sphere (CVE-2019-12904)

In Libgcrypt 1.8.4, the C implementation of AES is vulnerable to a flush-and-reload side-channel attack because physical addresses are available to other processes. The C implementation is used on platforms where an assembly-language implementation is unavailable. NOTE: the vendor's position is...

5.9CVSS6.7AI score0.02063EPSS
Exploits0References4
OSV
OSV
added 2025/10/31 9:30 a.m.3 views

GHSA-97W9-V595-3H5Q cryptidy allows code execution via untrusted data due to pickle.loads

cryptidy through 1.2.4 allows code execution via untrusted data because pickle.loads is used. This occurs in aesdecryptmessage in symmetricencryption.py...

6.9CVSS6.3AI score0.00228EPSS
Exploits1References4
Cvelist
Cvelist
added 2025/10/31 12:0 a.m.10 views

CVE-2025-63675

cryptidy through 1.2.4 allows code execution via untrusted data because pickle.loads is used. This occurs in aesdecryptmessage in symmetricencryption.py...

6.9CVSS0.00228EPSS
Exploits1References2
Packet Storm News
Packet Storm News
added 2025/10/26 12:0 a.m.4 views

RejSCore: Rejection Sampling Core for Multivariate-Based Public Key Cryptography

Post-quantum multivariate public key cryptography MPKC schemes resist quantum threats but require heavy operations, such as rejection sampling, which challenge resource-limited devices. Prior hardware designs have addressed various aspects of MPKC signature generation. However, rejection sampling...

6.8AI score
Exploits0
CNNVD
CNNVD
added 2025/10/22 12:0 a.m.5 views

Sakai 安全漏洞

Sakai is a freely available, feature-rich technology solution for learning, teaching, research, and collaboration from Apereo Sakai Open Source. A security vulnerability exists in Sakai versions prior to 23.5 and prior to 25.0 that stems from the use of a non-cryptographic pseudo-random number...

5.9CVSS6.3AI score0.00182EPSS
Exploits0References3
Packet Storm News
Packet Storm News
added 2025/10/14 12:0 a.m.4 views

ShuffleV: A Microarchitectural Defense Strategy against Electromagnetic Side-Channel Attacks in Microprocessors

The run-time electromagnetic EM emanation of microprocessors presents a side-channel that leaks the confidentiality of the applications running on them. Many recent works have demonstrated successful attacks leveraging such side-channels to extract the confidentiality of diverse applications, suc...

6.9AI score
Exploits0
SUSE CVE
SUSE CVE
added 2025/10/05 2:55 a.m.4 views

SUSE CVE-2023-53599

In the Linux kernel, the following vulnerability has been resolved: crypto: afalg - Fix missing initialisation affecting gcm-aes-s390 Fix afalgallocareq to initialise areq-firstrsgl.sgl.sgt.sgl to point to the scatterlist array in areq-firstrsgl.sgl.sgl. Without this, the gcm-aes-s390 driver will...

5.5CVSS6.3AI score0.0012EPSS
Exploits0References15
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2025-29376

Malicious code in bioql PyPI...

6.6AI score
Exploits0References5
Packet Storm News
Packet Storm News
added 2025/09/26 12:0 a.m.5 views

Smart Medical IoT Security Vulnerabilities: Real-Time MITM Attack Analysis, Lightweight Encryption Implementation, and Practitioner Perceptions in Underdeveloped Nigerian Healthcare Systems

The growing use of Internet of Things IoT technologies in Nigerian healthcare offers potential improvements in remote monitoring and data-driven care, but unsecured wireless communication in medical IoT mIoT devices exposes patient data to cyber threats. This study investigates such vulnerabiliti...

6.7AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/09/25 2:54 a.m.9 views

CVE-2025-58069

The use of a hard-coded cryptographic key was discovered in firmware version 3.60 of the Click Plus PLC. The vulnerability relies on the fact that the software contains a hard-coded AES key used to protect the initial messages of a new KOPS session...

6.9CVSS6.9AI score0.00244EPSS
Exploits0References1
NVD
NVD
added 2025/09/23 10:15 p.m.4 views

CVE-2025-58069

The use of a hard-coded cryptographic key was discovered in firmware version 3.60 of the Click Plus PLC. The vulnerability relies on the fact that the software contains a hard-coded AES key used to protect the initial messages of a new KOPS session...

6.9CVSS0.00244EPSS
Exploits0References2
Veracode
Veracode
added 2025/09/12 9:51 a.m.4 views

Allocation Of Resources Without Limits

Bouncy Castle is vulnerable to Allocation of Resources Without Limits. The vulnerability is due to excessive allocation due to improper handling in the AESNativeCBC.java implementation...

5.9CVSS6.7AI score0.00149EPSS
Exploits0References3Affected Software2
Gitee
Gitee
added 2025/09/06 11:51 a.m.145 views

Exploit for CVE-2020-1472

!Pythonpython-shield CVE-2020-1472 CVE-2020-1472 - Zero Logon vulnerability Python implementation Description A Python script which uses the Impacket library to test for CVE-2020-1472 - Zerologon vulnerability credits to Secura research. The flaw stems from the Netlogon Remote Protocol, available...

10CVSS8.1AI score0.99512EPSS
Exploits75
CVE
CVE
added 2025/09/05 5:43 p.m.26 views

CVE-2025-30200

ECOVACS robot vacuums and base stations are affected by CVE-2025-30200, where devices communicate over an insecure Wi‑Fi network and use a deterministic AES key that can be derived from the device serial number. The vulnerability is also described as allowing insecure firmware/over‑the‑air update...

6.3CVSS6.4AI score0.00127EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2025/08/29 9:18 a.m.7 views

CVE-2025-7071 Timing side-channel vulnerability in AES-CBC decryption with PKCS#7 padding in ocrypto library

Padding oracle attack vulnerability in Oberon microsystem AG’s ocrypto library in all versions since 3.1.0 and prior to 3.9.2 allows an attacker to recover plaintexts via timing measurements of AES-CBC PKCS7 decrypt operations...

5.9CVSS0.00083EPSS
Exploits0References1
CVE
CVE
added 2025/08/29 9:18 a.m.16 views

CVE-2025-7071

The CVE concerns Oberon microsystems AG ocrypto library. A padding oracle timing side-channel in AES-CBC decryption with PKCS#7 padding exists for ocrypto versions 3.1.0 through 3.9.1 (i.e., all versions since 3.1.0 up to but not including 3.9.2). Attackers could recover plaintexts by measuring d...

5.9CVSS6.3AI score0.00083EPSS
Exploits0References1
Rows per page
Query Builder