CVE-2026-9274 Information Exposure Vulnerability in CP-Plus Wi-Fi Camera

This vulnerability exists in CP Plus Wi-Fi Camera due to improper protection of sensitive information in runtime memory. An attacker with physical access could exploit this vulnerability by accessing the UART interface and performing memory extraction to obtain sensitive information, including...

PT-2026-43026

This vulnerability exists in CP Plus Wi-Fi Camera due to improper protection of sensitive information in runtime memory. An attacker with physical access could exploit this vulnerability by accessing the UART interface and performing memory extraction to obtain sensitive information, including...

Phpseclib needs guardrails on large binaryfield integers

Impact Anyone loading untrusted ASN1 files eg. X509 certificates, RSA PKCS8 private or public keys, etc Patches https://github.com/phpseclib/phpseclib/commit/964d78101a70305df33f442f5490f0adb3b7e77f Workarounds No. References...

[SECURITY] [DLA 4566-1] openjdk-11 security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4566-1 [email protected] https://www.debian.org/lts/security/ Emilio Pozuelo Monfort May 06, 2026 https://wiki.debian.org/LTS -...

GPUBreach: Privilege Escalation Attacks on GPUs Using Rowhammer

NVIDIA GPUs with GDDR memories have been shown susceptible to Rowhammer-based bit-flips, similar to CPUs. However, Rowhammer exploits on GPUs have been limited to injecting untargeted bit-flips in victim data like weights of machine learning models, to degrade model accuracy, unlike CPU exploits...

[SECURITY] [DSA 6246-1] openjdk-25 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6246-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 03, 2026 https://www.debian.org/security/faq -...

[SECURITY] [DSA 6237-1] openjdk-17

------------------------------------------------------------------------- Debian Security Advisory DSA-6237-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff April 29, 2026 https://www.debian.org/security/faq -...

CVE-2026-42518

This vulnerability exists in e-Sushrut due to disclosure of sensitive information and hardcoded AES encryption keys in client-side JavaScript. An unauthenticated remote attacker could exploit this vulnerability by accessing the client-side code to extract sensitive information and cryptographic...

CVE-2026-32644 Milesight Cameras Use of Hard-coded Cryptographic Key

Specific firmware versions of Milesight AIOT cameras use SSL certificates with default private keys...

CVE-2026-32324 Anviz CX7 Firmware Use of Hard-coded Cryptographic Key

Anviz CX7 Firmware is vulnerable because the application embeds reusable certificate/key material, enabling decryption of MQTT traffic and potential interaction with device messaging channels at scale...

Linux Distros Unpatched Vulnerability : CVE-2026-20709

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use of Default Cryptographic Key in the hardware for some IntelR PentiumR Processor Silver Series, IntelR CeleronR Processor J Series, IntelR CeleronR Processor...

CVE-2025-14857

CVE-2025-14857 affects Semtech LoRa LR11xxx transceivers on early firmware versions. The flaw is an improper access control: memory write via the physical SPI interface does not enforce write protection on the program call stack, enabling overwriting of stack memory and limited arbitrary code exe...

CVE-2015-10148

Hirschmann HiLCOS devices OpenBAT, WLC, BAT300, BAT54 prior to 8.80 and OpenBAT prior to 9.10 are shipped with identical default SSH and SSL keys that cannot be changed, allowing unauthenticated remote attackers to decrypt or intercept encrypted management communications. Attackers can perform...

CVE-2015-10148 Hirschmann HiLCOS Hard-coded Credentials SSH SSL Keys

Hirschmann HiLCOS devices OpenBAT, WLC, BAT300, BAT54 prior to 8.80 and OpenBAT prior to 9.10 are shipped with identical default SSH and SSL keys that cannot be changed, allowing unauthenticated remote attackers to decrypt or intercept encrypted management communications. Attackers can perform...

CVE-2026-21765

HCL BigFix Platform is affected by insecure permissions on private cryptographic keys. The private cryptographic keys located on a Windows host machine might be subject to overly permissive file system permissions...

EUVD-2026-18095

HCL BigFix Platform is affected by insecure permissions on private cryptographic keys. The private cryptographic keys located on a Windows host machine might be subject to overly permissive file system permissions...

CVE-2026-21765

HCL BigFix Platform is affected by insecure permissions on private cryptographic keys. The private cryptographic keys located on a Windows host machine might be subject to overly permissive file system permissions...

CVE-2026-21765

HCL BigFix Platform is affected by insecure permissions on private cryptographic keys. The private cryptographic keys located on a Windows host machine might be subject to overly permissive file system permissions...

CVE-2026-21765 HCL BigFix Platform is affected by insecure permissions on private cryptographic keys

HCL BigFix Platform is affected by insecure permissions on private cryptographic keys. The private cryptographic keys located on a Windows host machine might be subject to overly permissive file system permissions...

CVE-2026-21765

CVE-2026-21765 concerns the HCL BigFix Platform, where private cryptographic keys on Windows hosts may have overly permissive file system permissions. The root cause stated is insecure permissions on private keys, potentially exposing confidentiality, integrity, and availability (all scored high)...