54 matches found
CVE-2026-48984 pam_usb: xfree() does not call explicit_bzero — sensitive cryptographic material may linger in freed heap
pamusb provides hardware authentication for Linux using ordinary removable media. In versions 0.9.1 and below, the xfree memory release helper in calls free without first zeroing the buffer contents, releasing heap-allocated buffers containing sensitive data — including one-time pad bytes read fr...
EUVD-2026-35148
In the Linux kernel, the following vulnerability has been resolved: tpm: Use kfreesensitive to free auth session in tpmdevrelease tpmdevrelease uses plain kfree to free chip-auth, which contains sensitive cryptographic material including HMAC session keys, nonces, and passphrase data struct...
CVE-2026-36178
The factory reset functionality in GNCC GP5 v7.1.76 fails to clear sensitive cryptographic material in the JFFS2 configuration partition, possibly allowing attackers to recover and obtain sensitive user data...
EUVD-2026-34280
The factory reset functionality in GNCC GP5 v7.1.76 fails to clear sensitive cryptographic material in the JFFS2 configuration partition, possibly allowing attackers to recover and obtain sensitive user data...
PT-2026-46246
The factory reset functionality in GNCC GP5 v7.1.76 fails to clear sensitive cryptographic material in the JFFS2 configuration partition, possibly allowing attackers to recover and obtain sensitive user data...
CVE-2026-36178
GNCC GP5 v7.1.76 is affected: the factory reset does not clear sensitive cryptographic material in the JFFS2 configuration partition, potentially enabling recovery of sensitive user data. Available documents provide the issue and impact but do not specify a patch or mitigation.
CVE-2026-36178
The factory reset functionality in GNCC GP5 v7.1.76 fails to clear sensitive cryptographic material in the JFFS2 configuration partition, possibly allowing attackers to recover and obtain sensitive user data...
Malicious code in polygon-toolkit-validate (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 77c6fa5fc2aa45c8649c09e54e0f5b318b096a78a133380d18d5379621ba819c The package presents a Polygon/Polymarket validation/crypto utility but its exported APIs silently relay caller data to a hardcoded remote endpoint. ...
CVE-2026-33362 Meari SDK hardcoded cryptographic keys
In Meari IoT SDK builds embedded in CloudEdge 5.5.0 build 220, Arenti 1.8.1 build 220, and white-label Android apps = 1.8.x latest observed, multiple security-critical secrets are hardcoded and shared, including API signing material, password-transport keying, and service access keys...
CVE-2026-3564
A condition in ScreenConnect may allow an actor with access to server-level cryptographic material used for authentication to obtain unauthorized access, including elevated privileges, in certain scenarios...
EUVD-2026-12574
A condition in ScreenConnect may allow an actor with access to server-level cryptographic material used for authentication to obtain unauthorized access, including elevated privileges, in certain scenarios...
CVE-2026-3564
A condition in ScreenConnect may allow an actor with access to server-level cryptographic material used for authentication to obtain unauthorized access, including elevated privileges, in certain scenarios...
CVE-2026-3564 ScreenConnect Instance Level Cryptographic Material Exposure
A condition in ScreenConnect may allow an actor with access to server-level cryptographic material used for authentication to obtain unauthorized access, including elevated privileges, in certain scenarios...
CVE-2026-3564 ScreenConnect Instance Level Cryptographic Material Exposure
A condition in ScreenConnect may allow an actor with access to server-level cryptographic material used for authentication to obtain unauthorized access, including elevated privileges, in certain scenarios...
CVE-2026-3564
A condition in ScreenConnect may allow an actor with access to server-level cryptographic material used for authentication to obtain unauthorized access, including elevated privileges, in certain scenarios...
CVE-2026-3564
CVE-2026-3564 affects ConnectWise ScreenConnect. A condition in ScreenConnect may allow an attacker who already has access to server‑level cryptographic material used for authentication to obtain unauthorized access, including elevated privileges, in certain scenarios. Red Hat, EUVD, NVD, and CVE...
PT-2026-25901
FOR ON-PREMISE INSTALLATIONS ONLY Straight from ISAO. No changes or additions. Summary: ConnectWise disclosed a new high-severity vulnerability in ScreenConnect on March 17, 2026, tracked as CVE-2026-3564 with a CVSS score of 9.0. The vulnerability relates to how server-level cryptographic materi...
CVE-2026-28714
Unnecessary transmission of sensitive cryptographic material. The following products are affected: Acronis Cyber Protect 17 Linux, Windows before build 41186...
EUVD-2026-9949
Unnecessary transmission of sensitive cryptographic material. The following products are affected: Acronis Cyber Protect 17 Linux, Windows before build 41186...
CVE-2026-28714
Unnecessary transmission of sensitive cryptographic material. The following products are affected: Acronis Cyber Protect 17 Linux, Windows before build 41186...