511 matches found
CVE-2025-53960
When issuing JSON Web Tokens JWT, Apache StreamPark directly uses the user's password as the HMAC signing key e.g., with the HS256 algorithm. An attacker can exploit this vulnerability to perform offline brute-force attacks on the user's password using a captured JWT, or to arbitrarily forge...
CVE-2025-53960 Apache StreamPark: Uses the user’s password as the secret key
When issuing JSON Web Tokens JWT, Apache StreamPark directly uses the user's password as the HMAC signing key e.g., with the HS256 algorithm. An attacker can exploit this vulnerability to perform offline brute-force attacks on the user's password using a captured JWT, or to arbitrarily forge...
CVE-2025-53960 Apache StreamPark: Uses the user’s password as the secret key
When issuing JSON Web Tokens JWT, Apache StreamPark directly uses the user's password as the HMAC signing key e.g., with the HS256 algorithm. An attacker can exploit this vulnerability to perform offline brute-force attacks on the user's password using a captured JWT, or to arbitrarily forge...
CVE-2025-53960
Apache StreamPark (affected: 2.0.0–2.1.7) suffers from a vulnerability where JWTs are signed using the user’s password as the HMAC secret (HS256). This directly exposes passwords to offline brute-forcing via captured tokens and can allow forging of identity tokens if the password is known, potent...
CVE-2025-65849
A cryptanalytic break in Altcha Proof-of-Work obfuscation mode version 0.8.0 and later allows for remote visitors to recover the Proof-of-Work nonce in constant time via mathematical deduction. NOTE: this is disputed by the Supplier because the product's objective is "to discourage automated...
IBM Concert Encryption Issues Vulnerabilities
IBM Concert is a generative artificial intelligence-driven automated application management and monitoring tool based on the watsonx platform released in May 2024 by IBM. IBM Concert suffers from a cryptographic issue vulnerability that stems from the use of weak encryption algorithms, which can ...
CVE-2025-36150
IBM Concert 1.0.0 through 2.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information...
CVE-2025-36150
IBM Concert 1.0.0 through 2.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information...
IBM Concert 加密问题漏洞
IBM Concert is a generative artificial intelligence-driven automated application management and monitoring tool based on the watsonx platform released in May 2024 by IBM. IBM Concert suffers from a cryptographic issue vulnerability that stems from the use of weak encryption algorithms, which can ...
Files or Directories Accessible to External Parties
Overview Affected versions of this package are vulnerable to Files or Directories Accessible to External Parties via the secure persistent volume feature. An attacker can access confidential data stored in persistent volumes by providing a crafted LUKS2 volume with a null key-encryption algorithm...
Predictable Random Number Generator (PRNG)
org.sakaiproject.kernel, sakai-kernel-impl is vulnerable to Use of a Predictable Random Number Generator PRNG. The vulnerability is due to the use of java.util.Random, a non-cryptographic PRNG, for initializing the AES256TextEncryptor password, which allows an attacker to predict the encryption k...
CVE-2025-56801
The Reolink Desktop Application 8.18.12 contains hardcoded credentials as the Initialization Vector IV in its AES-CFB encryption implementation allowing attackers with access to the application environment to reliably decrypt encrypted configuration data. NOTE: the Supplier's position is that...
CVE-2025-56801
The Reolink Desktop Application 8.18.12 contains hardcoded credentials as the Initialization Vector IV in its AES-CFB encryption implementation allowing attackers with access to the application environment to reliably decrypt encrypted configuration data. NOTE: the Supplier's position is that...
EUVD-2025-35229
The Reolink Desktop Application 8.18.12 contains hardcoded credentials as the Initialization Vector IV in its AES-CFB encryption implementation allowing attackers with access to the application environment to reliably decrypt encrypted configuration data...
CVE-2025-56801
The Reolink Desktop Application 8.18.12 contains hardcoded credentials as the Initialization Vector IV in its AES-CFB encryption implementation allowing attackers with access to the application environment to reliably decrypt encrypted configuration data. NOTE: the Supplier's position is that...
EUVD-2019-2634
Malware in sbrugna...
EUVD-2018-13862
Malware in sbrugna...
EUVD-2017-10587
Malware in sbrugna...
EUVD-2018-12504
Malware in sbrugna...
EUVD-2021-25362
Malware in sbrugna...