MAL-2025-19727 Malicious code in epsilon-tree-easy-decrypt-iota (npm)

The package epsilon-tree-easy-decrypt-iota was found to contain malicious code...

Malicious code in cache-omega-socket-decrypt-xml (npm)

The package cache-omega-socket-decrypt-xml was found to contain malicious code...

Malicious code in epsilon-tree-easy-decrypt-iota (npm)

The package epsilon-tree-easy-decrypt-iota was found to contain malicious code...

MAL-2025-18169 Malicious code in decrypt-simulate-socket-omicron-tree (npm)

The package decrypt-simulate-socket-omicron-tree was found to contain malicious code...

MAL-2025-23264 Malicious code in integer-stack-uglify-decrypt-dog (npm)

The package integer-stack-uglify-decrypt-dog was found to contain malicious code...

MAL-2025-16423 Malicious code in cache-omega-socket-decrypt-xml (npm)

The package cache-omega-socket-decrypt-xml was found to contain malicious code...

MAL-2025-30816 Malicious code in public-object-validate-user-decrypt (npm)

The package public-object-validate-user-decrypt was found to contain malicious code...

CVE-2025-55279

This vulnerability exists in ZKTeco WL20 due to hard-coded private key stored in plaintext within the device firmware. An attacker with physical access could exploit this vulnerability by extracting the firmware and analyzing the binary data to retrieve private key stored in the firmware of the...

CVE-2025-55279 Hard-coded Private Key Vulnerability in ZKTeco WL20

This vulnerability exists in ZKTeco WL20 due to hard-coded private key stored in plaintext within the device firmware. An attacker with physical access could exploit this vulnerability by extracting the firmware and analyzing the binary data to retrieve private key stored in the firmware of the...

ZKTeco WL20 信任管理问题漏洞

The ZKTeco WL20 is an intelligent fingerprint time and attendance machine from China's Entropy Base Technology ZKTeco. The ZKTeco WL20 suffers from a trust management issue vulnerability that stems from a hard-coded private key stored in the device firmware, which could allow a physical access...

BIT-LIBPHP-2024-2408 PHP is vulnerable to the Marvin Attack

The opensslprivatedecrypt function in PHP, when using PKCS1 padding OPENSSLPKCS1PADDING, which is the default, is vulnerable to the Marvin Attack unless it is used with an OpenSSL version that includes the changes from this pull request: https://github.com/openssl/openssl/pull/13817...

Bento4 Denial of Service Vulnerability (CNVD-2026-15392)

Bento4 is an open source C++ library for reading and writing MP4 files. Bento4 suffers from a denial of service vulnerability caused by a flaw in the Mp4Decrypt file Mp4Decrypt.cpp function AP4DataBuffer::SetDataSize. An attacker can exploit this vulnerability to cause a denial of service...

Linux Distros Unpatched Vulnerability : CVE-2020-10685

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in Ansible Engine affecting Ansible Engine versions 2.7.x before 2.7.17 and 2.8.x before 2.8.11 and 2.9.x before 2.9.7 as well as Ansible Tower...

FreeScout 代码问题漏洞

FreeScout is an open source helpdesk system built on the PHP Laravel framework, designed to provide users with functionality similar to Zendesk or Help Scout, but without sacrificing privacy or freedom. Freescout suffers from a deserialization vulnerability that stems from an application that...

CVE-2025-52374

Use of hardcoded cryptographic key in Encryption.cs in hMailServer 5.8.6 and 5.6.9-beta allows attacker to decrypt passwords to other servers from hMailAdmin.exe.config file to access other hMailServer admin consoles with configured connections...

CVE-2025-52373

Use of hardcoded cryptographic key in BlowFish.cpp in hMailServer 5.8.6 and 5.6.9-beta allows attacker to decrypt passwords used in database connections from hMailServer.ini config file...

CVE-2025-52373

Use of hardcoded cryptographic key in BlowFish.cpp in hMailServer 5.8.6 and 5.6.9-beta allows attacker to decrypt passwords used in database connections from hMailServer.ini config file...

OESA-2025-1864 python-cryptography security update

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Security Fixes: A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lea...

CVE-2024-38648

A hardcoded secret in Ivanti DSM before 2024.2 allows an authenticated attacker on an adjacent network to decrypt sensitive data including user credentials...

Ivanti Desktop and Server Management 安全漏洞

Ivanti Desktop and Server Management Ivanti DSM is a multi-platform, unified endpoint management solution from Ivanti Corporation, USA. A security vulnerability exists in Ivanti Desktop and Server Management versions prior to 2024.2, which stems from a hard-coded key that could allow an...