5770 matches found
CVE-2025-14175
A vulnerability in the SSH server of TP-Link TL-WR820N v2.80 allows the use of a weak cryptographic algorithm, enabling an adjacent attacker to intercept and decrypt SSH traffic. Exploitation may expose sensitive information and compromise confidentiality...
CVE-2025-53627
Meshtastic is an open source mesh networking solution. The Meshtastic firmware starting from version 2.5 introduces asymmetric encryption PKI for direct messages, but when the pkiencrypted flag is missing, the firmware silently falls back to legacy AES-256-CTR channel encryption. This was an...
PT-2025-53786
Name of the Vulnerable Software and Affected Versions TP-Link TL-WR820N version 2.80 Description A weakness in the SSH server implementation of the device permits the use of a weak cryptographic algorithm. This allows a nearby attacker to potentially intercept and decrypt SSH traffic, which could...
CVE-2025-68948 SiYuan: Information Disclosure and Authentication Bypass via Hardcoded Session Secret
SiYuan is self-hosted, open source personal knowledge management software. In versions 3.5.1 and prior, the SiYuan Note application utilizes a hardcoded cryptographic secret for its session store. This unsafe practice renders the session encryption ineffective. Since the sensitive AccessAuthCode ...
CVE-2025-52601
Cybersecurity Nozomi Networks Labs, a specialized security company focused on Industrial Control Systems ICS and OT/IoT security, has discovered a vulnerability in Device Manager that a hardcoded encryption key for sensitive information. An attacker can use key to decrypt sensitive information. T...
EUVD-2025-205419
Cybersecurity Nozomi Networks Labs, a specialized security company focused on Industrial Control Systems ICS and OT/IoT security, has discovered a vulnerability in Device Manager that a hardcoded encryption key for sensitive information. An attacker can use key to decrypt sensitive information. T...
PT-2025-53449
Name of the Vulnerable Software and Affected Versions Nozomi Networks Device Manager affected versions not specified Description A hardcoded encryption key exists for sensitive information within Nozomi Networks Device Manager. An attacker could leverage this key to decrypt sensitive data...
Apache StreamPark Security Bypass Vulnerability
Apache StreamPark is the United States Apache Apache Foundation of a streaming media application development framework. Apache StreamPark suffers from a security bypass vulnerability due to the use of a fixed, immutable encryption key. An attacker could exploit the vulnerability to decrypt...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the fact that encdechypercall accepts page counts instead of sizes, which could result in page mislabeling...
Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM® Db2® Big SQL
Summary Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime 8 affect IBM® Db2® Big SQL 7.x on Cloud Pak for Data 4.x Vulnerability Details CVEID:CVE-2023-38264 DESCRIPTION: The IBM SDK, Java Technology Edition's Object Request Broker ORB 7.1.0.0 through 7.1.5.21 and 8.0.0.0 through...
CVE-2025-61739
Due to Nonce reuse, attackers can perform reply attack or decrypt captured packets...
EUVD-2025-204703
Due to Nonce reuse, attackers can perform reply attack or decrypt captured packets...
CVE-2025-61739
CVE-2025-61739 concerns nonce reuse that enables a replay attack or decryption of captured packets. Documents identify the affected products as Johnson Controls IQ Panels2, IQ Panels2+, IQHub, IQPanel 4, and PowerG, with the issue rooted in nonce reuse and/or weak RNG affecting confidentiality an...
CVE-2025-61739 Johnson Controls IQ Panels2, 2+, IQHub, IQPanel 4, PowerG reusing a nonce, key pair in encryption
Due to Nonce reuse, attackers can perform reply attack or decrypt captured packets...
Johnson Controls IQ series和Johnson Controls PowerG 安全漏洞
The Johnson Controls IQ series and Johnson Controls PowerG are both products of Johnson Controls, Inc.The Johnson Controls IQ series is a series of intelligent security and automation control platforms.The Johnson Johnson Controls PowerG is a communications device. A security vulnerability exists...
📄 Dahua TPC-AEBF5201 P2P Camera ToolsComplete Security Analysis Suite
This PHP proof-of-concept provides defensive tooling to analyze DH-P2P / Easy4IP behaviors observed during DFIR activities. It includes routines to decrypt Account1SecEData, derive device-specific cryptographic keys, and reproduce authentication code generation logic. The project is intended to...
Use of a Broken or Risky Cryptographic Algorithm
Overview Affected versions of this package are vulnerable to Use of a Broken or Risky Cryptographic Algorithm due to missing cryptographic key commitment when storing encrypted data keys in an instruction file. An attacker with write access to the S3 bucket can manipulate encrypted data keys to...
CVE-2025-14763
CVE-2025-14763 concerns the Amazon S3 Encryption Client for Java lacking key commitment when the encrypted data key (EDK) is stored in an Instruction File. This could let a user with write access to an S3 bucket introduce a rogue EDK and decrypt to different plaintext. The vulnerability is tied t...
Duplicate Advisory: python-jose denial of service via compressed JWE content
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-cjwg-qfpm-7377. This link is maintained to preserve external references. Original Description In python-jose 3.3.0 specifically jwe.decrypt, a vulnerability allows an attacker to cause a Denial-of-Service DoS...
PT-2025-51835
In python-jose 3.3.0 specifically jwe.decrypt, a vulnerability allows an attacker to cause a Denial-of-Service DoS condition by crafting a malicious JSON Web Encryption JWE token with an exceptionally high compression ratio. When this token is processed by the server, it results in significant...