IBM Aspera Shares Encryption Problem Vulnerability (CNVD-2026-16873)

IBM Aspera Shares is a Web application from International Business Machines IBM. An encryption issue vulnerability exists in IBM Aspera Shares versions 1.9.9 through 1.11.0. The vulnerability stems from the use of a weak encryption algorithm and can be exploited by an attacker to decrypt highly...

Apache Tomcat Missing Encryption of Sensitive Data vulnerability

Missing Encryption of Sensitive Data vulnerability in Apache Tomcat due to the fix for CVE-2026-29146 allowing the bypass of the EncryptInterceptor. This issue affects Apache Tomcat: 11.0.20, 10.1.53, 9.0.116. Users are recommended to upgrade to version 11.0.21, 10.1.54 or 9.0.117, which fix the...

UBUNTU-CVE-2026-34486

Missing Encryption of Sensitive Data vulnerability in Apache Tomcat due to the fix for CVE-2026-29146 allowing the bypass of the EncryptInterceptor. This issue affects Apache Tomcat: 11.0.20, 10.1.53, 9.0.116. Users are recommended to upgrade to version 11.0.21, 10.1.54 or 9.0.117, which fix the...

OrangeHRM 加密问题漏洞

OrangeHRM is a human resources management system developed by the American company OrangeHRM. This system supports functions such as personnel information management, leave management, attendance management, and recruitment management. Versions of OrangeHRM prior to 5.8 contained a security...

EUVD-2026-18160

SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to cause attacker-controlled certificates to be used for future encryption to a victim by adding the certificates to S/MIME signatures...

Ubiquiti多款产品 加密问题漏洞

The Ubiquiti UniFi Network Controller and other products are all developed by the American company Ubiquiti. The Ubiquiti UniFi Network Controller is a control software platform for centralized management and monitoring of network devices. The Ubiquiti UniFi UAP consists of a series of wireless...

OpenClaw Encryption Problem Vulnerability (CNVD-2026-15057)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. A cryptographic issue vulnerability exists in versions prior to OpenClaw 2026.2.22. The vulnerability stems from the double use of authentication keys across security domains and can be exploited by an attacker to cause a...

WWBN AVideo 加密问题漏洞

WWBN AVideo is a video platform building system written in PHP, developed by the WWBN team. Versions of WWBN AVideo prior to 26.0 contained vulnerabilities related to encryption. These vulnerabilities stemmed from the lack of authentication during the decryptString operation, which could lead to...

PT-2026-26895

Encrypt PDF 2.3 contains a buffer overflow vulnerability that allows local attackers to crash the application by inputting excessively long strings into password fields. Attackers can paste a 1000-byte buffer into the User Password or Master Password field in the Settings dialog to trigger an...

Yi Technology YI Home Camera 2 安全漏洞

The Yi Technology YI Home Camera 2 is an intelligent home camera device developed by China's Yi Technology Company. Version 2.1.120171024151200 of the Yi Technology YI Home Camera 2 contains a security vulnerability, which stems from the use of a hard-coded encryption key in the WPA/WPS component...

SAP NetWeaver AS Java Multiple Vulnerabilities (3700960)

The version of SAP NetWeaver Application Server Java detected on the remote host is affected by a affected by a multiple vulnerabilities as disclosed in the SAP Security Patch Day March 2026: - An application trying to decrypt CMS messages encrypted using password based encryption can trigger an...

EUVD-2026-10491

The encryption mechanism used in Eaton's EasySoft project file was insecure and susceptible to brute force attacks, an attacker with access to this file and the local host machine could potentially read the sensitive information stored and tamper with the project file. This security issue has bee...

IBM Aspera faspio Gateway 加密问题漏洞

IBM Aspera faspio Gateway is a data transfer software developed by IBM Corporation. Version 1.3.6 of IBM Aspera faspio Gateway contains a vulnerability related to encryption. This vulnerability stems from the use of an encryption algorithm that is weaker than expected, which may allow attackers t...

Unitree UPK 安全漏洞

Unitree UPK is a robot firmware update package developed by the Chinese company Unitree. Unitree UPK contains a security vulnerability. This vulnerability stems from the encryption algorithm used to protect firmware updates, which uses key material that can be obtained by attackers. This could...

Binardat 10G08-0800GSM 加密问题漏洞

Binardat 10G08-0800GSM is a high-performance switch from the Chinese company Binardat. The Binardat 10G08-0800GSM has a security vulnerability related to encryption. This vulnerability stems from the use of a hardcoded key in the RC4 algorithm embedded within the client JavaScript, which may lead...

PT-2026-8031

Name of the Vulnerable Software and Affected Versions Calero VeraSMART versions prior to 2026 R1 Description The software contains hardcoded static AES encryption keys within the Veramark.Framework.dll module, specifically in the Veramark.Core.Config class. These keys are used to encrypt the...

newbee-mall 加密问题漏洞

newbee-mall is an e-commerce system developed by newbee with open source. newbee-mall has encryption-related vulnerabilities; these vulnerabilities stem from the use of the unsalted MD5 hash algorithm for storing and verifying user passwords. This allows attackers to quickly recover plaintext...

CVE-2026-0620 L2TP over IPSec Encryption Failure on ArcherAXE75

When configured as L2TP/IPSec VPN server, Archer AXE75 V1 may accept connections using L2TP without IPSec protection, even when IPSec is enabled. This allows VPN sessions without encryption, exposing data in transit and compromising confidentiality...

CVE-2025-41351 Weak encryption on Funambol's cloud server

Vulnerability that allows a Padding Oracle Attack to be performed on the Funambol v30.0.0.20 cloud server. The thumbnail display URL allows an attacker to decrypt and encrypt the parameters used by the application to generate ‘self-signed’ access URLs...

Clatter encryption issue vulnerabilities

Clatter is a Rust library developed by Joni Lepistö. Versions of Clatter prior to 2.2.0 had an encryption-related vulnerability. This vulnerability stemmed from a handshake mode that allowed violations of PSK validity rules, potentially leading to key reuse...