Insecure Randomness

Overview bcryptify is a Bcryptify is a modern and elegant Python library designed to simplify the use of cryptographic algorithms, while adhering to SOLID principles to ensure clean, extensible, and maintainable code. Affected versions of this package are vulnerable to Insecure Randomness via the...

FNKvision FNK-GU2 加密问题漏洞

FNKvision FNK-GU2 is a camera from FNKvision Thailand. An encryption issue vulnerability exists in FNKvision FNK-GU2 version 40.1.7 and earlier, which stems from the use of risky encryption algorithms in the /etc/shadow file...

CVE-2025-6995

Improper use of encryption in the agent of Ivanti Endpoint Manager before version 2024 SU3 and 2022 SU8 Security Update 1 allows a local authenticated attacker to decrypt other users’ passwords...

CVE-2025-6996

Improper use of encryption in the agent of Ivanti Endpoint Manager before version 2024 SU3 and 2022 SU8 Security Update 1 allows a local authenticated attacker to decrypt other users’ passwords...

CVE-2025-6996 Improper Encryption in Ivanti Endpoint Manager

Improper use of encryption in the agent of Ivanti Endpoint Manager before version 2024 SU3 and 2022 SU8 Security Update 1 allows a local authenticated attacker to decrypt other users’ passwords...

CVE-2025-6996

CVE-2025-6996 concerns Ivanti Endpoint Manager. The issue is an improper use of encryption in the agent that, on affected versions prior to 2024 SU3 and prior to 2022 SU8 Security Update 1, could let a local authenticated attacker decrypt other users’ passwords. The vulnerability affects Ivanti E...

CVE-2025-6995 Improper Encryption in Ivanti Endpoint Manager

Improper use of encryption in the agent of Ivanti Endpoint Manager before version 2024 SU3 and 2022 SU8 Security Update 1 allows a local authenticated attacker to decrypt other users’ passwords...

CVE-2025-6995

CVE-2025-6995 refers to Ivanti Endpoint Manager and describes an improper use of encryption in the agent that enables a local authenticated attacker to decrypt other users’ passwords. The issue affects versions prior to 2024 SU3 and prior to 2022 SU8 Security Update 1 . Root cause is cryptographi...

IBM OpenPages with Watson 加密问题漏洞

IBM OpenPages with Watson is an AI-powered financial risk analytics solution from International Business Machines IBM. The platform is based on AI technology to predict risk factors and minimize risks in financial activities by integrating, automatically identifying, measuring, monitoring,...

Qualcomm Chipsets 加密问题漏洞

Qualcomm Chipsets are a family of chipsets from Qualcomm Incorporated USA. A cryptographic issue vulnerability exists in Qualcomm Chipsets that stems from an encryption issue when handling cryptographic API calls, which could lead to corrupted key usage or IV reuse...

Siemens多款产品 加密问题漏洞

Siemens RUGGEDCOM i800 and others are a switch from Siemens Germany. An encryption vulnerability exists in various Siemens products that stems from support for the TLSECDHEECDSAWITHAES128CBCSHA256 cipher suite, which is vulnerable to timing attacks, and could lead to a communication compromise. T...

CVE-2025-34091

A padding oracle vulnerability exists in Google Chrome’s AppBound cookie encryption mechanism due to observable decryption failure behavior in Windows Event Logs when handling malformed ciphertext in SYSTEM-DPAPI-encrypted blobs. A local attacker can repeatedly send malformed ciphertexts to the...

CVE-2025-52925

In One Identity OneLogin Active Directory Connector before 6.1.5, encryption of the DirectoryToken was mishandled, aka ST-812...

CVE-2025-27460 CVE-2025-27460

The hard drives of the device are not encrypted using a full volume encryption feature such as BitLocker. This allows an attacker with physical access to the device to use an alternative operating system to interact with the hard drives, completely circumventing the Windows login. The attacker ca...

Endress+Hauser MEAC300-FNADE4 安全漏洞

The Endress+Hauser MEAC300-FNADE4 is a cost-effective emissions data management computer from Endress+Hauser Vietnam. A security vulnerability exists in the Endress+Hauser MEAC300-FNADE4 that stems from the use of DES encryption to store passwords, which can be exploited by an attacker to cause...

CVE-2025-52925

In One Identity OneLogin Active Directory Connector before 6.1.5, encryption of the DirectoryToken was mishandled, aka ST-812...

CVE-2025-6521

During the initial setup of the device the user connects to an access point broadcast by the Sight Bulb Pro. During the negotiation, AES Encryption keys are passed in cleartext. If captured, an attacker may be able to decrypt communications between the management app and the Sight Bulb Pro which...

CVE-2014-6274 S3 and Glacier remotes creds embedded in the git repo were not encrypted

git-annex had a bug in the S3 and Glacier remotes where if embedcreds=yes was set, and the remote used encryption=pubkey or encryption=hybrid, the embedded AWS credentials were stored in the git repository in effectively plaintext, not encrypted as they were supposed to be. This issue affects...

CVE-2025-49214

An insecure deserialization operation in the Trend Micro Endpoint Encryption PolicyServer could lead to a post-authentication remote code execution on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system to exploit this...

CVE-2025-49824 conda-smithy Insecure Encryption Vulnerable to Oracle Padding Attack

conda-smithy is a tool for combining a conda recipe with configurations to build using freely hosted CI services into a single repository. Prior to version 3.47.1, the travisencryptbinstartoken implementation in the conda-smithy package has been identified as vulnerable to an Oracle Padding Attac...