CVE-2026-43134

The CVE-2026-43134 entry affects the Linux kernel Bluetooth stack. The root cause is a missing encryption key size check in the L2CAP_LE_CONN_REQ handling, which could permit a malformed L2CAP LE connection request and trigger a protocol violation. A patch was added to perform the key-size valida...

PT-2026-37474

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Bluetooth L2CAP component fails to perform a key size check when receiving L2CAP LE CONN REQ. This missing validation is contrary to the L2CAP/LE/CFC/BV-15-C requirement, which expec...

Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: ext4: Do not set the encryption key during the jbd2 transaction. A commit labeled “a80f7fcf1867” “ext4: fixup ext4fctrack functions’ signature” addressed this issue. The scope of the transaction in ext4unlink was extended too far...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: KEYS: Trusted: dcp: Fixed the leak of the blob encryption key Trusted keys unseal the key blob upon loading, but keep the sealed payload in the blob field. Thus, every subsequent read export will simply convert this field to...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: ksmbd: The issue of a null pointer dereference error in generateencryptionkey has been fixed. If a client sends two session setups with KRB5 authentication to ksmbd, a null pointer dereference error in generateencryptionkey can...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: Bluetooth: l2cap: Check the encryption key size during incoming connections. This is required for passing the GAP/SEC/SEM/BI-04-C PTS test case: - Security Mode: 4, Level: 4, Responder: Invalid Encryption Key Size - Key Size:...

CVE-2026-31543

In the Linux kernel, the following vulnerability has been resolved: crashdump: don't log dm-crypt key bytes in readkeyfromuserkeying When debug logging is enabled, readkeyfromuserkeying logs the first 8 bytes of the key payload and partially exposes the dm-crypt key. Stop logging any key bytes...

CVE-2026-31543

In the Linux kernel, the following vulnerability has been resolved: crashdump: don't log dm-crypt key bytes in readkeyfromuserkeying When debug logging is enabled, readkeyfromuserkeying logs the first 8 bytes of the key payload and partially exposes the dm-crypt key. Stop logging any key bytes...

Use of Hard-coded Cryptographic Key

Overview Affected versions of this package are vulnerable to Use of Hard-coded Cryptographic Key in the remember-me cookie encryption key and salt. An attacker can obtain full user credentials by stealing a cookie from a logged-in user if the default encryption key has not been changed. Remediati...

CVE-2026-33266 Apache OpenMeetings: Hardcoded Remember-Me Cookie Encryption Key and Salt

Use of Hard-coded Cryptographic Key vulnerability in Apache OpenMeetings. The remember-me cookie encryption key is set to default value in openmeetings.properties and not being auto-rotated. In case OM admin hasn't changed the default encryption key, an attacker who has stolen a cookie from a...

CVE-2026-33266 Apache OpenMeetings: Hardcoded Remember-Me Cookie Encryption Key and Salt

Use of Hard-coded Cryptographic Key vulnerability in Apache OpenMeetings. The remember-me cookie encryption key is set to default value in openmeetings.properties and not being auto-rotated. In case OM admin hasn't changed the default encryption key, an attacker who has stolen a cookie from a...

Intel Core Processors 安全漏洞

Intel Core Processors are central processing units CPUs from Intel Corporation in the Intel Core series. Intel Core Processors have a security vulnerability that arises from using the default encryption key, which may lead to an increase in privileges...

OpenSSL 安全漏洞

OpenSSL is an open-source encryption library developed by the OpenSSL team, capable of implementing Secure Sockets Layer SSLv2/v3 and Secure Transport Layer TLSv1 protocols. This product supports various encryption algorithms, including symmetric ciphers, hash algorithms, and secure hash...

EUVD-2026-19360

Dgraph is an open source distributed GraphQL database. Prior to 25.3.1, the restoreTenant admin mutation is missing from the authorization middleware config admin.go, making it completely unauthenticated. Unlike the similar restore mutation which requires Guardian-of-Galaxy authentication,...

Dialogue App 安全漏洞

Dialogue App is an artificial intelligence dialogue application developed by Dialogue Company. Versions of Dialogue App 4.3.2 and earlier contained security vulnerabilities, which were caused by the use of a hardcoded encryption key for the parameter SEGMENTWRITEKEY...

PT-2026-29916

The restoreTenant admin mutation is missing from the authorization middleware config admin.go:499-522, making it completely unauthenticated. Unlike the similar restore mutation which requires Guardian-of-Galaxy authentication, restoreTenant executes with zero middleware. This mutation accepts...

HCL BigFix Platform 安全漏洞

The HCL BigFix Platform is a developed by the Indian company HCL. This platform supports automatic discovery, management, and remediation of endpoint security issues. There are security vulnerabilities in the HCL BigFix Platform, which stem from insecure private encryption key permissions. This m...

CVE-2026-34236

Auth0-PHP is a PHP SDK for Auth0 Authentication and Management APIs. From version 8.0.0 to before version 8.19.0, in applications built with the Auth0 PHP SDK, cookies are encrypted with insufficient entropy, which may result in threat actors brute-forcing the encryption key and forging session...

GHSA-VJQW-W5JR-G9W5 Duplicate Advisory: OpenClaw: Feishu webhook mode accepted forged events when only `verificationToken` was configured

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-g353-mgv3-8pcj. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.12 contains an authentication bypass vulnerability in Feishu webhook mode when only...

SUSE CVE-2026-32606

IncusOS is an immutable OS image dedicated to running Incus. Prior to 202603142010, the default configuration of systemd-cryptenroll as used by IncusOS through mkosi allows for an attacker with physical access to the machine to access the encrypted data without requiring any interaction by the...