EUVD-2022-2584

Malicious code in bioql PyPI...

EUVD-2021-28602

Malicious code in bioql PyPI...

EUVD-2025-23966

Malicious code in bioql PyPI...

EUVD-2022-4389

Malicious code in bioql PyPI...

CVE-2025-57174

CVE-2025-57174 covers Siklu EtherHaul EH-8010/ EH-1200 devices (firmware 7.4.0–10.7.3) where the rfpiped service on TCP port 555 uses static, hardcoded AES keys. The keys are identical across devices, enabling an unauthenticated attacker to craft encrypted packets and trigger remote command execu...

PARROT: Portable Android Reproducible Traffic Observation Tool

The rapid evolution of mobile security protocols and limited availability of current datasets constrains research in app traffic analysis. This paper presents PARROT, a reproducible and portable traffic capture system for systematic app traffic collection using Android Virtual Devices. The system...

ECOVACS robot vacuums 安全漏洞

ECOVACS robot vacuums is a line of vacuum cleaners from the Chinese company ECOVACS. A security vulnerability exists in ECOVACS robot vacuums that stems from insecure Wi-Fi communication using predictable AES encryption keys...

CVE-2024-46916

Diebold Nixdorf Vynamic Security Suite through 4.3.0 SR06 contains functionality that allows the removal of critical system files before the filesystem is properly mounted e.g., leveraging a delete call in /etc/rc.d/init.d/mountfs to remove the /etc/fstab file. This can allow code execution and, ...

Coze Studio 安全漏洞

Coze Studio is an AI Agent visualization and development platform open-sourced by Coze Studio. A security vulnerability exists in Coze Studio 0.2.4 and earlier versions, which originates from the use of hard-coded encryption keys for the parameters AuthSecretKey/StateSecretKey/OAuthTokenSecretKey...

CVE-2024-46917

The CVE-2024-46917 entry concerns Diebold Nixdorf Vynamic Security Suite up to version 4.3.0 SR01. The vulnerability arises because integrity validation does not validate file attributes or the contents of the /root directory, enabling malicious actions. Reported impact includes code execution, r...

PT-2025-35243

Name of the Vulnerable Software and Affected Versions: Diebold Nixdorf Vynamic Security Suite versions through 4.3.0 SR01 Description: Diebold Nixdorf Vynamic Security Suite through 4.3.0 SR01 does not validate file attributes or the contents of the /root directory during integrity validation. Th...

Linux Distros Unpatched Vulnerability : CVE-2016-7440

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The C software implementation of AES Encryption and Decryption in wolfSSL formerly CyaSSL before 3.9.10 makes it easier for local users to discover AES keys by...

Linksys多款产品 安全漏洞

Linksys RE6250 and others are a wireless extender from Linksys USA. A security vulnerability exists in various Linksys products, which stems from the incorrect operation of the parameters...

Linux Distros Unpatched Vulnerability : CVE-2016-8637

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A local information disclosure issue was found in dracut before 045 when generating initramfs images with world-readable permissions when 'early cpio' is used,...

Linux Distros Unpatched Vulnerability : CVE-2020-28368

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Xen through 4.14.x allows guest OS administrators to obtain sensitive information such as AES keys from outside the guest via a side-channel attack on a...

Yet Another Mirage of Breaking MIRAGE: Debunking Occupancy-Based Side-Channel Attacks on Fully Associative Randomized Caches

Recent work presented at USENIX Security 2025 claims that occupancy-based attacks can recover AES keys from the MIRAGE randomized cache. In this paper, we examine these claims and find that they arise from fundamental modeling flaws. Most critically, the authors' simulation of MIRAGE uses a...

CVE-2025-37112

A vulnerability was discovered in the storage policy for certain sets of encryption keys in the HPE Telco Network Function Virtual Orchestrator. Successful Exploitation could lead to unauthorized parties gaining access to sensitive system information...

CVE-2025-37112

A vulnerability was discovered in the storage policy for certain sets of encryption keys in the HPE Telco Network Function Virtual Orchestrator. Successful Exploitation could lead to unauthorized parties gaining access to sensitive system information...

CVE-2025-37112

The CVE concerns HPE Telco Network Function Virtual Orchestrator. A vulnerability in the storage policy for certain encryption-key sets could allow unauthorized parties to access sensitive system information. The issue is described across multiple sources as affecting the storage policy for encry...

CVE-2025-37112 Hard-Coded Encryption Keys found in System

A vulnerability was discovered in the storage policy for certain sets of encryption keys in the HPE Telco Network Function Virtual Orchestrator. Successful Exploitation could lead to unauthorized parties gaining access to sensitive system information...