CVE-2025-9239

A vulnerability was identified in elunez eladmin up to 2.7. Affected by this vulnerability is the function EncryptUtils of the file eladmin-common/src/main/java/me/zhengjie/utils/EncryptUtils.java of the component DES Key Handler. The manipulation of the argument STRPARAM with the input Passw0rd...

CVE-2025-9239

The CVE-2025-9239 vulnerability affects elunez eladmin up to version 2.7, specifically the EncryptUtils class in the DES Key Handler (eladmin-common/src/main/java/me/zhengjie/utils/EncryptUtils.java). Manipulating the STR PARAM input (example: Passw0rd) results in inadequate encryption strength. ...

SUSE CVE-2025-45766

poco v1.14.1-release was discovered to contain weak encryption. NOTE: this issue has been disputed on the basis that key lengths are expected to be set by an application, not by this library. This dispute is subject to review under CNA rules 4.1.4, 4.1.14, and other rules; the dispute tagging is...

CLSA-2025-1754649468 Fix of 5 CVEs

OpenJDK 11.0.28 release, build 6. - CVE-2025-30749: Java 2D heap corruption, code execution/DoS - CVE-2025-30754: JSSE TLS handshake flaw, weakened encryption - CVE-2025-30761: nashorn sandbox bypass, code execution - CVE-2025-50059: HTTP client header bug, data leak - CVE-2025-50106: Glyph...

CVE-2025-45766

poco v1.14.1-release was discovered to contain weak encryption. NOTE: this issue has been disputed on the basis that key lengths are expected to be set by an application, not by this library. This dispute is subject to review under CNA rules 4.1.4, 4.1.14, and other rules; the dispute tagging is...

CVE-2025-45766

poco v1.14.1-release was discovered to contain weak encryption. NOTE: this issue has been disputed on the basis that key lengths are expected to be set by an application, not by this library. This dispute is subject to review under CNA rules 4.1.4, 4.1.14, and other rules; the dispute tagging is...

hMailServer 安全漏洞

hMailServer is an open source mail server from hMailServer Open Source. A security vulnerability exists in hMailServer version 5.8.6 and 5.6.9-beta, which stems from the use of a hard-coded key in Encryption.cs, which may lead to decryption of other server passwords...

Vulnerability of Cryptographic Services in Windows operating systems, allowing attackers to disclose protected information

The vulnerability of Cryptographic Services in Windows operating systems is related to insufficiently secure data encryption. Exploiting this vulnerability can allow a malicious actor to disclose protected information remotely...

Siemens多款产品 加密问题漏洞

Siemens RUGGEDCOM i800, among others, is a switch from Siemens, a German company. A vulnerability exists in various Siemens products due to an encryption issue that stems from the use of insecure encryption algorithms, which could lead to a man-in-the-middle attack. The following products and...

CVE-2025-29756 MQTT implementation in Sungrow iSolarCloud allowed users to subscribe to all data of all connected inverters

SunGrow's back end users system iSolarCloud https://isolarcloud.com uses an MQTT service to transport data from the user's connected devices to the user's web browser. The MQTT server however did not have sufficient restrictions in place to limit the topics that a user could subscribe to. While...

CVE-2024-20280

A vulnerability in the backup feature of Cisco UCS Central Software could allow an attacker with access to a backup file to learn sensitive information that is stored in the full state and configuration backup files. This vulnerability is due to a weakness in the encryption method that is used fo...

CVE-2023-6728

Nokia SR OS bof.cfg file encryption is vulnerable to a brute force attack. This weakness allows an attacker in possession of the encrypted file to decrypt the bof.cfg file and obtain the BOF configuration content...

CVE-2013-4104

Cryptocat before 2.0.22 has weak encryption in the Socialist Millionnaire Protocol...

PT-2025-21862 · Unknown · Calmkart Django-Sso-Server

Name of the Vulnerable Software and Affected Versions: calmkart Django-sso-server up to 057247929a94ffc358788a37ab99e391379a4d15 Description: A vulnerability was found in the function gen rsa keys of the file common/crypto.py, leading to inadequate encryption strength. The attack can be initiated...

Hitachi JP1/IT Desktop Management 2 安全漏洞

Hitachi JP1/IT Desktop Management 2 is an automatic collection of various types of information from Hitachi, Ltd. of Japan Hitachi, allowing you to manage it in one place. A security vulnerability exists in Hitachi JP1/IT Desktop Management 2 versions prior to 12-00 to 12-00-08, 11-10 to 11-10-08...

Intel Tiber Edge Platform Edge Orchestrator 加密问题漏洞

Intel Tiber Edge Platform Edge Orchestrator is an enterprise-class edge computing orchestration management platform from Intel Corporation Intel. Intel Tiber Edge Platform Edge Orchestrator suffers from an encryption issue vulnerability that stems from insufficient encryption strength and could...

Python-Programs 加密问题漏洞

Python-Programs is a collection of Python applications by the individual developer Shashikant Singh. Python-Programs suffers from an encryption issue vulnerability that stems from insufficient encryption strength, which could lead to a brute force cracking attack...

CVE-2025-2545

Vulnerability in Best Practical Solutions, LLC's Request Tracker prior to v5.0.8, where the Triple DES 3DES cryptographic algorithm is used to protect emails sent with S/MIME encryption. Triple DES is considered obsolete and insecure due to its susceptibility to birthday attacks, which could...

📄 Ruby on Rails Cross Site Request Forgery

Ruby on Rails appears to include a one time pad for cross site request forgery protections to the user, making it possible to forge valid tokens. Good morning. All current versions and all versions since the 2022/2023 "fix" to the Rails cross-site request forgery CSRF protections continue to be...

CVE-2025-30472

Corosync through 3.1.9, if encryption is disabled or the attacker knows the encryption key, has a stack-based buffer overflow in orftokenendianconvert in exec/totemsrp.c via a large UDP packet...