PT-2026-5700

Name of the Vulnerable Software and Affected Versions IBM Concert versions 1.0.0 through 2.1.0 Description IBM Concert utilizes cryptographic algorithms that are not sufficiently robust, potentially enabling an attacker to decrypt sensitive information. Recommendations Update to a version later...

Qualcomm Chipsets 安全漏洞

Qualcomm Chipsets are a series of chipset developed by Qualcomm Incorporation. There are security vulnerabilities in Qualcomm Chipsets, which arise when incorrect inputs provided by HLOS trigger trusted zones that contain exploits, potentially leading to encryption-related issues...

Brocade SANnav 安全漏洞

Brocade SANnav is a storage area network management software developed by the American company Brocade. Versions of Brocade SANnav prior to 2.4.0b contained security vulnerabilities. These vulnerabilities stemmed from printing password-based encryption keys in plain text within the system audit l...

BIT-GOLANG-2025-61730 Handshake messages may be processed at the incorrect encryption level in crypto/tls

During the TLS 1.3 handshake if multiple messages are sent in records that span encryption level boundaries for instance the Client Hello and Encrypted Extensions messages, the subsequent messages may be processed before the encryption level changes. This can cause some minor information disclosu...

EulerOS Virtualization 2.10.0 : openssl (EulerOS-SA-2026-1187)

According to the versions of the openssl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Issue summary: An application trying to decrypt CMS messages encrypted using password based encryption can trigger an out-of-bound...

CVE-2025-13399

A weakness in the web interface’s application layer encryption in VX800v v1.0 allows an adjacent attacker to brute force the weak AES key and decrypt intercepted traffic. Successful exploitation requires network proximity but no authentication, and may result in high impact to confidentiality,...

CVE-2025-57796

Explorance Blue versions prior to 8.14.12 use reversible symmetric encryption with a hardcoded static key to protect sensitive data, including user passwords and system configurations. This approach allows stored values to be decrypted offline if the encrypted data are obtained...

CVE-2025-13399

A weakness in the web interface’s application layer encryption in VX800v v1.0 allows an adjacent attacker to brute force the weak AES key and decrypt intercepted traffic. Successful exploitation requires network proximity but no authentication, and may result in high impact to confidentiality,...

CVE-2025-13399

A weakness in the web interface’s application layer encryption in VX800v v1.0 allows an adjacent attacker to brute force the weak AES key and decrypt intercepted traffic. Successful exploitation requires network proximity but no authentication, and may result in high impact to confidentiality,...

EUVD-2025-206515

A weakness in the web interface’s application layer encryption in VX800v v1.0 allows an adjacent attacker to brute force the weak AES key and decrypt intercepted traffic. Successful exploitation requires network proximity but no authentication, and may result in high impact to confidentiality,...

CVE-2025-13399

A weakness in the web interface’s application layer encryption in VX800v v1.0 allows an adjacent attacker to brute force the weak AES key and decrypt intercepted traffic. Successful exploitation requires network proximity but no authentication, and may result in high impact to confidentiality,...

CVE-2025-13399 Insecure Encryption in Communication with the Web Interface on TP-Link VX800v

A weakness in the web interface’s application layer encryption in VX800v v1.0 allows an adjacent attacker to brute force the weak AES key and decrypt intercepted traffic. Successful exploitation requires network proximity but no authentication, and may result in high impact to confidentiality,...

CVE-2025-13399 Insecure Encryption in Communication with the Web Interface on TP-Link VX800v

A weakness in the web interface’s application layer encryption in VX800v v1.0 allows an adjacent attacker to brute force the weak AES key and decrypt intercepted traffic. Successful exploitation requires network proximity but no authentication, and may result in high impact to confidentiality,...

CVE-2025-13399

The CVE-2025-13399 entry covers a weakness in the VX800v v1.0 web interface where the application-layer encryption uses a weak AES key. An adjacent attacker can brute-force this key to decrypt intercepted traffic without authentication. Impact is described as high for confidentiality, integrity, ...

openssl: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing

A flaw was found in OpenSSL. A remote attacker can exploit a stack buffer overflow vulnerability by supplying a crafted Cryptographic Message Syntax CMS message with an oversized Initialization Vector IV when parsing AuthEnvelopedData structures that use Authenticated Encryption with Associated...

CVE-2025-41351

Vulnerability that allows a Padding Oracle Attack to be performed on the Funambol v30.0.0.20 cloud server. The thumbnail display URL allows an attacker to decrypt and encrypt the parameters used by the application to generate ‘self-signed’ access URLs...

xtream-ui-security-audit

🔐 Xtream UI Security Audit & Exploitation Framework !Python...

openssl: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing

A flaw was found in OpenSSL. A remote attacker can exploit a stack buffer overflow vulnerability by supplying a crafted Cryptographic Message Syntax CMS message with an oversized Initialization Vector IV when parsing AuthEnvelopedData structures that use Authenticated Encryption with Associated...

Libgcrypt 1.12.0

Libgcrypt is a general-purpose cryptographic library based on the code from GnuPG. It provides functions for all cryptographic building blocks: symmetric ciphers AES, DES, Blowfish, CAST5, Twofish, and Arcfour, hash algorithms MD4, MD5, RIPE-MD160, SHA-1, and TIGER-192, MACs HMAC for all hash...

TP-Link VX800v security vulnerability

The TP-Link VX800v is a VoIP gateway produced by the TP-Link company. The TP-Link VX800v 1.0 version has a security vulnerability. This vulnerability stems from weaknesses in the Web interface’s application layer encryption. It could allow adjacent attackers to brute-force the weak AES key and...