Alibaba Cloud Linux 3 : 0015: openssl (ALINUX3-SA-2026:0015)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2026:0015 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2025-9230: Issue summary: An application trying...

PT-2026-4745

The program libraries DLL and binaries used by exos 9300 contain multiple hard-coded secrets. One notable example is the function "EncryptAndDecrypt" in the library Kaba.EXOS.common.dll. This algorithm uses a simple XOR encryption technique combined with a cryptographic key cryptoKey to transform...

PT-2026-4748

The Access Manager is offering a trace functionality to debug errors and issues with the device. The trace functionality is implemented as a simple TCP socket. A tool called TraceClient.exe, provided by dormakaba via the Access Manager web interface, is used to connect to the socket and receive...

Dormakaba Access Manager security vulnerabilities

Dormakaba Access Manager is a smart hardware controller developed by the American company Dormakaba. There is a security vulnerability in Dormakaba Access Manager. This vulnerability arises from the fact that the tracking function does not require authentication or encryption, and the transmitted...

PT-2026-4755

With physical access to the device and enough time an attacker can desolder the flash memory, modify it and then reinstall it because of missing encryption. Thus, essential files, such as "/etc/passwd", as well as stored certificates, cryptographic keys, stored PINs and so on can be modified and...

Dormakaba Exos 9300 security vulnerabilities

Dormakaba Exos 9300 is an access control and security management system developed by the American company Dormakaba. Dormakaba Exos 9300 has security vulnerabilities; these vulnerabilities stem from multiple hardcoded keys contained in the program libraries and binary files, along with a weak...

DOGE May Have Misused Social Security Data, DOJ Admits

Plus: The FAA blocks drones over DHS operations, Microsoft admits it hands over Bitlocker encryption keys to the cops, and more...

CVE-2025-67652

An attacker with access to the project file could use the exposed credentials to impersonate users, escalate privileges, or gain unauthorized access to systems and services. The absence of robust encryption or secure handling mechanisms increases the likelihood of this type of exploitation, leavi...

On the Impossibility of Simulation Security for Quantum Functional Encryption

Functional encryption is a powerful cryptographic primitive that enables fine-grained access to encrypted data and underlies numerous applications. Although the ideal security notion for FE simulation security has been shown to be impossible in the classical setting, those impossibility results...

Salesforce Marketing Cloud Engagement security vulnerability

Salesforce Marketing Cloud Engagement is a digital marketing automation platform offered by the American company Salesforce. Versions of Salesforce Marketing Cloud Engagement prior to version 2026.1.21 contained security vulnerabilities. These vulnerabilities stemmed from the use of defective or...

Akamai Block Storage Makes Block Disk Encryption the Default in Terraform

Learn about the early 2026 Terraform update, how the change will affect your workflow, and how to successfully navigate any issues that may arise...

CVE-2025-67652

An attacker with access to the project file could use the exposed credentials to impersonate users, escalate privileges, or gain unauthorized access to systems and services. The absence of robust encryption or secure handling mechanisms increases the likelihood of this type of exploitation, leavi...

CVE-2025-67652

An attacker with access to the project file could use the exposed credentials to impersonate users, escalate privileges, or gain unauthorized access to systems and services. The absence of robust encryption or secure handling mechanisms increases the likelihood of this type of exploitation, leavi...

EUVD-2026-3676

sm-crypto provides JavaScript implementations of the Chinese cryptographic algorithms SM2, SM3, and SM4. A private key recovery vulnerability exists in the SM2 decryption logic of sm-crypto prior to version 0.3.14. By interacting with the SM2 decryption interface multiple times, an attacker can...

CVE-2025-27378 SQL Injection in AES Due to Inactive SQL Parsing Configuration

AES contains a SQL injection vulnerability due to an inactive configuration that prevents the latest SQL parsing logic from being applied. When this configuration is not enabled, crafted input may be improperly handled, allowing attackers to inject and execute arbitrary SQL queries...

CVE-2025-27378

AES contains a SQL injection vulnerability due to an inactive configuration that prevents the latest SQL parsing logic from being applied. When this configuration is not enabled, crafted input may be improperly handled, allowing attackers to inject and execute arbitrary SQL queries...

CVE-2025-27378 SQL Injection in AES Due to Inactive SQL Parsing Configuration

AES contains a SQL injection vulnerability due to an inactive configuration that prevents the latest SQL parsing logic from being applied. When this configuration is not enabled, crafted input may be improperly handled, allowing attackers to inject and execute arbitrary SQL queries...

AutomationDirect CLICK Programmable Logic Controller security vulnerability

The AutomationDirect CLICK Programmable Logic Controller is a programmable logic controller developed by the AutomationDirect company in the United States. The AutomationDirect CLICK Programmable Logic Controller has a security vulnerability. This vulnerability stems from the exposure of...

PT-2026-4283

Name of the Vulnerable Software and Affected Versions Project File Management System affected versions not specified Description An attacker with access to the project file could use exposed credentials to impersonate users, escalate privileges, or gain unauthorized access to systems and services...

Azure Linux 3.0 Security Update: jose (CVE-2023-50967)

The version of jose installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-50967 advisory. - latchset jose through version 11 allows attackers to cause a denial of service CPU consumption via a large p2c...