CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

25410 matches found

CVE•added 2025/12/22 10:19 a.m.•20 views

CVE-2025-61739

CVE-2025-61739 concerns nonce reuse that enables a replay attack or decryption of captured packets. Documents identify the affected products as Johnson Controls IQ Panels2, IQ Panels2+, IQHub, IQPanel 4, and PowerG, with the issue rooted in nonce reuse and/or weak RNG affecting confidentiality an...

7.2CVSS6.5AI score0.00025EPSS

Exploits0References2

Packet Storm News•added 2025/12/22 12:0 a.m.•3 views

Elevating Intrusion Detection and Security Fortification in Intelligent Networks through Cutting-Edge Machine Learning Paradigms

The proliferation of IoT devices and their reliance on Wi-Fi networks have introduced significant security vulnerabilities, particularly the KRACK and Kr00k attacks, which exploit weaknesses in WPA2 encryption to intercept and manipulate sensitive data. Traditional IDS using classifiers face...

6.8AI score

Exploits0

SUSE CVE•added 2025/12/20 12:25 a.m.•2 views

SUSE CVE-2025-68297

In the Linux kernel, the following vulnerability has been resolved: ceph: fix crash in processv2sparseread for encrypted directories The crash in processv2sparseread for fscrypt-encrypted directories has been reported. Issue takes place for Ceph msgr2 protocol in secure mode. It can be reproduced...

5.5CVSS6.4AI score0.00028EPSS

Exploits0References20

RedhatCVE•added 2025/12/19 9:14 p.m.•4 views

CVE-2025-62002

BullWall Ransomware Containment relies on the number of file modifications to trigger detection. An authenticated attacker could encrypt a single large file without triggering a detection alert. Versions 4.6.0.0, 4.6.0.6, 4.6.0.7, and 4.6.1.4 were confirmed to be affected; other versions before a...

5.3CVSS6.7AI score0.00016EPSS

Exploits0References1

RedhatCVE•added 2025/12/19 7:9 p.m.•3 views

CVE-2025-67745

MyHoard is a daemon for creating, managing and restoring MySQL backups. Starting in version 1.0.1 and prior to version 1.3.0, in some cases, myhoard logs the whole backup info, including the encryption key. Version 1.3.0 fixes the issue. As a workaround, direct logs into /dev/null...

7.1CVSS6.7AI score0.0003EPSS

Exploits0References1

CVE•added 2025/12/19 3:37 p.m.•9 views

CVE-2025-34433

AVideo 14.3.1–20.0.x isaffected by an unauthenticated RCE due to insecure salt generation: installation salt is created with PHP uniqid(), and the installation timestamp plus a derived hashId are exposed publicly, enabling offline brute-forcing of the remaining entropy to recover the salt. Attack...

9.3CVSS8.1AI score0.41084EPSS

Exploits2References4

NVD•added 2025/12/18 9:15 p.m.•3 views

CVE-2025-62002

BullWall Ransomware Containment considers the number of files modified to trigger detection. An authenticated attacker could encrypt a single possibly large file without triggering detection if thresholds are configured to require multiple file changes. The number of files to trigger detection ca...

8.1CVSS0.00016EPSS

Exploits0References2

OSV•added 2025/12/18 9:15 p.m.•3 views

CVE-2025-62002

8.1CVSS5.8AI score0.00016EPSS

Exploits0References2

RedhatCVE•added 2025/12/18 8:37 p.m.•1 views

CVE-2025-14764

Missing cryptographic key commitment in the Amazon S3 Encryption Client for Go may allow a user with write access to the S3 bucket to introduce a new EDK that decrypts to different plaintext when the encrypted data key is stored in an "instruction file" instead of S3's metadata record. To mitigat...

6CVSS6.7AI score0.00012EPSS

Exploits0References1

RedhatCVE•added 2025/12/18 8:37 p.m.•4 views

CVE-2025-14759

Missing cryptographic key commitment in the Amazon S3 Encryption Client for .NET may allow a user with write access to the S3 bucket to introduce a new EDK that decrypts to different plaintext when the encrypted data key is stored in an "instruction file" instead of S3's metadata record. To...

6CVSS6.7AI score0.00012EPSS

Exploits0References1

ATTACKERKB•added 2025/12/18 8:33 p.m.•2 views

CVE-2025-62002

8.1CVSS5.5AI score0.00016EPSS

Exploits0References4Affected Software1

Vulnrichment•added 2025/12/18 8:33 p.m.•2 views

CVE-2025-62002 BullWall Ransomware Containment file count detection bypass

5.3CVSS6.2AI score0.00016EPSS

Exploits0References2

Cvelist•added 2025/12/18 8:33 p.m.•20 views

CVE-2025-62002 BullWall Ransomware Containment file count detection bypass

5.3CVSS0.00016EPSS

Exploits0References2

CVE•added 2025/12/18 8:33 p.m.•7 views

CVE-2025-62002

BullWall Ransomware Containment has a file-modification-based detection mechanism that can be bypassed. An authenticated attacker could encrypt a single large file without triggering alerts when thresholds are configured to require multiple file changes. Affected versions include 4.6.0.0, 4.6.0.6...

8.1CVSS6.2AI score0.00016EPSS

Exploits0References2Affected Software1

ATTACKERKB•added 2025/12/18 8:32 p.m.•2 views

CVE-2025-62000

BullWall Ransomware Containment may not always detect an encrypted file. This issue affects a specific file inspection method that evaluates file content based on header bytes. An authenticated attacker could encrypt files, preserving the first four bytes and preventing this particular method fro...

7.1CVSS5.6AI score0.00007EPSS

Exploits0References4Affected Software1

NVD•added 2025/12/18 7:16 p.m.•2 views

CVE-2025-67745

7.5CVSS0.0003EPSS

Exploits0References2

Github Security Blog•added 2025/12/18 6:52 p.m.•9 views

AWS SDK for PHP's S3 Encryption Client has a Key Commitment Issue

Summary S3 Encryption Client for PHP is an open-source client-side encryption library used to facilitate writing and reading encrypted records to S3. When the encrypted data key EDK is stored in an "Instruction File" instead of S3's metadata record, the EDK is exposed to an "Invisible Salamanders...

6CVSS7AI score0.00017EPSS

Exploits0References7Affected Software1