Xmlseclibs 安全漏洞

Xmlseclibs is a library written in PHP that handles XML encryption and signing. A security vulnerability exists in Xmlseclibs version 3.1.3, which stems from a flaw in the libxml2 normalization process that could lead to authentication bypass...

PCI-SIG PCI Express Integrity and Data Encryption 安全漏洞

PCI-SIG PCI Express Integrity and Data Encryption is a data encryption software from PCI-SIG, USA. A security vulnerability exists in PCI-SIG PCI Express Integrity and Data Encryption that stems from insufficient re-keying and stream refresh guidance during device rebinding, which could result in...

PT-2025-50111

Name of the Vulnerable Software and Affected Versions Dell Encryption versions prior to 11.12.1 Description Dell Encryption contains an Improper Link Resolution Before File Access 'Link Following' issue. A local attacker with low privileges could potentially tamper with information by exploiting...

Siemens SINEMA Remote Connect Server 安全漏洞

Siemens SINEMA Remote Connect Server is a remote network management platform from Siemens Germany. The platform is primarily used to remotely access, maintain, control and diagnose the underlying network. A security vulnerability exists in Siemens SINEMA Remote Connect Server versions prior to V3...

Inadequate Encryption Strength

Overview altcha is a Privacy-first CAPTCHA widget, compliant with global regulations GDPR/HIPAA/CCPA/LGDP/DPDPA/PIPL and WCAG accessible. No tracking, self-verifying. Affected versions of this package are vulnerable to Inadequate Encryption Strength in the Proof of Work obfuscation scheme. An...

Inadequate Encryption Strength

Overview org.webjars.npm:altcha is a Privacy-first CAPTCHA widget, compliant with global regulations GDPR/HIPAA/CCPA/LGDP/DPDPA/PIPL and WCAG accessible. No tracking, self-verifying. Affected versions of this package are vulnerable to Inadequate Encryption Strength in the Proof of Work obfuscatio...

CVE-2023-53769

In the Linux kernel, the following vulnerability has been resolved: virt/coco/sev-guest: Double-buffer messages The encryption algorithms read and write directly to shared unencrypted memory, which may leak information as well as permit the host to tamper with the message integrity. Instead, copy...

UBUNTU-CVE-2023-53769

In the Linux kernel, the following vulnerability has been resolved: virt/coco/sev-guest: Double-buffer messages The encryption algorithms read and write directly to shared unencrypted memory, which may leak information as well as permit the host to tamper with the message integrity. Instead, copy...

openssl: Out-of-bounds read & write in RFC 3211 KEK Unwrap

A flaw was found in the OpenSSL CMS implementation RFC 3211 KEK Unwrap. This vulnerability allows memory corruption, an application level denial of service, or potential execution of attacker-supplied code via crafted CMS messages using password-based encryption PWRI...

CVE-2023-53769 virt/coco/sev-guest: Double-buffer messages

In the Linux kernel, the following vulnerability has been resolved: virt/coco/sev-guest: Double-buffer messages The encryption algorithms read and write directly to shared unencrypted memory, which may leak information as well as permit the host to tamper with the message integrity. Instead, copy...

PT-2025-49499

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The encryption algorithms within the kernel’s virt/coco/sev-guest component directly read from and write to shared unencrypted memory. This practice could potentially expose information...

Linux Distros Unpatched Vulnerability : CVE-2025-66549

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Nextcloud Desktop is the desktop sync client for Nextcloud. Prior to 3.16.5, when trying to manually lock a file inside an end-to-end encrypted directory, the...

The US Won't Sanction China for Salt Typhoon Hacking

Plus: Officials warn of a disturbingly stealthy Chinese malware specimen, a CISA nomination stalls, and more...

CVE-2025-66549 Nextcloud Desktop discloses information when attempting to lock a file inside a end-to-end encrypted directory

Nextcloud Desktop is the desktop sync client for Nextcloud. Prior to 3.16.5, when trying to manually lock a file inside an end-to-end encrypted directory, the path of the file was sent to the server unencrypted, making it possible for administrators to see it in log files. This vulnerability is...

CVE-2025-63363

A lack of Management Frame Protection in Waveshare RS232/485 TO WIFI ETH B Serial to Ethernet/Wi-Fi Gateway Firmware V3.1.1.0: HW 4.3.2.1: Webpage V7.04T.07.002880.0301 allows attackers to execute de-authentication attacks, allowing crafted deauthentication and disassociation frames to be broadca...

CVE-2025-63363

CVE-2025-63363 affects Waveshare RS232/485 TO WIFI ETH (B) Serial to Ethernet/Wi‑Fi Gateway. The root cause is a lack of Management Frame Protection in firmware version 3.1.1.0 (HW 4.3.2.1; Webpage 7.04T.07.002880.0301), enabling de‑authentication attacks via crafted frames broadcast without auth...

PT-2025-49179

Name of the Vulnerable Software and Affected Versions Apache StreamPark versions 2.0.0 through 2.1.6 Description The system utilizes weak encryption keys, either fixed or derived directly from user passwords, when encrypting sensitive data. Attackers may obtain these keys through reverse...

Exploit for CVE-2025-41744

Lab: CVE-2025-41744 - Use of Default Cryptographic Key in Spre...

Exploit for CVE-2025-38001

Lab: CVE-2025-41744 - Use of Default Cryptographic Key in Spre...

CVE-2025-41743

Insufficient encryption strength in Sprecher Automation SPRECON-E-C, SPRECON-E-P, and SPRECON-E-T3 allows a local unprivileged attacker to extract data from update images and thus obtain limited information about the architecture and internal processes...