25412 matches found
CVE-2025-12439
Inappropriate implementation in App-Bound Encryption in Google Chrome on Windows prior to 142.0.7444.59 allowed a local attacker to obtain potentially sensitive information from process memory via a malicious file. Chromium security severity: Medium...
CVE-2025-12439
Inappropriate implementation in App-Bound Encryption in Google Chrome on Windows prior to 142.0.7444.59 allowed a local attacker to obtain potentially sensitive information from process memory via a malicious file. Chromium security severity: Medium...
CVE-2025-12439
Inappropriate implementation in App-Bound Encryption in Google Chrome on Windows prior to 142.0.7444.59 allowed a local attacker to obtain potentially sensitive information from process memory via a malicious file. Chromium security severity: Medium...
CVE-2025-12439
CVE-2025-12439 affects Google Chrome (Windows) prior to 142.0.7444.59 due to an inappropriate implementation in App-Bound Encryption. A local attacker could obtain potentially sensitive information from a process’s memory via a malicious file. This is a Chromium-based issue affecting Chrome/Chrom...
CVE-2025-12439
Inappropriate implementation in App-Bound Encryption in Google Chrome on Windows prior to 142.0.7444.59 allowed a local attacker to obtain potentially sensitive information from process memory via a malicious file. Chromium security severity: Medium...
Dell PowerScale OneFS 加密问题漏洞
DELL PowerScale OneFS is Dell's horizontally scalable clustered file system designed to manage unstructured data and support enterprise-class storage capabilities. DELL PowerScale OneFS suffers from an encryption issue vulnerability that stems from the use of an insecure encryption algorithm, whi...
Dell CloudLink Elevation of Privilege Vulnerability
Dell CloudLink is a data encryption and key management system from Dell USA. An elevation of privilege vulnerability exists in Dell CloudLink, which could be exploited by an attacker to gain access to a database and obtain confidential information...
Dell CloudLink Command Execution Vulnerability (CNVD-2025-28522)
Dell CloudLink is a data encryption and key management system from Dell USA. A command execution vulnerability exists in Dell CloudLink, which could be exploited by an attacker to execute arbitrary commands on the system...
Dell CloudLink Command Execution Vulnerability
Dell CloudLink is a data encryption and key management system from Dell USA. A command execution vulnerability exists in Dell CloudLink, which could be exploited by an attacker to execute arbitrary commands on the system...
Dell CloudLink Denial of Service Vulnerability
Dell CloudLink is a data encryption and key management system from Dell USA. A denial of service vulnerability exists in Dell CloudLink, which can be exploited by an attacker to cause a denial of service...
Dell CloudLink Command Injection Vulnerability
Dell CloudLink is a data encryption and key management system from Dell USA. A command injection vulnerability exists in Dell CloudLink, which can be exploited by an attacker to execute arbitrary commands on the system...
Dell CloudLink Operating System Command Injection Vulnerability
Dell CloudLink is a data encryption and key management system from Dell USA. Dell CloudLink suffers from an operating system command injection vulnerability that could be exploited by an attacker to cause elevation of privilege and unauthorized system access...
Dell CloudLink Command Execution Vulnerability (CNVD-2025-28523)
Dell CloudLink is a data encryption and key management system from Dell USA. A command execution vulnerability exists in Dell CloudLink, which can be exploited by an attacker to gain shell access to the system...
A Visual Perception-Based Tunable Framework and Evaluation Benchmark for H.265/HEVC ROI Encryption
ROI selective encryption, as an efficient privacy protection technique, encrypts only the key regions in the video, thereby ensuring security while minimizing the impact on coding efficiency. However, existing ROI-based video encryption methods suffer from insufficient flexibility and lack of a...
privatebin XSS
privatebin reports: Dragging a file whose filename contains HTML is reflected verbatim into the page via the drag-and-drop helper, so any user who drops a crafted file on PrivateBin will execute arbitrary JavaScript within their own session self-XSS. This allows an attacker who can entice a victi...
Whisper Leak: A novel side-channel attack on remote language models
Microsoft has discovered a new type of side-channel attack on remote language models. This type of side-channel attack could allow a cyberattacker a position to observe your network traffic to conclude language model conversation topics, despite being end-to-end encrypted via Transport Layer...
Underflow in aes_key_unwrap function
The aeskeyunwrap function would panic if passed a ciphertext that was too short. In a debug build, it would panic due to a subtraction underflow. In a release build, it would use the small negative quantity to allocate a vector. Since the allocator expects an unsigned quantity, the negative value...
Confidential Computing for Cloud Security: Exploring Hardware Based Encryption Using Trusted Execution Environments
The growth of cloud computing has revolutionized data processing and storage capacities to another levels of scalability and flexibility. But in the process, it has created a huge challenge of security, especially in terms of safeguarding sensitive data. Classical security practices, including...
GO-2025-4078 Contrast has insecure LUKS2 persistent storage partitions may be opened and used in github.com/edgelesssys/contrast
Contrast has insecure LUKS2 persistent storage partitions may be opened and used in github.com/edgelesssys/contrast...
CVE-2025-11690
An Insecure Direct Object Reference IDOR vulnerability exists in the vehicleId parameter, allowing unauthorized access to sensitive information of other users’ vehicles. Exploiting this issue enables an attacker to retrieve data such as GPS coordinates, encryption keys, initialization vectors,...