Use of Password Hash With Insufficient Computational Effort

Overview electerm is an open-sourced terminal/ssh/telnet/serialport/sftp client Affected versions of this package are vulnerable to Use of Password Hash With Insufficient Computational Effort due to the encrypt process. An attacker can compromise the confidentiality and integrity of synced bookma...

GHSA-G29V-Q6H7-76WH electerm's encrypt method not safe enough

Impact Insecure sync encryption: deterministic AES-192-CBC with a fixed zero IV, constant KDF salt, and no MAC leads to confidentiality and integrity failures for synced bookmark/profile data. Attackers can crack common passwords across installs and perform undetected ciphertext bit-flips to alte...

electerm's encrypt method not safe enough

Impact Insecure sync encryption: deterministic AES-192-CBC with a fixed zero IV, constant KDF salt, and no MAC leads to confidentiality and integrity failures for synced bookmark/profile data. Attackers can crack common passwords across installs and perform undetected ciphertext bit-flips to alte...

CVE-2026-45028

Astro is a web framework. Astro versions prior to 6.1.10 used AES-GCM encryption to protect the confidentiality and integrity of server island props and slots parameters, but did not bind the ciphertext to its intended component or parameter type. An attacker could replay one component's encrypte...

CVE-2026-45227

Heym before 0.0.21 contains a sandbox escape vulnerability in the custom Python tool executor that allows authenticated workflow authors to bypass sandbox restrictions by using object-graph introspection primitives. Attackers can use Python introspection techniques to recover the unrestricted...

Inadequate Encryption Strength

github.com/enchant97/note-mark/backend is vulnerable to Inadequate Encryption Strength. The vulnerability is due to missing enforcement of minimum length and entropy requirements for the JWTSECRET value, which allows an attacker to brute-force weak secrets and forge valid JWT tokens...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal in the ExtractTarGz process. An attacker can write arbitrary files to locations outside the intended extraction directory by submitting a crafted .tar.gz archive containing directory traversal sequences. This is only...

pyzipper has an encryption bypass for small files encrypted using it

Impact A Python operator precedence bug in pyzipper/zipfileaes.py caused the AE-2 format to never be automatically selected during encryption, regardless of file size or compression type. As a result, all encrypted entries are written in AE-1 format unless AE-2 is explicitly forced by the caller...

GHSA-CRQM-M339-7M2P pyzipper has an encryption bypass for small files encrypted using it

Impact A Python operator precedence bug in pyzipper/zipfileaes.py caused the AE-2 format to never be automatically selected during encryption, regardless of file size or compression type. As a result, all encrypted entries are written in AE-1 format unless AE-2 is explicitly forced by the caller...

EUVD-2025-209851

HCL AION is affected by a vulnerability where encryption is not enforced for certain data transmissions or operations. This may expose sensitive information to potential interception or unauthorized access under specific conditions...

CVE-2025-62310 HCL AION is affected by a vulnerability where encryption is not enforced for certain data transmissions or operations

HCL AION is affected by a vulnerability where encryption is not enforced for certain data transmissions or operations. This may expose sensitive information to potential interception or unauthorized access under specific conditions...

CVE-2025-62310

Technical details about CVE-2025-62310 are not publicly available in the provided documents. Monitor for updates from vendors and security advisories; no specifics on affected versions, vectors, or mitigations are available here.

CVE-2025-62310 HCL AION is affected by a vulnerability where encryption is not enforced for certain data transmissions or operations

HCL AION is affected by a vulnerability where encryption is not enforced for certain data transmissions or operations. This may expose sensitive information to potential interception or unauthorized access under specific conditions...

CVE-2025-62310

HCL AION is affected by a vulnerability where encryption is not enforced for certain data transmissions or operations. This may expose sensitive information to potential interception or unauthorized access under specific conditions...

Covert Timing Channel

Overview Affected versions of this package are vulnerable to Covert Timing Channel via the authentication process. An attacker can recover user credentials by exploiting timing differences during MD5-hashed password comparison. This is only exploitable if the database contains MD5-hashed password...

Insufficiently Protected Credentials

Overview flowise is a Flowiseai Server Affected versions of this package are vulnerable to Insufficiently Protected Credentials with the credentialName filter parameter, over the credentials API endpoint. An attacker can access encryptedData, containing encrypted credential data such as API keys,...

BIT-MONGODB-2026-8201 Use-After-Free in MongoDB FLE Query Analysis When Processing Positional Projections on Encrypted Fields

A use-after-free vulnerability exists in MongoDB's Field-Level Encryption FLE query analysis component, affecting client-side uses of mongocryptd and cryptshared. Triggering this vulnerability requires control over the structure of a client's FLE-related query. This issue impacts MongoDB Server’s...

CVE-2026-3829

The WP Encryption – One Click Free SSL Certificate & SSL / HTTPS Redirect, Security & SSL Scan plugin for WordPress is affected by CVE-2026-3829 due to missing capability checks in wple_basic_get_requests across all versions up to 7.8.5.10. This allows authenticated users with subscriber-level ac...

EUVD-2026-30228

The WP Encryption – One Click Free SSL Certificate & SSL / HTTPS Redirect, Security & SSL Scan plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on the 'wplebasicgetrequests' function in all versions up to, and including, 7.8.5.10. This makes...

CVE-2026-3829

The WP Encryption – One Click Free SSL Certificate & SSL / HTTPS Redirect, Security & SSL Scan plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on the 'wplebasicgetrequests' function in all versions up to, and including, 7.8.5.10. This makes...