CVE-2025-62706 Authlib : JWE zip=DEF decompression bomb enables DoS

Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.5, Authlib’s JWE zip=DEF path performs unbounded DEFLATE decompression. A very small ciphertext can expand into tens or hundreds of megabytes on decrypt, allowing an attacker who can supply decryptable...

MGASA-2025-0244 Updated openssl packages fix a security vulnerability

Out-of-bounds read & write in RFC 3211 KEK Unwrap. CVE-2025-9230...

GHSA-GR7H-XW4F-WH86 Sakai kernel-impl: predictable PRNG used to generate server‑side encryption key in EncryptionUtilityServiceImpl

Impact EncryptionUtilityServiceImpl initialized an AES256TextEncryptor password serverSecretKey using RandomStringUtils with the default java.util.Random. java.util.Random is a non‑cryptographic PRNG and can be predicted from limited state/seed information e.g., start time window, substantially...

EUVD-2025-35623

Sakai kernel-impl: predictable PRNG used to generate server‑side encryption key in EncryptionUtilityServiceImpl...

CVE-2023-53713 arm64: sme: Use STR P to clear FFR context field in streaming SVE mode

In the Linux kernel, the following vulnerability has been resolved: arm64: sme: Use STR P to clear FFR context field in streaming SVE mode The FFR is a predicate register which can vary between 16 and 256 bits in size depending upon the configured vector length. When saving the SVE state in...

Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in jose-4.15.9.tgz

Summary Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in jose-4.15.9.tgz Vulnerability Details CVEID:CVE-2025-45767 DESCRIPTION: jose v6.0.10 was discovered to contain weak encryption. NOTE: this is disputed by a third party because the claim of "do not me...

CVE-2025-41108

The CVE describes Ghost Robotics Vision 60 (v0.27.2) as vulnerable due to a lack of encryption and authentication in its MAVLink-based communication protocol. This enables an external attacker to impersonate the control station and issue arbitrary commands to the robot, potentially gaining unauth...

Ghost Robotics Vision 60 授权问题漏洞

Ghost Robotics Vision 60 is a quadrupedal ground robot from Ghost Robotics, USA. An authorization issue vulnerability exists in Ghost Robotics Vision 60 version v0.27.2, which stems from a lack of encryption and authentication mechanisms in the communication protocol that could lead to unauthoriz...

Sakai 安全漏洞

Sakai is a freely available, feature-rich technology solution for learning, teaching, research, and collaboration from Apereo Sakai Open Source. A security vulnerability exists in Sakai versions prior to 23.5 and prior to 25.0 that stems from the use of a non-cryptographic pseudo-random number...

SUSE SLES12 Security Update : krb5 (SUSE-SU-2025:3698-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2025:3698-1 advisory. - CVE-2025-3576: weakness in the MD5 checksum design allows for spoofing of GSSAPI-protected messages that are using RC4-HMAC-MD5 bsc1241219. Krb5 as...

Separating Pseudorandom Generators from Logarithmic Pseudorandom States

Pseudorandom generators PRGs are a foundational primitive in classical cryptography, underpinning a wide range of constructions. In the quantum setting, pseudorandom quantum states PRSs were proposed as a potentially weaker assumption that might serve as a substitute for PRGs in cryptographic...

NeuVector is shipping cryptographic material into its binary

Impact NeuVector used a hard-coded cryptographic key embedded in the source code. At compilation time, the key value was replaced with the secret key value and used to encrypt sensitive configurations when NeuVector stores the data. In the patched version, NeuVector leverages the Kubernetes secre...

GHSA-H773-7GF7-9M2X NeuVector is shipping cryptographic material into its binary

Impact NeuVector used a hard-coded cryptographic key embedded in the source code. At compilation time, the key value was replaced with the secret key value and used to encrypt sensitive configurations when NeuVector stores the data. In the patched version, NeuVector leverages the Kubernetes secre...

CVE-2025-56802

The Reolink desktop application uses a hard-coded and predictable AES encryption key to encrypt user configuration files allowing attackers with local access to decrypt sensitive application data stored in %APPDATA%. A different vulnerability than CVE-2025-56801. NOTE: the Supplier's position is...

CVE-2025-56802

The Reolink desktop application uses a hard-coded and predictable AES encryption key to encrypt user configuration files allowing attackers with local access to decrypt sensitive application data stored in %APPDATA%. A different vulnerability than CVE-2025-56801. NOTE: the Supplier's position is...

Meta Rolls Out New Tools to Protect WhatsApp and Messenger Users from Scams

Meta on Tuesday said it's launching new tools to protect Messenger and WhatsApp users from potential scams. To that end, the company said it's introducing new warnings on WhatsApp when users attempt to share their screen with an unknown contact during a video call so as to prevent them from givin...

Exploit for Out-of-bounds Write in Mediatek Software_Development_Kit

What is Registry Exploit? Phantom-Registry-Exploit-Cve2025-20...

Apache Spark Encryption Problem Vulnerability (CNVD-2025-25376)

Apache Spark is a large-scale data processing engine that supports acyclic data streaming and in-memory computing from the Apache Foundation. Apache Spark suffers from a cryptographic issue vulnerability that stems from the use of insecure default network encryption ciphers for inter-node RPC...

EUVD-2025-35229

The Reolink Desktop Application 8.18.12 contains hardcoded credentials as the Initialization Vector IV in its AES-CFB encryption implementation allowing attackers with access to the application environment to reliably decrypt encrypted configuration data...

CVE-2025-56802

The Reolink desktop application uses a hard-coded and predictable AES encryption key to encrypt user configuration files allowing attackers with local access to decrypt sensitive application data stored in %APPDATA%. A different vulnerability than CVE-2025-56801. NOTE: the Supplier's position is...