CVE-2026-49201

The CVE-2026-49201 entry concerns Acer Wave 7 routers (upload.cgi handling device backups) with a hardcoded AES encryption key. The underlying issue is a fixed cryptographic key embedded in the backup processing binary, enabling an attacker to decrypt, modify, and re-encrypt backups, which can fa...

EUVD-2026-33271

The upload.cgi binary, responsible for processing device backups, contains a hardcoded AES encryption key. This allows an attacker to decrypt, modify, and re-encrypt system backups, facilitating persistent backdoor injection...

BIT-JOOMLA-2026-48902 Joomla! Core - [20260518] - Transport encryption downgrade for password and username reset links

The password and username reset features created plain http links for https connections if the "Force SSL" flag wasn't explicitly set...

[SECURITY] Fedora 43 Update: openbao-2.5.4-1.fc43

Openbao secures, stores, and tightly controls access to tokens, passwords, certificates, API keys, and other secrets in modern computing. Openbao handles leasing, key revocation, key rolling, and auditing. Through a unified API, us ers can access an encrypted Key/Value store and network...

PT-2026-44800

Name of the Vulnerable Software and Affected Versions Acer Wave 7 router affected versions not specified Description The upload.cgi binary, which processes device backups, contains a hardcoded AES encryption key. This allows an attacker to decrypt, modify, and re-encrypt system backups, which can...

Acer Wave 7 router 安全漏洞

The Acer Wave 7 router is a three-band wireless router from Acer, a company based in Taiwan, China. The Acer Wave 7 router has a security vulnerability. This vulnerability allows attackers to decrypt, modify, and re-encrypt system backups, enabling persistent backdoors attacks...

Why browsing with Opera’s VPN is safer

Security Why browsing with Opera’s VPN is safer Share May 29th, 2026 A virtual private network VPN is a great way to protect yourself online, especially on public hotspots. Opera is the first major browser to have a built-in, no-log, unlimited browser VPN that is completely free. So how can you...

CVE-2026-45787

electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. Prior to 3.9.5, deterministic AES-192-CBC with a fixed zero IV, constant KDF salt, and no MAC leads to confidentiality and integrity failures for synced bookmark/profile data. Attackers can crack common...

Security Bulletin: Multiple vulnerabilities within WebSphere Application Server, affect IBM Tivoli Monitoring.

Summary Multiple vulnerabilities within WebSphere Application Server which is included as part of IBM Tivoli Monitoring ITM portal server have been addressed. Vulnerability Details CVEID:CVE-2025-12635 DESCRIPTION: IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server...

CVE-2026-45787

The CVE-2026-45787 entry concerns electerm, an open-source terminal/SSH/etc. client. Technical details in connected sources show that versions prior to 3.9.5 use deterministic AES-192-CBC with a fixed zero IV, a constant KDF salt, and no MAC, causing confidentiality and integrity failures for syn...

CVE-2026-45787 electerm's encrypt method not safe enough

electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. Prior to 3.9.5, deterministic AES-192-CBC with a fixed zero IV, constant KDF salt, and no MAC leads to confidentiality and integrity failures for synced bookmark/profile data. Attackers can crack common...

RLSA-2026:19186 Important: buildah security update

The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a working container, either from scratch or using an image as a starting point; Create an image, either from a working container or using the instructions in a...

RLSA-2026:19353 Important: opentelemetry-collector security update

Collector with the supported components for a Rocky Enterprise Software Foundation build of OpenTelemetry Security Fixes: net/url: Incorrect parsing of IPv6 host literals in net/url CVE-2026-25679 google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to...

buildah security update

An update is available for buildah. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The buildah package provides a tool for facilitating building OCI container...

RLSA-2026:18824 Moderate: luksmeta security update

LUKSMeta is a simple library for storing metadata in the LUKSv1 header. The luksmeta package is a dependency of the clevis and tang packages, together providing the Network Bound Disk Encryption NBDE in Rocky Linux. Security Fixes: luksmeta: Data corruption when handling LUKS1 partitions with...

USN-8340-1: LibreOffice vulnerability

Duc Anh Nguyen discovered that LibreOffice incorrectly handled mismatched encryption salt parameters in crafted OOXML documents. An attacker could use this issue to cause LibreOffice to crash, resulting in a denial of service, or possibly execute arbitrary code...

USN-8340-1 libreoffice vulnerability

Duc Anh Nguyen discovered that LibreOffice incorrectly handled mismatched encryption salt parameters in crafted OOXML documents. An attacker could use this issue to cause LibreOffice to crash, resulting in a denial of service, or possibly execute arbitrary code...

kernel: Bluetooth: MGMT: validate LTK enc_size on load

A flaw was found in the Linux kernel's Bluetooth management MGMT component. An attacker could exploit a vulnerability in how Long Term Keys LTK are loaded. By providing an oversized encryption size, a stack buffer overflow can occur, potentially leading to a denial of service...

kernel: Bluetooth: MGMT: validate LTK enc_size on load

A flaw was found in the Linux kernel's Bluetooth management MGMT component. An attacker could exploit a vulnerability in how Long Term Keys LTK are loaded. By providing an oversized encryption size, a stack buffer overflow can occur, potentially leading to a denial of service...

CVE-2026-49000

An insecure password scheme refers to vulnerabilities arising from improper selection of encryption algorithms, inadequate key management, or flawed code implementation, which may lead to data leakage or tampering, such as hard-coded keys or the use of weak encryption algorithms...