Swift Crypto: X-Wing HPKE Decapsulation Accepts Malformed Ciphertext Length

The X-Wing decapsulation path accepts attacker-controlled encapsulated ciphertext bytes without enforcing the required fixed ciphertext length. The decapsulation call is forwarded into a C API, which expects a compile-time fixed-size ciphertext buffer of 1120 bytes. This creates an FFI...

PT-2026-30013

Impact This is a missing encryption vulnerability CWE-311 affecting inter-Node Pod traffic. In Antrea clusters configured for dual-stack networking with IPsec encryption enabled trafficEncryptionMode: ipsec, Antrea fails to apply encryption for IPv6 Pod traffic. While the IPv4 traffic is correctl...

PropertyGuru AgentNet Singapore App 安全漏洞

The PropertyGuru AgentNet Singapore App is a mobile application used by PropertyGuru in Singapore as an real estate agency. The PropertyGuru AgentNet Singapore App versions prior to 23.7.10 contained a security vulnerability, which was caused by the use of hardcoded encryption keys for parameters...

Noelse Individuals & Pro App 安全漏洞

Noelse Individuals & Pro App is a financial services app developed by the French company Noelse, designed for individual and professional users to manage online accounts, handle payments, and access financial tools. The Noelse Individuals & Pro App versions 2.1.7 and earlier contain security...

Dialogue App 安全漏洞

Dialogue App is an artificial intelligence dialogue application developed by Dialogue Company. Versions of Dialogue App 4.3.2 and earlier contained security vulnerabilities, which were caused by the use of a hardcoded encryption key for the parameter SEGMENTWRITEKEY...

KLA90975 Multiple vulnerabilities in Apache Tomcat

Multiple vulnerabilities were found in Apache Tomcat. Malicious users can exploit these vulnerabilities to obtain sensitive information, bypass security restrictions. Below is a complete list of vulnerabilities: 1. Improper Encoding or Escaping of Output vulnerability in the JsonAccessLogValve...

Antrea has Missing Encryption of Sensitive Data

This is a missing encryption vulnerability CWE-311 affecting inter-Node Pod traffic. In Antrea clusters configured for dual-stack networking with IPsec encryption enabled trafficEncryptionMode: ipsec, Antrea fails to apply encryption for IPv6 Pod traffic. While the IPv4 traffic is correctly...

EUVD-2026-18554

The stored API keys in temporary browser client is not marked as protected allowing for JavScript console or other errors to allow for extraction of the encryption credentials...

CVE-2026-35467

The stored API keys in temporary browser client is not marked as protected allowing for JavScript console or other errors to allow for extraction of the encryption credentials...

CVE-2026-35467

The stored API keys in temporary browser client is not marked as protected allowing for JavScript console or other errors to allow for extraction of the encryption credentials...

CVE-2026-35467

CVE-2026-35467 concerns unprotected storage of API keys in a temporary browser client (IndexedDB), allowing exposure of encryption credentials via JavaScript console or similar errors. Multiple sources (NVD, Red Hat, ENISA EUVD, CIRCL, CVE List, AttackersKB, CVE records) describe the same issue w...

CVE-2026-5420

A security flaw has been discovered in Shinrays Games Goods Triple App up to 1.200. The affected element is an unknown function of the file jRwTX.java of the component cats.goods.sort.sorting.games. Performing a manipulation of the argument AESIV/AESPASSWORD results in use of hard-coded...

HTTPS Fetch, Windows Command Shell, Bind TCP Stager (RC4 Stage Encryption, Metasm)

Fetch and execute an x86 payload from an HTTPS server. Spawn a piped command shell staged. Listen for a connection Module Options msf use payload/cmd/windows/https/x86/shell/bindtcprc4 msf payloadbindtcprc4 show actions ...actions... msf payloadbindtcprc4 set ACTION msf payloadbindtcprc4 show...

HTTPS Fetch, Bind TCP Stager (RC4 Stage Encryption, Metasm)

Fetch and execute an x86 payload from an HTTPS server. Listen for a connection Module Options msf use payload/cmd/windows/https/x86/vncinject/bindtcprc4 msf payloadbindtcprc4 show actions ...actions... msf payloadbindtcprc4 set ACTION msf payloadbindtcprc4 show options ...show and set options...

HTTPS Fetch, Windows Upload/Execute, Reverse TCP Stager (RC4 Stage Encryption, Metasm)

Fetch and execute an x86 payload from an HTTPS server. Uploads an executable and runs it staged. Connect back to the attacker Module Options msf use payload/cmd/windows/https/x86/upexec/reversetcprc4 msf payloadreversetcprc4 show actions ...actions... msf payloadreversetcprc4 set ACTION msf...

HTTPS Fetch, Windows Upload/Execute, Reverse TCP Stager (RC4 Stage Encryption DNS, Metasm)

Fetch and execute an x86 payload from an HTTPS server. Uploads an executable and runs it staged. Connect back to the attacker Module Options msf use payload/cmd/windows/https/x86/upexec/reversetcprc4dns msf payloadreversetcprc4dns show actions ...actions... msf payloadreversetcprc4dns set ACTION...

HTTPS Fetch, Bind TCP Stager (RC4 Stage Encryption, Metasm)

Fetch and execute an x86 payload from an HTTPS server. Listen for a connection Module Options msf use payload/cmd/windows/https/x86/peinject/bindtcprc4 msf payloadbindtcprc4 show actions ...actions... msf payloadbindtcprc4 set ACTION msf payloadbindtcprc4 show options ...show and set options... m...

HTTPS Fetch, Windows Upload/Execute, Bind TCP Stager (RC4 Stage Encryption, Metasm)

Fetch and execute an x86 payload from an HTTPS server. Uploads an executable and runs it staged. Listen for a connection Module Options msf use payload/cmd/windows/https/x86/upexec/bindtcprc4 msf payloadbindtcprc4 show actions ...actions... msf payloadbindtcprc4 set ACTION msf payloadbindtcprc4...

HTTP Fetch, Bind TCP Stager (RC4 Stage Encryption, Metasm)

Fetch and execute an x86 payload from an HTTP server. Listen for a connection Module Options msf use payload/cmd/windows/http/x86/meterpreter/bindtcprc4 msf payloadbindtcprc4 show actions ...actions... msf payloadbindtcprc4 set ACTION msf payloadbindtcprc4 show options ...show and set options...

HTTP Fetch, Windows Upload/Execute, Reverse TCP Stager (RC4 Stage Encryption DNS, Metasm)

Fetch and execute an x86 payload from an HTTP server. Uploads an executable and runs it staged. Connect back to the attacker Module Options msf use payload/cmd/windows/http/x86/upexec/reversetcprc4dns msf payloadreversetcprc4dns show actions ...actions... msf payloadreversetcprc4dns set ACTION ms...