808 matches found
CVE-2025-69286
RAGFlow is an open-source RAG Retrieval-Augmented Generation engine. In versions prior to 0.22.0, the use of an insecure key generation algorithm in the API key and beta assistant/agent share auth token generation process allows these tokens to be mutually derivable. Specifically, both tokens are...
Post-Quantum Cryptography Key Expansion Method and Anonymous Certificate Scheme Based on NTRU
NTRU is one of the important lattice-based post-quantum cryptography methods, offering resistance against quantum computing attacks. However, a drawback of NTRU lies in its relatively low efficiency in generating key pairs. Therefore, this study proposes an NTRU-based key expansion method that...
CVE-2025-69286
RAGFlow is an open-source RAG Retrieval-Augmented Generation engine. In versions prior to 0.22.0, the use of an insecure key generation algorithm in the API key and beta assistant/agent share auth token generation process allows these tokens to be mutually derivable. Specifically, both tokens are...
CVE-2025-69286 RAGFlow has Predictable Token Generation Leading to Authentication Bypass Vulnerability
RAGFlow is an open-source RAG Retrieval-Augmented Generation engine. In versions prior to 0.22.0, the use of an insecure key generation algorithm in the API key and beta assistant/agent share auth token generation process allows these tokens to be mutually derivable. Specifically, both tokens are...
PT-2025-54469
Name of the Vulnerable Software and Affected Versions RAGFlow versions prior to 0.22.0 Description RAGFlow is a Retrieval-Augmented Generation engine. Versions prior to 0.22.0 utilize an insecure key generation algorithm when creating API keys and beta tokens assistant/agent share auth. This allo...
RAGFlow 安全漏洞
RAGFlow is an open source RAG engine based on deep document understanding from InfiniFlow Open Source. A security vulnerability exists in RAGFlow versions prior to 0.22.0 that stems from the use of insecure key generation algorithms during API key and beta token generation, which could lead to...
Cryptanalysis of Pseudorandom Error-Correcting Codes
Pseudorandom error-correcting codes PRC is a novel cryptographic primitive proposed at CRYPTO 2024. Due to the dual capability of pseudorandomness and error correction, PRC has been recognized as a promising foundational component for watermarking AI-generated content. However, the security of PR...
EUVD-2024-55350
Dormakaba Saflok System 6000 contains a predictable key generation algorithm that allows attackers to derive card access keys from a 32-bit unique identifier. Attackers can exploit the deterministic key generation process by calculating valid access keys using a simple mathematical transformation...
CVE-2024-58311
Dormakaba Saflok System 6000 contains a predictable key generation algorithm that allows attackers to derive card access keys from a 32-bit unique identifier. Attackers can exploit the deterministic key generation process by calculating valid access keys using a simple mathematical transformation...
CVE-2024-58311 Dormakaba Saflok System 6000 Key Generation Cryptographic Weakness
Dormakaba Saflok System 6000 contains a predictable key generation algorithm that allows attackers to derive card access keys from a 32-bit unique identifier. Attackers can exploit the deterministic key generation process by calculating valid access keys using a simple mathematical transformation...
CVE-2024-58311
Dormakaba Saflok System 6000 is affected by CVE-2024-58311 due to a predictable key generation algorithm that lets an attacker derive card access keys from a 32-bit card identifier. The underlying issue is a deterministic key derivation process, enabling key computation without requiring addition...
CVE-2024-58311 Dormakaba Saflok System 6000 Key Generation Cryptographic Weakness
Dormakaba Saflok System 6000 contains a predictable key generation algorithm that allows attackers to derive card access keys from a 32-bit unique identifier. Attackers can exploit the deterministic key generation process by calculating valid access keys using a simple mathematical transformation...
Dormakaba Saflok System 安全漏洞
Dormakaba Saflok System is a hotel access control and security management system from Dormakaba USA. A security vulnerability exists in Dormakaba Saflok System 6000 that stems from a predictable key generation algorithm that could lead to the derivation of card access keys...
PT-2025-50973
Name of the Vulnerable Software and Affected Versions Dormakaba Saflok System 6000 affected versions not specified Description The Dormakaba Saflok System 6000 uses a key generation algorithm that is predictable. This allows attackers to calculate card access keys from a 32-bit unique identifier...
SUSE CVE-2023-53792
In the Linux kernel, the following vulnerability has been resolved: nvme-core: fix memory leak in dhchapctrlsecret Free dhchapsecret in nvmectrldhchapctrlsecretstore before we return when nvmeauthgeneratekey returns error...
EUVD-2023-60114
In the Linux kernel, the following vulnerability has been resolved: nvme-core: fix memory leak in dhchapctrlsecret Free dhchapsecret in nvmectrldhchapctrlsecretstore before we return when nvmeauthgeneratekey returns error...
DEBIAN-CVE-2023-53792
In the Linux kernel, the following vulnerability has been resolved: nvme-core: fix memory leak in dhchapctrlsecret Free dhchapsecret in nvmectrldhchapctrlsecretstore before we return when nvmeauthgeneratekey returns error...
CVE-2023-53792 nvme-core: fix memory leak in dhchap_ctrl_secret
In the Linux kernel, the following vulnerability has been resolved: nvme-core: fix memory leak in dhchapctrlsecret Free dhchapsecret in nvmectrldhchapctrlsecretstore before we return when nvmeauthgeneratekey returns error...
CVE-2025-13470
In RNP version 0.18.0 a refactoring regression causes the symmetric session key used for Public-Key Encrypted Session Key PKESK packets to be left uninitialized except for zeroing, resulting in it always being an all-zero byte array. Any data encrypted using public-key encryption in this release...
JLSEC-2025-232 Side channel in RSA key generation and operations (SSBleed, M-Step)
Vulnerability Mbed TLS's modular inversion routine and GCD routine are vulnerable to local timing attacks in a number of settings discussed below. These functions are used in RSA, making the following operations vulnerable in all configurations: - RSA key generation with any API mbedtlsrsagenkey...