CVE-2023-4489

The first S0 encryption key is generated with an uninitialized PRNG in Z/IP Gateway products running Silicon Labs Z/IP Gateway SDK v7.18.3 and earlier. This makes the first S0 key generated at startup predictable, potentially allowing network key prediction and unauthorized S0 network access...

CVE-2023-36199

An issue in skalenetwork sgxwallet v.1.9.0 and below allows an attacker to cause a denial of service via the trustedGenerateEcdsaKey component...

CVE-2022-40306

The login form /Login in ECi Printanista Hub formerly FMAudit Printscout before 5.5.2 July 2023 performs expensive RSA key-generation operations, which allows attackers to cause a denial of service DoS by requesting that form repeatedly...

CVE-2022-34746

An insufficient entropy vulnerability caused by the improper use of randomness sources with low entropy for RSA key pair generation was found in Zyxel GS1900 series firmware versions prior to V2.70. This vulnerability could allow an unauthenticated attacker to retrieve a private key by factoring...

CVE-2021-37546

In JetBrains TeamCity before 2021.1, an insecure key generation mechanism for encrypted properties was used...

CVE-2021-29245

BTCPay Server through 1.0.7.0 uses a weak method Next to produce pseudo-random values to generate a legacy API key...

CVE-2021-27891

SSH Tectia Client and Server before 6.4.19 on Windows have weak key generation. ConnectSecure on Windows is affected...

CVE-2021-30339

Reading PRNG output may lead to improper key generation due to lack of buffer validation in Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking...

CVE-2013-2228

SaltStack RSA Key Generation allows remote users to decrypt communications...

CVE-2018-9426

In RsaKeyPairGenerator::getNumberOfIterations of RSAKeyPairGenerator.java, an incorrect implementation could cause weak RSA key pairs being generated. This could lead to crypto vulnerability with no additional execution privileges needed. User interaction is not needed for exploitation. Bulletin...

Alibaba Cloud Linux 3 : 0043: tang (ALINUX3-SA-2024:0043)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2024:0043 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2023-1672: A race condition exists in the Tang...

CVE-2025-3853 WPshop 2 – E-Commerce 2.0.0 - 2.6.0 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary User Key Generation

The WPshop 2 – E-Commerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions 2.0.0 to 2.6.0 via the callbackgenerateapikey due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level access and above...

CVE-2025-3853 WPshop 2 – E-Commerce 2.0.0 - 2.6.0 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary User Key Generation

The WPshop 2 – E-Commerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions 2.0.0 to 2.6.0 via the callbackgenerateapikey due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level access and above...

CVE-2025-3853

CVE-2025-3853 affects WPshop 2 – E-Commerce for WordPress (versions 2.0.0–2.6.0). The vulnerability is an Insecure Direct Object Reference in the callback_generate_api_key() function due to missing validation on a user-controlled key. Exploitation requires authenticated access at Subscriber level...

PT-2025-19909 · WordPress · Wpshop 2

Name of the Vulnerable Software and Affected Versions: WPshop 2 – E-Commerce plugin for WordPress versions 2.0.0 through 2.6.0 Description: The issue allows authenticated attackers with Subscriber-level access and above to create valid API keys on behalf of other users due to missing validation o...

AESHA3: Efficient and Secure Sub-Key Generation for AES Using SHA-3

Advanced Encryption Standard AES is one of the most widely used symmetric cipher for the confidentiality of data. Also it is used for other security services, viz. integrity, authentication and key establishment. However, recently, authors have shown some weakness in the generation of sub-keys in...

Complexity of Post-Quantum Cryptography in Embedded Systems and Its Optimization Strategies

With the rapid advancements in quantum computing, traditional cryptographic schemes like Rivest-Shamir-Adleman RSA and elliptic curve cryptography ECC are becoming vulnerable, necessitating the development of quantum-resistant algorithms. The National Institute of Standards and Technology NIST ha...

Vulnerability fixed in Gladinet CentreStack

Gladinet has fixed a vulnerability in CentreStack Versions up to 16.1.10296.56315. The vulnerability is in the way hard-coded machineKeys and cryptographic keys are used, resulting in a serious deserialization vulnerability. The vulnerability allows a malicious party to generate rogue ViewState...

USN-7346-3 opensc vulnerabilities

USN-7346-1 fixed vulnerabilities in OpenSC. The update introduced a regression which broke smartcard based authentication. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that OpenSC did not correctly handle certain memory operations...

CVE-2024-43065

Cryptographic issues while generating an asymmetric key pair for RKP use cases...