EUVD-2025-20494

Malicious code in bioql PyPI...

EUVD-2024-19587

Malicious code in bioql PyPI...

CVE-2025-55049

CVE-2025-55049: Use of a default cryptographic key (CWE-1394) with a root cause of hard-coded/public key in affected components. Concrete detail in sources identifies Baicells NEUTRINO430 LTE base stations as affected; other entries confirm the vulnerability name. Exploitation status is not provi...

CVE-2025-9604

A vulnerability was identified in coze-studio up to 0.2.4. The impacted element is an unknown function of the file backend/domain/plugin/encrypt/aes.go. The manipulation of the argument AuthSecretKey/StateSecretKey/OAuthTokenSecretKey leads to use of hard-coded cryptographic key . It is possible ...

Medium: cni-plugins

Issue Overview: Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally disabledpolicy validation. This only affected certificate chains which contain policy graphs, which are rather uncommon. CVE-2025-22874 Proxy-Authorization and Proxy-Authenticate headers...

Linux Distros Unpatched Vulnerability : CVE-2024-45159

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Mbed TLS 3.x before 3.6.1. With TLS 1.3, when a server enables optional authentication of the client, if the client-provided...

Linux Distros Unpatched Vulnerability : CVE-2025-22874

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally disabledpolicy validation. This only affected certificate chains whic...

Medium: ecs-init

Issue Overview: Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally disabledpolicy validation. This only affected certificate chains which contain policy graphs, which are rather uncommon. CVE-2025-22874 Proxy-Authorization and Proxy-Authenticate headers...

dirty_sock

dirtysock: Linux Privilege Escalation via snapd In January 2019, current versions of Ubuntu Linux were found to be vulnerable to local privilege escalation due to a bug in the snapd API. This repository contains the original exploit POC, which is being made available for research and education. F...

Siemens SICAM TOOLBOX II Trust Management Issue Vulnerability

Siemens SICAM TOOLBOX II is an engineering software from Siemens, Germany. A trust management issue vulnerability exists in Siemens SICAM TOOLBOX II that stems from a failure to check the extended key usage attribute of a device certificate, which could be exploited by an attacker to cause a...

Usage of ExtKeyUsageAny disables policy validation in crypto/x509

...

Medium: runc

Issue Overview: Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally disabledpolicy validation. This only affected certificate chains which contain policy graphs, which are rather uncommon. CVE-2025-22874 Proxy-Authorization and Proxy-Authenticate headers...

CVE-2025-21422 Cryptographic Issues in Automotive

Cryptographic issue while processing crypto API calls, missing checks may lead to corrupted key usage or IV reuses...

CVE-2025-21422

CVE-2025-21422 describes a cryptographic issue in Qualcomm chipsets where processing crypto API calls lacks certain checks, potentially leading to corrupted key usage or IV reuse. Connected sources tie this to Qualcomm Chipsets/Snapdragon families and classify the impact as high. Public exploit d...

CVE-2025-21422 Cryptographic Issues in Automotive

Cryptographic issue while processing crypto API calls, missing checks may lead to corrupted key usage or IV reuses...

CVE-2024-31853

A vulnerability has been identified in SICAM TOOLBOX II All versions V07.11. During establishment of a https connection to the TLS server of a managed device, the affected application doesn't check the extended key usage attribute of that device's certificate. This could allow an attacker to...

CVE-2024-31853

A vulnerability has been identified in SICAM TOOLBOX II All versions V07.11. During establishment of a https connection to the TLS server of a managed device, the affected application doesn't check the extended key usage attribute of that device's certificate. This could allow an attacker to...

Siemens SICAM TOOLBOX II 信任管理问题漏洞

Siemens SICAM TOOLBOX II is an engineering software from Siemens, Germany. A trust management issue vulnerability exists in Siemens SICAM TOOLBOX II that stems from a failure to check the extended key usage attribute of a device certificate, which could be exploited by an attacker to cause a...

Qualcomm Chipsets 加密问题漏洞

Qualcomm Chipsets are a family of chipsets from Qualcomm Incorporated USA. A cryptographic issue vulnerability exists in Qualcomm Chipsets that stems from an encryption issue when handling cryptographic API calls, which could lead to corrupted key usage or IV reuse...

CVE-2022-50091 locking/csd_lock: Change csdlock_debug from early_param to __setup

In the Linux kernel, the following vulnerability has been resolved: locking/csdlock: Change csdlockdebug from earlyparam to setup The csdlockdebug kernel-boot parameter is parsed by the earlyparam function csdlockdebug. If set, csdlockdebug invokes staticbranchenable to enable csdlockwait feature...