8989 matches found
AnythingLLM - Username Enumeration via Password Recovery
AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to commit e287fab56089cf8fcea9ba579a3ecdeca0daa313, the password recovery endpoint returns different error messages depending on whether a username exists, so enabling...
PSW Front-end Login & Registration 1.13 - Weak Password Recovery
PSW Front-end Login & Registration plugin for WordPress contains a weak password recovery mechanism that can be exploited by unauthenticated attackers. This vulnerability affects versions through 1.13 and allows attackers to potentially gain unauthorized access. id: CVE-2025-47646 info: name: PSW...
How to Recover Data from iCloud Backup Without Resetting Your iPhone
Restore data from an iCloud backup without the necessity of resetting your iPhone. Discover proven methods to get back your photos, messages, contacts, and many more things in a very easy way...
CVE-2026-45614
A flaw was found in OP-TEE Trusted Execution Environment. This vulnerability allows a local attacker to reconstruct the private key by providing approximately 30-40 specially crafted public keys during the Elliptic Curve Diffie-Hellman ECDH shared secret generation. The system fails to verify if...
CVE-2026-36609
Mercusys AC12G EU V1 router with firmware AC12GEUV1200909 uses a static authentication nonce that does not change between requests from the same source IP. Combined with the predictable XOR-based password encoding securityEncode function, this allows an attacker to reverse captured authentication...
CVE-2026-45614 OP-TEE vulnerable to ECDH private key recovery
OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Prior to version 4.11.0, on many of the ECDH shared secret paths, the public key isn't verified to be a point on the correct curve. By...
CVE-2026-45614
OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Prior to version 4.11.0, on many of the ECDH shared secret paths, the public key isn't verified to be a point on the correct curve. By...
CVE-2026-45614 OP-TEE vulnerable to ECDH private key recovery
OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Prior to version 4.11.0, on many of the ECDH shared secret paths, the public key isn't verified to be a point on the correct curve. By...
CVE-2026-45614
OP-TEE up to version 4.10.x is vulnerable in ECDH shared secret paths where the public key isn’t verified as a valid curve point. An attacker with local access can inject ~30–40 crafted public keys to force key derivation (TEE_DeriveKey) and leak d mod r across calls, enabling recovery of the pri...
CVE-2022-49036
An inclusion of functionality from untrusted control sphere vulnerability in OpenSSL configuration in Synology Active Backup for Business Recovery Media Creator before 2.5.0-2081 allows local users to execute arbitrary code via unspecified vectors...
CVE-2022-49036
Synology Active Backup for Business Recovery Media Creator (before version 2.5.0-2081) is affected by an OpenSSL configuration vulnerability described as an inclusion of functionality from untrusted control sphere, enabling local users to execute arbitrary code via unspecified vectors. Affected c...
EUVD-2022-55998
An inclusion of functionality from untrusted control sphere vulnerability in OpenSSL configuration in Synology Active Backup for Business Recovery Media Creator before 2.5.0-2081 allows local users to execute arbitrary code via unspecified vectors...
CVE-2022-49036
An inclusion of functionality from untrusted control sphere vulnerability in OpenSSL configuration in Synology Active Backup for Business Recovery Media Creator before 2.5.0-2081 allows local users to execute arbitrary code via unspecified vectors...
CVE-2022-49036
An inclusion of functionality from untrusted control sphere vulnerability in OpenSSL configuration in Synology Active Backup for Business Recovery Media Creator before 2.5.0-2081 allows local users to execute arbitrary code via unspecified vectors...
CVE-2022-49036
An inclusion of functionality from untrusted control sphere vulnerability in OpenSSL configuration in Synology Active Backup for Business Recovery Media Creator before 2.5.0-2081 allows local users to execute arbitrary code via unspecified vectors...
CVE-2026-36609
Mercusys AC12G EU V1 router with firmware AC12GEUV1200909 uses a static authentication nonce that does not change between requests from the same source IP. Combined with the predictable XOR-based password encoding securityEncode function, this allows an attacker to reverse captured authentication...
CVE-2026-36609
Mercusys AC12G (EU) V1 router affected. The vulnerability stems from a static authentication nonce that does not change between requests from the same source IP, compounded by a predictable XOR-based password encoding (securityEncode). This combination enables an attacker who captures authenticat...
PT-2026-45927
An inclusion of functionality from untrusted control sphere vulnerability in OpenSSL configuration in Synology Active Backup for Business Recovery Media Creator before 2.5.0-2081 allows local users to execute arbitrary code via unspecified vectors...
PT-2026-45997
Mercusys AC12G EU V1 router with firmware AC12GEU V1 200909 uses a static authentication nonce that does not change between requests from the same source IP. Combined with the predictable XOR-based password encoding securityEncode function, this allows an attacker to reverse captured authenticati...
CVE-2026-36609
Mercusys AC12G EU V1 router with firmware AC12GEUV1200909 uses a static authentication nonce that does not change between requests from the same source IP. Combined with the predictable XOR-based password encoding securityEncode function, this allows an attacker to reverse captured authentication...