Lucene search
+L

233 matches found

EUVD
EUVD
added 2026/01/13 7:17 p.m.5 views

EUVD-2026-2022

Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, AES/CBC/PKCS5Padding lacks authentication, making it vulnerable to padding oracle attacks and ciphertext manipulation. This vulnerability is fixed in 2.2...

8.7CVSS6.3AI score0.00172EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/01/13 12:0 a.m.5 views

Jervis 加密问题漏洞

Jervis is an automation tool from the personal developer Sam Gleske. Versions of Jervis prior to 2.2 suffer from a cryptographic issue vulnerability that stems from the lack of authentication in AES/CBC/PKCS5Padding, which makes it susceptible to padded predicate attacks and ciphertext manipulati...

8.7CVSS5.8AI score0.00172EPSS
Exploits0References3
OSV
OSV
added 2025/12/14 5:16 a.m.4 views

UBUNTU-CVE-2025-67897

In Sequoia before 2.1.0, aeskeyunwrap panics if passed a ciphertext that is too short. A remote attacker can take advantage of this issue to crash an application by sending a victim an encrypted message with a crafted PKESK or SKESK packet...

5.3CVSS5.8AI score0.00302EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/12/14 12:0 a.m.7 views

PT-2025-51146

Name of the Vulnerable Software and Affected Versions Sequoia versions prior to 2.1.0 Description A flaw exists in Sequoia that, when provided with a short ciphertext during the aes key unwrap process, causes a panic. An attacker can exploit this to cause an application crash by sending a special...

5.3CVSS6.4AI score0.00302EPSS
Exploits0References12
RedhatCVE
RedhatCVE
added 2025/12/13 3:58 p.m.6 views

CVE-2025-54981

Weak Encryption Algorithm in StreamPark, The use of an AES cipher in ECB mode and a weak random number generator for encrypting sensitive data, including JWT tokens, may have risked exposing sensitive authentication data This issue affects Apache StreamPark: from 2.0.0 before 2.1.7. Users are...

7.5CVSS7AI score0.0022EPSS
Exploits0References1
Veracode
Veracode
added 2025/12/13 4:33 a.m.6 views

Weak Encryption

org.apache.streampark, streampark is vulnerable to weak encryption. The vulnerability is due to the use of AES encryption in ECB mode along with a weak random number generator for protecting sensitive data, which allows an attacker to potentially expose or recover sensitive authentication...

7.5CVSS6.6AI score0.0022EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/12 3:30 p.m.14 views

Apache StreamPark uses a Weak Encryption Algorithm

Weak Encryption Algorithm in StreamPark, The use of an AES cipher in ECB mode and a weak random number generator for encrypting sensitive data, including JWT tokens, may have risked exposing sensitive authentication data This issue affects Apache StreamPark: from 2.0.0 before 2.1.7. Users are...

7.5CVSS7.1AI score0.0022EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2025/12/12 3:15 p.m.9 views

CVE-2025-54981

Weak Encryption Algorithm in StreamPark, The use of an AES cipher in ECB mode and a weak random number generator for encrypting sensitive data, including JWT tokens, may have risked exposing sensitive authentication data This issue affects Apache StreamPark: from 2.0.0 before 2.1.7. Users are...

7.5CVSS0.0022EPSS
Exploits0References2
OSV
OSV
added 2025/12/12 3:10 p.m.5 views

CVE-2025-54981 Apache StreamPark: Weak Encryption Algorithm in StreamPark

Weak Encryption Algorithm in StreamPark, The use of an AES cipher in ECB mode and a weak random number generator for encrypting sensitive data, including JWT tokens, may have risked exposing sensitive authentication data This issue affects Apache StreamPark: from 2.0.0 before 2.1.7. Users are...

7.5CVSS6AI score0.0022EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/12/12 12:0 a.m.12 views

PT-2025-50981

Name of the Vulnerable Software and Affected Versions Gladinet CentreStack and Triofox versions prior to 16.12.10420.56791 Description Gladinet CentreStack and Triofox utilize hardcoded values in their AES cryptoscheme implementation. This weakens security, particularly for publicly exposed...

9.8CVSS6.7AI score0.50949EPSS
Exploits3References28
OSV
OSV
added 2025/11/24 3:30 p.m.3 views

GHSA-JQG8-M35Q-JH7J Apache Syncope's AES encryption stores hard-coded passwords in internal database

Apache Syncope can be configured to store the user password values in the internal database with AES encryption, though this is not the default option. When AES is configured, the default key value, hard-coded in the source code, is always used. This allows a malicious attacker, once obtained...

7.5CVSS6.7AI score0.00448EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2025/11/24 12:0 a.m.12 views

PT-2025-47918

Name of the Vulnerable Software and Affected Versions Apache Syncope versions prior to 3.0.15 Apache Syncope versions prior to 4.0.3 Description Apache Syncope, when configured to use AES encryption for storing user passwords in its internal database, utilizes a hard-coded default key. This allow...

7.5CVSS6.7AI score0.00448EPSS
Exploits0References23
Packet Storm News
Packet Storm News
added 2025/11/17 12:0 a.m.8 views

A Fuzzy Logic-Based Cryptographic Framework for Real-Time Dynamic Key Generation for Enhanced Data Encryption

With the ever-growing demand for cybersecurity, static key encryption mechanisms are increasingly vulnerable to adversarial attacks due to their deterministic and non-adaptive nature. Brute-force attacks, key compromise, and unauthorized access have become highly common cyber threats. This resear...

6.8AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/11/13 12:0 a.m.3 views

Siemens SIMATIC S7-1500 Exposure of Resource to Wrong Sphere (CVE-2019-12904)

In Libgcrypt 1.8.4, the C implementation of AES is vulnerable to a flush-and-reload side-channel attack because physical addresses are available to other processes. The C implementation is used on platforms where an assembly-language implementation is unavailable. NOTE: the vendor's position is...

5.9CVSS6.7AI score0.02063EPSS
Exploits0References4
RustSec
RustSec
added 2025/11/07 12:0 p.m.5 views

Underflow in aes_key_unwrap function

The aeskeyunwrap function would panic if passed a ciphertext that was too short. In a debug build, it would panic due to a subtraction underflow. In a release build, it would use the small negative quantity to allocate a vector. Since the allocator expects an unsigned quantity, the negative value...

5.3CVSS6.9AI score0.00302EPSS
Exploits0Affected Software1
OSV
OSV
added 2025/10/31 9:30 a.m.3 views

GHSA-97W9-V595-3H5Q cryptidy allows code execution via untrusted data due to pickle.loads

cryptidy through 1.2.4 allows code execution via untrusted data because pickle.loads is used. This occurs in aesdecryptmessage in symmetricencryption.py...

6.9CVSS6.3AI score0.00228EPSS
Exploits1References4
Cvelist
Cvelist
added 2025/10/31 12:0 a.m.11 views

CVE-2025-63675

cryptidy through 1.2.4 allows code execution via untrusted data because pickle.loads is used. This occurs in aesdecryptmessage in symmetricencryption.py...

6.9CVSS0.00228EPSS
Exploits1References2
Packet Storm News
Packet Storm News
added 2025/10/26 12:0 a.m.6 views

RejSCore: Rejection Sampling Core for Multivariate-Based Public Key Cryptography

Post-quantum multivariate public key cryptography MPKC schemes resist quantum threats but require heavy operations, such as rejection sampling, which challenge resource-limited devices. Prior hardware designs have addressed various aspects of MPKC signature generation. However, rejection sampling...

6.8AI score
Exploits0
OSV
OSV
added 2025/10/24 11:15 p.m.5 views

UBUNTU-CVE-2025-12194

Uncontrolled Resource Consumption vulnerability in Legion of the Bouncy Castle Inc. Bouncy Castle for Java FIPS bc-fips on All API modules, Legion of the Bouncy Castle Inc. Bouncy Castle for Java LTS bcprov-lts8on on All API modules allows Excessive Allocation. This vulnerability is associated wi...

5.9CVSS5.8AI score0.00142EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/22 10:19 p.m.20 views

EUVD-2025-35634

Sakai is a Collaboration and Learning Environment. Prior to versions 23.5 and 25.0, EncryptionUtilityServiceImpl initialized an AES256TextEncryptor password serverSecretKey using RandomStringUtils with the default java.util.Random. java.util.Random is a non‑cryptographic PRNG and can be predicted...

2.6CVSS6.2AI score0.00182EPSS
Exploits0References2
Rows per page
Query Builder