Lucene search
K

341 matches found

Fedora
Fedora
added 2026/07/04 1:7 a.m.12 views

[SECURITY] Fedora 43 Update: 7zip-26.02-1.fc43

7-Zip is a file archiver with a high compression ratio. The main features of 7-Zip are: High compression ratio in 7z format with LZMA and LZMA2 compression Supported formats: Packing / unpacking: 7z, XZ, BZIP2, GZIP, TAR, ZIP and WIM Unpacking only: AR, ARJ, CAB, CHM, CPIO, CramFS, DMG, EXT, FAT,...

6AI score
Exploits0
Fedora
Fedora
added 2026/07/03 12:56 a.m.12 views

[SECURITY] Fedora 44 Update: 7zip-26.02-1.fc44

7-Zip is a file archiver with a high compression ratio. The main features of 7-Zip are: High compression ratio in 7z format with LZMA and LZMA2 compression Supported formats: Packing / unpacking: 7z, XZ, BZIP2, GZIP, TAR, ZIP and WIM Unpacking only: AR, ARJ, CAB, CHM, CPIO, CramFS, DMG, EXT, FAT,...

5.8AI score
Exploits0
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.16 views

PT-2026-52886

Name of the Vulnerable Software and Affected Versions Envoy versions prior to 1.35.11 Envoy versions prior to 1.36.7 Envoy versions prior to 1.37.3 Envoy versions prior to 1.38.1 Description The OAuth2 HTTP filter uses AES-256-CBC in its encrypt and decrypt functions without an authentication tag...

6.8CVSS5.9AI score0.00219EPSS
Exploits1References19
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.6 views

PT-2026-51910

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the cryptographic coprocessor CCP driver. When processing AF ALG rfc3686-ctr-aes-ccp requests, the ccp aes complete function restores more data than the allocated buffer...

9.8CVSS6AI score0.0049EPSS
Exploits0References400
Fedora
Fedora
added 2026/06/16 1:11 a.m.11 views

[SECURITY] Fedora 43 Update: 7zip-26.01-1.fc43

7-Zip is a file archiver with a high compression ratio. The main features of 7-Zip are: High compression ratio in 7z format with LZMA and LZMA2 compression Supported formats: Packing / unpacking: 7z, XZ, BZIP2, GZIP, TAR, ZIP and WIM Unpacking only: AR, ARJ, CAB, CHM, CPIO, CramFS, DMG, EXT, FAT,...

8.8CVSS5.3AI score0.00938EPSS
Exploits8
OSV
OSV
added 2026/06/13 9:38 p.m.26 views

MAL-2026-5753 Malicious code in @gbrlxvi/ts-form-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 20e77262ebb59497687fabfba394959da9ce6afbaf436aa5fcf654b2c8a44a32 Package advertises trivial form-validation helpers notEmpty/isEmail/isPhone/maxLen/minLen but on require/import of the main module performs an...

5.9AI score
Exploits0References14
OSV
OSV
added 2026/06/13 7:7 a.m.13 views

MAL-2026-5730 Malicious code in class-synth (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1aa63407d7400b4819d0739dedad0a32d9ae29b18509693c2e8763cf30275271 class-synth is advertised as a small class/style/date utility library, but its main entry dist/index.js contains a hidden top-level async IIFE init...

5.4AI score
Exploits0References8
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/11 7:23 a.m.14 views

Malicious code in datetime-toolkit (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0dc38777296d43cff21c9e56d16208c8925c6dc25b5dec4227823da94096433d The package presents itself as a lightweight datetime utility but its main entry datetime.js invokes collect from ./index.js at top level, so any...

5.5AI score
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:35 p.m.11 views

CVE-2026-50226

Fixed AES-128-CBC keys inside the AcerConnect OTA application let attackers forge authorization credentials for arbitrary IMEI numbers. This allows unauthorized actors to list catalog items and extract protected binaries from pre-signed cloud links...

6.9CVSS5.6AI score0.00187EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/04 9:34 a.m.10 views

EUVD-2026-34231

Fixed AES-128-CBC keys inside the AcerConnect OTA application let attackers forge authorization credentials for arbitrary IMEI numbers. This allows unauthorized actors to list catalog items and extract protected binaries from pre-signed cloud links...

6.9CVSS5.9AI score0.00187EPSS
Exploits0References1
NVD
NVD
added 2026/06/03 7:16 p.m.12 views

CVE-2026-8881

Version 3.0.7 of the Securly Chrome Extension uses EVPBytesToKey key derivation with MD5 and a single iteration for AES encryption. MD5 has been broken since 2004 and a single iteration provides no key stretching...

7.5CVSS0.00163EPSS
Exploits0References1
CVE
CVE
added 2026/06/03 6:13 p.m.16 views

CVE-2026-8881

The CVE-2026-8881 entry affects the Securly Chrome Extension (version 3.0.7). It relies on EVP_BytesToKey with MD5 and a single iteration for AES encryption. The description notes that MD5 has been broken since 2004 and a single iteration provides no key stretching, which weakens the cryptographi...

7.5CVSS5.7AI score0.00163EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/06/03 6:13 p.m.36 views

CVE-2026-8881 CVE-2026-8881

Version 3.0.7 of the Securly Chrome Extension uses EVPBytesToKey key derivation with MD5 and a single iteration for AES encryption. MD5 has been broken since 2004 and a single iteration provides no key stretching...

0.00163EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/03 6:13 p.m.14 views

EUVD-2026-34166

Version 3.0.7 of the Securly Chrome Extension uses EVPBytesToKey key derivation with MD5 and a single iteration for AES encryption. MD5 has been broken since 2004 and a single iteration provides no key stretching...

5.7AI score0.00163EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/03 12:0 a.m.16 views

PT-2026-46052

Name of the Vulnerable Software and Affected Versions Securly Chrome Extension version 3.0.7 Description The software uses the EVP BytesToKey key derivation function with MD5 and a single iteration for AES encryption. MD5 is a cryptographic hash function that is no longer secure, and the use of a...

5.8AI score0.00163EPSS
Exploits0References3
OSV
OSV
added 2026/05/24 2:47 a.m.10 views

MAL-2026-4599 Malicious code in license-checker-plus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 66ac93280c5fc72f65d15486a69369e4d2c2b289fa6f062a6643b63137fc6aa9 Package name mimics the widely-used license-checker while shipping an undocumented lib/compliance.js module that harvests credentials. The module sca...

5.8AI score
Exploits0References2
OSV
OSV
added 2026/05/23 3:34 p.m.10 views

MAL-2026-4578 Malicious code in hiura-baileys (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5ebb60061f29d4f4279bca1129ebfccefb928bd22364f26961205935ff71393f This is a fork of the Baileys WhatsApp library that adds undocumented behavior abusing the consumer's authenticated WhatsApp account for the author's...

5.8AI score
Exploits0References3
Packet Storm News
Packet Storm News
added 2026/05/19 12:0 a.m.14 views

Taking Cryptography out of the Data Path Via Near-Memory Processing in DRAM

Cryptographic algorithms such as AES-128 and SHA-256 are fundamental to ensuring data security and integrity. Although these algorithms are computationally efficient, their performance is often constrained by the processor-centric architectures e.g., CPUs, GPUs, primarily due to the memory...

5.8AI score
Exploits0
UbuntuCve
UbuntuCve
added 2026/05/11 6:16 p.m.12 views

CVE-2026-42859

Neat VNC is a VNC server library. Prior to 0.9.6, a pre-authentication stack buffer overflow exists in neatvnc in the RSA-AES security type handler. An unauthenticated remote attacker who can reach the VNC listening socket can send a crafted security type 5 RSA-AES or security type 129 RSA-AES-25...

9.3CVSS6AI score0.0055EPSS
Exploits0References3
GithubExploit
GithubExploit
added 2026/04/25 11:39 a.m.145 views

Exploit for CVE-2026-21847

CVE-2026-21847: Hardcoded AES Encryption Key in DPDC Customer...

5.7AI score
Exploits1
Rows per page
Query Builder