CVE-2026-50226

Fixed AES-128-CBC keys inside the AcerConnect OTA application let attackers forge authorization credentials for arbitrary IMEI numbers. This allows unauthorized actors to list catalog items and extract protected binaries from pre-signed cloud links...

EUVD-2026-34231

Fixed AES-128-CBC keys inside the AcerConnect OTA application let attackers forge authorization credentials for arbitrary IMEI numbers. This allows unauthorized actors to list catalog items and extract protected binaries from pre-signed cloud links...

CVE-2026-8881

Version 3.0.7 of the Securly Chrome Extension uses EVPBytesToKey key derivation with MD5 and a single iteration for AES encryption. MD5 has been broken since 2004 and a single iteration provides no key stretching...

CVE-2026-8881 CVE-2026-8881

Version 3.0.7 of the Securly Chrome Extension uses EVPBytesToKey key derivation with MD5 and a single iteration for AES encryption. MD5 has been broken since 2004 and a single iteration provides no key stretching...

EUVD-2026-34166

Version 3.0.7 of the Securly Chrome Extension uses EVPBytesToKey key derivation with MD5 and a single iteration for AES encryption. MD5 has been broken since 2004 and a single iteration provides no key stretching...

CVE-2026-8881

The CVE-2026-8881 entry affects the Securly Chrome Extension (version 3.0.7). It relies on EVP_BytesToKey with MD5 and a single iteration for AES encryption. The description notes that MD5 has been broken since 2004 and a single iteration provides no key stretching, which weakens the cryptographi...

PT-2026-46052

Name of the Vulnerable Software and Affected Versions Securly Chrome Extension version 3.0.7 Description The software uses the EVP BytesToKey key derivation function with MD5 and a single iteration for AES encryption. MD5 is a cryptographic hash function that is no longer secure, and the use of a...

MAL-2026-4599 Malicious code in license-checker-plus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 66ac93280c5fc72f65d15486a69369e4d2c2b289fa6f062a6643b63137fc6aa9 Package name mimics the widely-used license-checker while shipping an undocumented lib/compliance.js module that harvests credentials. The module sca...

MAL-2026-4578 Malicious code in hiura-baileys (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5ebb60061f29d4f4279bca1129ebfccefb928bd22364f26961205935ff71393f This is a fork of the Baileys WhatsApp library that adds undocumented behavior abusing the consumer's authenticated WhatsApp account for the author's...

Taking Cryptography out of the Data Path Via Near-Memory Processing in DRAM

Cryptographic algorithms such as AES-128 and SHA-256 are fundamental to ensuring data security and integrity. Although these algorithms are computationally efficient, their performance is often constrained by the processor-centric architectures e.g., CPUs, GPUs, primarily due to the memory...

CVE-2026-42859

Neat VNC is a VNC server library. Prior to 0.9.6, a pre-authentication stack buffer overflow exists in neatvnc in the RSA-AES security type handler. An unauthenticated remote attacker who can reach the VNC listening socket can send a crafted security type 5 RSA-AES or security type 129 RSA-AES-25...

Exploit for CVE-2026-21847

CVE-2026-21847: Hardcoded AES Encryption Key in DPDC Customer...

Flowise: Weak Default Token Hash Secret

Detection Method: Kolega.dev Deep Code Scan | Attribute | Value | |---|---| | Location | packages/server/src/enterprise/utils/tempTokenUtils.ts:31-34 | | Practical Exploitability | Medium | | Developer Approver | [email protected] | Description The encryption key for token encryption has a weak...

CVE-2026-28386

Issue summary: Applications using AES-CFB128 encryption or decryption on systems with AVX-512 and VAES support can trigger an out-of-bounds read of up to 15 bytes when processing partial cipher blocks. Impact summary: This out-of-bounds read may trigger a crash which leads to Denial of Service fo...

[SECURITY] Fedora 42 Update: php-phpseclib3-3.0.50-1.fc42

MIT-licensed pure-PHP implementations of an arbitrary-precision integer arithmetic library, fully PKCS1 v2.1 compliant RSA, DES, 3DES, RC4, Rijndael, AES, Blowfish, Twofish, SSH-1, SSH-2, SFTP, and X.509...

CVE-2026-32313

xmlseclibs is a library written in PHP for working with XML Encryption and Signatures. Prior to 3.1.5, XML nodes encrypted with either aes-128-gcm, aes-192-gcm, or aes-256-gcm lack validation of the authentication tag length. An attacker can use this to brute-force an authentication tag, recover...

Hackers Use Excel Exploit to Hide XWorm 7.2 in JPEG Files, Hijack PCs

A new phishing campaign is spreading XWorm 7.2 via malicious Excel files, hiding the malware in Windows processes, and using AES encryption to steal passwords and Wi-Fi keys...

CVE-2026-26334

Calero VeraSMART versions prior to 2026 R1 contain hardcoded static AES encryption keys within Veramark.Framework.dll Veramark.Core.Config class. These keys are used to encrypt the password of the service account stored in C:\VeraSMART Data\app.settings. An attacker with local access to the...

Reference-Free Spectral Analysis of EM Side-Channels for Always-On Hardware Trojan Detection

Always-on hardware Trojans HTs pose a critical risk to trusted microelectronics, yet most side-channel detection methods rely on unavailable golden references. We present a reference-free approach that combines time-frequency EM analysis with Gaussian Mixture Models GMMs. By applying Short-Time...

CVE-2022-35860

Missing AES encryption in Corsair K63 Wireless 3.1.3 allows physically proximate attackers to inject and sniff keystrokes via 2.4 GHz radio transmissions...