📄 WordPress WPvivid 0.9.123 Arbitrary File Write

This Metasploit module exploits an unauthenticated arbitrary file write vulnerability in the WPvivid Backup plugin used in WordPress websites. The vulnerability allows an attacker to send a specially crafted encrypted payload to the vulnerable endpoint using the parameter wpvividaction=sendtosite...

EUVD-2017-9053

Malware in sbrugna...

EUVD-2017-17809

Malware in sbrugna...

EUVD-2025-6389

Malicious code in bioql PyPI...

EUVD-2025-14904

Malicious code in bioql PyPI...

The vulnerability of the AES-128-CCM encryption algorithm in the operating system PAN-OS of network interfaces from Palo Alto Networks, including models PA-7500, PA 5400, PA 5400f, PA 3400, PA 1400, and PA 400, allows attackers to disclose confidential information.

The vulnerability of the AES-128-CCM encryption algorithm in the networking interfaces of the PAN-OS operating system of Palo Alto Networks’ devices such as PA-7500, PA 5400, PA 5400f, PA 3400, PA 1400, and PA 400 relates to the transmission of confidential information in plaintext. Exploiting th...

CVE-2025-0136

Using the AES-128-CCM algorithm for IPSec on certain Palo Alto Networks PAN-OS® firewalls PA-7500, PA-5400, PA-5400f, PA-3400, PA-1600, PA-1400, and PA-400 Series leads to unencrypted data transfer to devices that are connected to the PAN-OS firewall through IPSec. This issue does not affect Clou...

CVE-2025-0136

Using the AES-128-CCM algorithm for IPSec on certain Palo Alto Networks PAN-OS® firewalls PA-7500, PA-5400, PA-5400f, PA-3400, PA-1600, PA-1400, and PA-400 Series leads to unencrypted data transfer to devices that are connected to the PAN-OS firewall through IPSec. This issue does not affect Clou...

CVE-2025-0136 PAN-OS: Unencrypted Data Transfer when using AES-128-CCM on Intel-based hardware devices

Using the AES-128-CCM algorithm for IPSec on certain Palo Alto Networks PAN-OS® firewalls PA-7500, PA-5400, PA-5400f, PA-3400, PA-1600, PA-1400, and PA-400 Series leads to unencrypted data transfer to devices that are connected to the PAN-OS firewall through IPSec. This issue does not affect Clou...

CVE-2025-0136 PAN-OS: Unencrypted Data Transfer when using AES-128-CCM on Intel-based hardware devices

Using the AES-128-CCM algorithm for IPSec on certain Palo Alto Networks PAN-OS® firewalls PA-7500, PA-5400, PA-5400f, PA-3400, PA-1600, PA-1400, and PA-400 Series leads to unencrypted data transfer to devices that are connected to the PAN-OS firewall through IPSec. This issue does not affect Clou...

CVE-2025-0136

CVE-2025-0136 affects PAN-OS on Intel-based Palo Alto Networks firewalls (PA-7500, PA-5400/5400f, PA-3400, PA-1600, PA-1400, PA-400). The issue arises from using AES-128-CCM for IPSec, which leads to unencrypted data transfer between devices connected to the PAN-OS firewall through IPSec. Affecte...

Palo Alto Networks PAN-OS 10.1.x < 10.1.14-h14 / 10.2.x < 10.2.11 / 11.0.x < 11.0.7 / 11.1.x < 11.1.5 Vulnerability

The version of Palo Alto Networks PAN-OS running on the remote host is 10.1.x prior to 10.1.14-h14, 10.2.x prior to 10.2.11, 11.0.x prior to 11.0.7, or 11.1.x prior to 11.1.5. It is, therefore, affected by a vulnerability. Using the AES-128-CCM algorithm for IPSec on certain Palo Alto Networks...

CVE-2025-2229

A token is created using the username, current date/time, and a fixed AES-128 encryption key, which is the same across all installations...

CVE-2025-2229

A token is created using the username, current date/time, and a fixed AES-128 encryption key, which is the same across all installations...

CVE-2025-2229 Philips Intellispace Cardiovascular (ISCV) Use of Weak Credentials

A token is created using the username, current date/time, and a fixed AES-128 encryption key, which is the same across all installations...

CVE-2025-2229 Philips Intellispace Cardiovascular (ISCV) Use of Weak Credentials

A token is created using the username, current date/time, and a fixed AES-128 encryption key, which is the same across all installations...

Implementing Cryptography in AI Systems

Interesting research: "How to Securely Implement Cryptography in Deep Neural Networks." Abstract: The wide adoption of deep neural networks DNNs raises the question of how can we equip them with a desired cryptographic functionality e.g, to decrypt an encrypted input, to verify that this input is...

CVE-2024-53185

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix NULL ptr deref in cryptoaeadsetkey Neither SMB3.0 or SMB3.02 supports encryption negotiate context, so when SMB2GLOBALCAPENCRYPTION flag is set in the negotiate response, the client uses AES-128-CCM as the defaul...

CVE-2024-53185 smb: client: fix NULL ptr deref in crypto_aead_setkey()

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix NULL ptr deref in cryptoaeadsetkey Neither SMB3.0 or SMB3.02 supports encryption negotiate context, so when SMB2GLOBALCAPENCRYPTION flag is set in the negotiate response, the client uses AES-128-CCM as the defaul...

CVE-2024-53185

CVE-2024-53185 : In the Linux kernel, the SMB client could dereference a NULL pointer in crypto_aead_setkey() when negotiating encryption over SMB2/SMB3, due to @server-&gt;cipher_type not being set for SMB3.02. The fix adds a check to smb3_crypto_aead_allocate() and ensures cipher_type is set fo...