CVE-2024-7407 Weak password encoding in Streamsoft Prestiż

Use of a custom password encoding algorithm in Streamsoft Prestiż software allows straightforward decoding of passwords using their encoded forms, which are stored in the application's database. One has to know the encoding algorithm, but it can be deduced by observing how password are...

CoffeeLoader Uses GPU-Based Armoury Packer to Evade EDR and Antivirus Detection

Cybersecurity researchers are calling attention to a new sophisticated malware called CoffeeLoader that's designed to download and execute secondary payloads. The malware, according to Zscaler ThreatLabz, shares behavioral similarities with another known malware loader known as SmokeLoader. "The...

CVE-2024-8314

An Incorrect Implementation of Authentication Algorithm and Exposure of Data Element to Wrong Ses-sion vulnerability in the session handling used in B APROL 4.4-00P5 may allow an authenticated network attacker to take over a currently active user session without login credentials...

IBM SPSS Statistics Encryption Problem Vulnerability

IBM Spss Statistics is a software package from International Business Machines IBM, Inc. It is used for interactive or batch statistical analysis. An encryption issue vulnerability exists in IBM SPSS Statistics versions 26.0, 27.0.1, 28.0.1, and 29.0.2, which stems from the use of a weak encrypti...

The vulnerability of the hnae3_unregister_ae_algo_prepare() function in the drivers/net/ethernet/hisilicon/hns3/hnae3.c module of the Linux kernel allows a malicious actor to cause a service failure.

The vulnerability of the hnae3unregisteraealgoprepare function in the drivers/net/ethernet/hisilicon/hns3/hnae3.c module of the Linux kernel is related to the assignment of a null pointer. Exploiting this vulnerability could allow an attacker to cause a service failure...

CVE-2024-8314

An Incorrect Implementation of Authentication Algorithm and Exposure of Data Element to Wrong Ses-sion vulnerability in the session handling used in B&R APROL 4.4-00P5 may allow an authenticated network attacker to take over a currently active user session without login credentials...

CVE-2024-8314 Improper session handling in B&R APROL

An Incorrect Implementation of Authentication Algorithm and Exposure of Data Element to Wrong Ses-sion vulnerability in the session handling used in B&R APROL 4.4-00P5 may allow an authenticated network attacker to take over a currently active user session without login credentials...

CVE-2024-8314

CVE-2024-8314 affects B&R APROL

CVE-2021-25635

An Improper Certificate Validation vulnerability in LibreOffice allowed an attacker to self sign an ODF document, with a signature untrusted by the target, then modify it to change the signature algorithm to an invalid or unknown to LibreOffice algorithm and LibreOffice would incorrectly present...

CVE-2021-25635

An Improper Certificate Validation vulnerability in LibreOffice allowed an attacker to self sign an ODF document, with a signature untrusted by the target, then modify it to change the signature algorithm to an invalid or unknown to LibreOffice algorithm and LibreOffice would incorrectly present...

UBUNTU-CVE-2021-25635

An Improper Certificate Validation vulnerability in LibreOffice allowed an attacker to self sign an ODF document, with a signature untrusted by the target, then modify it to change the signature algorithm to an invalid or unknown to LibreOffice algorithm and LibreOffice would incorrectly present...

CVE-2021-25635 Content Manipulation with Certificate Validation Attack

An Improper Certificate Validation vulnerability in LibreOffice allowed an attacker to self sign an ODF document, with a signature untrusted by the target, then modify it to change the signature algorithm to an invalid or unknown to LibreOffice algorithm and LibreOffice would incorrectly present...

Qt 安全漏洞

Qt is a cross-platform application development framework from the Qt open source. A security vulnerability exists in versions prior to Qt 6.8.0, which stems from the encodeText function in QDom involving a complex XML string copy and replace algorithm...

GHSA-MG83-C7GQ-RV5C Spring Security Does Not Enforce Password Length

BCryptPasswordEncoder.matchesCharSequence,String will incorrectly return true for passwords larger than 72 characters as long as the first 72 characters are the same...

CVE-2025-26486

CVE-2025-26486 affects Beta80 Life 1st Identity Manager (Life 1st) up to version 1.5.2.14234. The issue arises from broken or risky cryptographic algorithms, passwords hashed with insufficient computational effort, weak hashes, and use of a one‑way hash with a predictable salt. An attacker with a...

CVE-2025-26486

Broken or Risky Cryptographic Algorithm, Use of Password Hash With Insufficient Computational Effort, Use of Weak Hash, Use of a One-Way Hash with a Predictable Salt vulnerabilities in Beta80 "Life 1st Identity Manager" enable an attacker with access to password hashes to bruteforce user password...

CVE-2025-26486

Broken or Risky Cryptographic Algorithm, Use of Password Hash With Insufficient Computational Effort, Use of Weak Hash, Use of a One-Way Hash with a Predictable Salt vulnerabilities in Beta80 "Life 1st Identity Manager" enable an attacker with access to password hashes to bruteforce user password...

brotli bug fix and enhancement update

An update is available for brotli. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Brotli is a generic-purpose lossless compression algorithm that compresses dat...

CVE-2025-27595

The device uses a weak hashing alghorithm to create the password hash. Hence, a matching password can be easily calculated by an attacker. This impacts the security and the integrity of the device...

CVE-2025-27595

CVE-2025-27595 concerns SICK DL100-2xxxxxxx devices where a weak password hash algorithm is used. The vulnerability allows an attacker to derive a matching password due to the weak hashing, impacting confidentiality, integrity, and availability. The CVSS 3.1 score is 9.8 (Network attack, no user ...