CVE-2025-8307

Asseco InfoMedica is a comprehensive solution used to manage both administrative and medical tasks in the healthcare sector. Passwords of all users are stored in a database in an encoded format. An attacker in possession of these encoded passwords is able to decode them by using an algorithm...

CVE-2025-8307

Summary (CVE-2025-8307 / 8306) : Asseco InfoMedica Infomedica Plus stores user passwords in an encoded form. A low-privilege user can obtain encoded passwords due to insufficient access control, enabling potential credential exposure. The CVE-2025-8306 (Improper Access Control) and CVE-2025-8307 ...

CVE-2025-8307 Recoverable passwords in Asseco Infomedica Plus

Asseco InfoMedica is a comprehensive solution used to manage both administrative and medical tasks in the healthcare sector. Passwords of all users are stored in a database in an encoded format. An attacker in possession of these encoded passwords is able to decode them by using an algorithm...

PT-2026-1959

Name of the Vulnerable Software and Affected Versions Asseco InfoMedica versions prior to 4.50.1 Asseco InfoMedica versions prior to 5.38.0 Description Asseco InfoMedica stores user passwords in an encoded format within a database. An attacker with access to these encoded passwords can decode the...

Content-MD5 HTTP header is required for Put Object requests with Object Lock parameters

Challenge Jobs targeting an S3-Compatible repository fail with either of the following errors: Error: S3 error: Content-MD5 HTTP header is required for Put Object requests with Object Lock parameters Code: InvalidRequest Agent failed to process method S3 error: Checksum Type mismatch occurred,...

CVE-2019-16143

An issue was discovered in the blake2 crate before 0.8.1 for Rust. The BLAKE2b and BLAKE2s algorithms, when used with HMAC, produce incorrect results because the block sizes are half of the required sizes...

EulerOS 2.0 SP9 : kernel (EulerOS-SA-2026-1014)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : crypto: afalg - Disallow concurrent writes in afalgsendmsgCVE-2025-39964 posix-cpu-timers: fix race between handleposixcputimers and...

cpython: python: cpython: Quadratic algorithm in xml.dom.minidom leads to denial of service

A flaw was found in cpython. This vulnerability allows impacted availability via a quadratic algorithm in xml.dom.minidom methods, such as appendChild, when building excessively nested documents due to a dependency on clearidcache...

Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')

Overview bthome-ble is a BThome BLE support Affected versions of this package are vulnerable to Selection of Less-Secure Algorithm During Negotiation 'Algorithm Downgrade' due to insufficient enforcement of encryption requirements in the parsebthomev1 and parsebthomev2 functions in...

Exploit for CVE-2025-14175

🔐 CVE-2025-14175 Weak Algorithm Support in SSH Server – T...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-993155)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-993155 advisory. In the Linux kernel, the following vulnerability has been resolved: crypto: null - Use spin lock instead of mutex As the null algorithm may be freed in softirq conte...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2025-992292)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992292 advisory. In the Linux kernel, the following vulnerability has been resolved: crypto: null - Use spin lock instead of mutex As the null algorithm may be freed in softirq conte...

CVE-2025-14175 Weak Algorithm Support in SSH Server on TL-WR820N

A vulnerability in the SSH server of TP-Link TL-WR820N v2.80 allows the use of a weak cryptographic algorithm, enabling an adjacent attacker to intercept and decrypt SSH traffic. Exploitation may expose sensitive information and compromise confidentiality...

CVE-2025-14175 Weak Algorithm Support in SSH Server on TL-WR820N

A vulnerability in the SSH server of TP-Link TL-WR820N v2.80 allows the use of a weak cryptographic algorithm, enabling an adjacent attacker to intercept and decrypt SSH traffic. Exploitation may expose sensitive information and compromise confidentiality...

American Fuzzy Lop plus plus 4.35c

Google's American Fuzzy Lop is a brute-force fuzzer coupled with an exceedingly simple but rock-solid instrumentation-guided genetic algorithm. afl++ is a superior fork to Google's afl. It has more speed, more and better mutations, more and better instrumentation, custom module support, etc...

Optimizing Epsilon Security Parameters in QKD

We investigate the optimization of epsilon-security parameters in quantum key distribution QKD, aiming to improve the achievable secure key rate under a fixed overall composable security level. For this purpose, we employ a continuous genetic algorithm CGA to optimize the epsilon-security...

Use of a Broken or Risky Cryptographic Algorithm

Overview Affected versions of this package are vulnerable to Use of a Broken or Risky Cryptographic Algorithm due to missing cryptographic key commitment when storing encrypted data keys in an instruction file. An attacker with write access to the S3 bucket can manipulate encrypted data keys to...

Use of a Broken or Risky Cryptographic Algorithm

Overview Amazon.Extensions.S3.Encryption is an easy-to-use Amazon S3 encryption client that allows you to secure your sensitive data before you send it to Amazon S3. Affected versions of this package are vulnerable to Use of a Broken or Risky Cryptographic Algorithm due to missing cryptographic k...

Use of a Broken or Risky Cryptographic Algorithm

Overview Affected versions of this package are vulnerable to Use of a Broken or Risky Cryptographic Algorithm due to missing cryptographic key commitment when storing encrypted data keys in an instruction file. An attacker with write access to the S3 bucket can manipulate encrypted data keys to...

Use of a Broken or Risky Cryptographic Algorithm

Overview Affected versions of this package are vulnerable to Use of a Broken or Risky Cryptographic Algorithm when storing encrypted data keys in an instruction file. An attacker with write access to the S3 bucket can manipulate encrypted data keys to cause decryption to unintended plaintext by...