CVE-2025-69272

Cleartext Transmission of Sensitive Information vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Sniffing Attacks.This issue affects DX NetOps Spectrum: 21.2.1 and earlier...

CVE-2025-68931

Jervis (net.gleske:jervis) before version 2.2 uses AES/CBC/PKCS5Padding without authentication, making it susceptible to padding oracle attacks and ciphertext manipulation. The issue is fixed in Jervis 2.2 by migrating to AES/GCM/NoPadding. Affected products: Jervis library for Job DSL plugin scr...

Jervis Has Weak Random for Timing Attack Mitigation

Vulnerability https://github.com/samrocketman/jervis/blob/157d2b63ffa5c4bb1d8ee2254950fd2231de2b05/src/main/groovy/net/gleske/jervis/tools/SecurityIO.groovyL593-L594 Uses java.util.Random which is not cryptographically secure. Impact If an attacker can predict the random delays, they may still be...

Insecure Randomness

Overview net.gleske:jervis is a Self service Jenkins job generation using Jenkins Job DSL plugin groovy scripts. Reads .jervis.yml and generates a job in Jenkins. Affected versions of this package are vulnerable to Insecure Randomness via the SecurityIO function. An attacker can predict random...

GHSA-36H5-VRQ6-PP34 Jervis's Salt for PBKDF2 derived from password

Vulnerability https://github.com/samrocketman/jervis/blob/157d2b63ffa5c4bb1d8ee2254950fd2231de2b05/src/main/groovy/net/gleske/jervis/tools/SecurityIO.groovyL869-L870...

Jervis 安全特征问题漏洞

Jervis is an automation tool by Sam Gleske Personal Developer. A security signature issue vulnerability exists in versions prior to Jervis 2.2 that stems from the use of non-cryptographically secure java.util.Random, which may not be effective in mitigating timing attacks...

PT-2026-2557

Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, AES/CBC/PKCS5Padding lacks authentication, making it vulnerable to padding oracle attacks and ciphertext manipulation. This vulnerability is fixed in 2.2...

CVE-2025-63314

A static password reset token in the password reset function of DDSN Interactive Acora CMS v10.7.1 allows attackers to arbitrarily reset the user password and execute a full account takeover via a replay attack...

Cybersecurity in the Public Sector: Challenges, Strategies and Best Practices

Public sector cybersecurity faces outdated systems, budget gaps, and rising attacks. Learn key challenges, defense strategies, and proven best practices...

ethical-hacking-excersises

Exploitation Techniques – Course Exercises Repository Over...

CLSA-2026-1768211704 unbound: Fix of 2 CVEs

CVE-2023-50387: evaluate DNSSEC responses to prevent KeyTrap denial of service issue - CVE-2023-50868: fix Closest Encloser Proof aspect to prevent CPU consumption for SHA-1 computations in random subdomain attacks...

CVE-2025-69271

Insufficiently Protected Credentials vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Sniffing Attacks.This issue affects DX NetOps Spectrum: 24.3.13 and earlier...

CVE-2025-69272

Cleartext Transmission of Sensitive Information vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Sniffing Attacks.This issue affects DX NetOps Spectrum: 21.2.1 and earlier...

CVE-2025-69272 Spectrum password returned in clear

Cleartext Transmission of Sensitive Information vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Sniffing Attacks.This issue affects DX NetOps Spectrum: 21.2.1 and earlier...

CVE-2025-69272

CVE-2025-69272 : Cleartext Transmission of Sensitive Information in Broadcom DX NetOps Spectrum on Windows and Linux. Affects Spectrum versions 21.2.1 and earlier; enables sniffing attacks due to unencrypted transmission of sensitive data. Connected sources corroborate affected products/versions ...

CVE-2025-69271 Spectrum basic authentication in use

Insufficiently Protected Credentials vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Sniffing Attacks.This issue affects DX NetOps Spectrum: 24.3.13 and earlier...

CVE-2025-69271 Spectrum basic authentication in use

Insufficiently Protected Credentials vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Sniffing Attacks.This issue affects DX NetOps Spectrum: 24.3.13 and earlier...

DDSN Interactive Acora CMS 安全漏洞

DDSN Interactive Acora CMS is an enterprise web and mobile CMS from DDSN Interactive. A security vulnerability exists in DDSN Interactive Acora CMS version v10.7.1, which stems from the use of static tokens for the password reset feature, which could lead to account takeover via replay attacks...

PT-2026-2277

Name of the Vulnerable Software and Affected Versions DDSN Interactive Acora CMS version 10.7.1 Description A static password reset token used in the password reset function allows attackers to reset user passwords and take over accounts through replay attacks. The vulnerable function is the...

D3D ZX-G12 安全漏洞

D3D ZX-G12 is a multi-functional smart home security alarm system from D3D India. A security vulnerability exists in D3D ZX-G12 v2.1.1, which stems from the lack of rolling code and anti-replay protection in the 433 MHz sensor communication channel, which could lead to a replay attack triggering ...