electerm's encrypt method not safe enough

Impact Insecure sync encryption: deterministic AES-192-CBC with a fixed zero IV, constant KDF salt, and no MAC leads to confidentiality and integrity failures for synced bookmark/profile data. Attackers can crack common passwords across installs and perform undetected ciphertext bit-flips to alte...

PT-2025-45385

Name of the Vulnerable Software and Affected Versions ThinkDashboard versions prior to 0.6.8 Description ThinkDashboard is a self-hosted bookmark dashboard built with Go and vanilla JavaScript. A stored Cross-Site Scripting XSS issue exists in the dashboard for versions 0.6.7 and below due to a...

Linux Distros Unpatched Vulnerability : CVE-2018-7889

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - gui2/viewer/bookmarkmanager.py in Calibre 3.18 calls cPickle.load on imported bookmark data, which allows remote attackers to execute arbitrary code via a craft...

MISP 安全漏洞

MISP is an open source software solution from MISP Open Source. The product is used to collect, store, distribute, and share cybersecurity metrics and has features such as threat cybersecurity event analysis and malware analysis. A security vulnerability exists in MISP version 2.4.196 and earlier...

SUSE CVE-2018-7889

gui2/viewer/bookmarkmanager.py in Calibre 3.18 calls cPickle.load on imported bookmark data, which allows remote attackers to execute arbitrary code via a crafted .pickle file, as demonstrated by Python code that contains an os.system call...