CVE-2026-5457

A security flaw has been discovered in PropertyGuru AgentNet Singapore App up to 23.7.10 on Android. This affects an unknown function of the file com/allproperty/android/agentnet/BuildConfig.java of the component com.allproperty.android.agentnet. The manipulation of the argument...

CVE-2025-59095 Hard-coded Key for PIN Encryption in dormakaba Kaba exos 9300

The program libraries DLL and binaries used by exos 9300 contain multiple hard-coded secrets. One notable example is the function "EncryptAndDecrypt" in the library Kaba.EXOS.common.dll. This algorithm uses a simple XOR encryption technique combined with a cryptographic key cryptoKey to transform...

CVE-2019-2056

There is a possible disclosure of RAM using a shared crypto key due to improperly used crypto. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-14087928...

CVE-2025-64096 CryptoLib vulnerable to Stack Buffer Overflow in Crypto_Key_Update due to missing TLV length check

CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures SDLS-EP to secure communications between a spacecraft running the core Flight System cFS and a ground station. Prior to 1.4.2, there is a missing bounds check in CryptoKeyupdate...

CVE-2025-64096

CryptoLib (NASA open source SDLS-EP implementation) before version 1.4.2 is affected by a stack-based buffer overflow in Crypto_Key_update() (crypto_key_mgmt.c). An attacker-controlled TLV length field (pdu_len) can drive the calculation of the number of keys beyond the static kblk[98] array, cau...

CVE-2025-64096 CryptoLib vulnerable to Stack Buffer Overflow in Crypto_Key_Update due to missing TLV length check

CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures SDLS-EP to secure communications between a spacecraft running the core Flight System cFS and a ground station. Prior to 1.4.2, there is a missing bounds check in CryptoKeyupdate...

CVE-2025-64096 CryptoLib vulnerable to Stack Buffer Overflow in Crypto_Key_Update due to missing TLV length check

CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures SDLS-EP to secure communications between a spacecraft running the core Flight System cFS and a ground station. Prior to 1.4.2, there is a missing bounds check in CryptoKeyupdate...

PT-2025-44438

Name of the Vulnerable Software and Affected Versions CryptoLib versions prior to 1.4.2 Description CryptoLib utilizes the CCSDS Space Data Link Security Protocol - Extended Procedures SDLS-EP to secure communications between a spacecraft running the core Flight System cFS and a ground station. A...

CryptoLib 安全漏洞

CryptoLib is a NASA open source application. It is used to provide a software-only solution using the CCSDS space data link security protocol. A security vulnerability exists in CryptoLib versions prior to 1.4.2, which stems from a lack of bounds checking in the CryptoKeyupdate function, and coul...

EUVD-2019-11698

Malware in sbrugna...

EUVD-2022-48297

Malicious code in bioql PyPI...

EUVD-2022-48296

Malicious code in bioql PyPI...

CVE-2022-45424

Some Dahua software products have a vulnerability of unauthenticated request of AES crypto key. An attacker can obtain the AES crypto key by sending a specific crafted packet to the vulnerable interface...

CVE-2022-45425

Some Dahua software products have a vulnerability of using of hard-coded cryptographic key. An attacker can obtain the AES crypto key by exploiting this vulnerability...

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to Hardcoded Crypto Key CVE-2024-38314

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to Hardcoded Crypto Key CVE-2024-38314. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-38314 DESCRIPTION: IBM Maximo Application Suite - Monitor Component could...

SUSE CVE-2021-47186

In the Linux kernel, the following vulnerability has been resolved: tipc: check for null after calling kmemdup kmemdup can return a null pointer so need to check for it, otherwise the null key will be dereferenced later in tipccryptokeyxmit as can be seen in the trace 1. 1...

BIT-NODE-2023-30590

The generateKeys API function returned from crypto.createDiffieHellman only generates missing or outdated keys, that is, it only generates a private key if none has been set yet, but the function is also needed to compute the corresponding public key after calling setPrivateKey. However, the...

Important: java-1.8.0-openjdk

Issue Overview: A vulnerability that allows an attacker to execute arbitrary java code from the javascript engine even though the option "--no-java" was set. CVE-2024-20918 With carefully crafted custom bytecodes, arbitrary unverified bytecodes could be executed. CVE-2024-20919 Loop optimizations...

Important: java-17-amazon-corretto

Issue Overview: A vulnerability that allows an attacker to execute arbitrary java code from the javascript engine even though the option "--no-java" was set. CVE-2024-20918 With carefully crafted custom bytecodes, arbitrary unverified bytecodes could be executed. CVE-2024-20919 Loop optimizations...

AZL-33888 CVE-2024-0641 affecting package kernel for versions less than 5.15.148.1-1

A denial of service vulnerability was found in tipccryptokeyrevoke in net/tipc/crypto.c in the Linux kernel’s TIPC subsystem. This flaw allows guests with local user privileges to trigger a deadlock and potentially crash the system...