CVE-2026-40975

A flaw was found in Spring Boot. The $random.value property source utilizes a weak pseudo-random number generator PRNG, meaning the values it produces are not sufficiently random for use as cryptographic secrets. An attacker could potentially predict these values, which may lead to information...

CVE-2019-18672

Insufficient checks in the finite state machine of the ShapeShift KeepKey hardware wallet before firmware 6.2.2 allow a partial reset of cryptographic secrets to known values via crafted messages. Notably, this breaks the security of U2F for new server registrations and invalidates existing...

EUVD-2022-25027

Malicious code in bioql PyPI...

EUVD-2021-30327

Malicious code in bioql PyPI...

PT-2025-30401

The BSK PDF Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 3.7.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Administrator-level access an...

Badsecrets - A Library For Detecting Known Secrets Across Many Web Frameworks

A pure python library for identifying the use of known or very weak cryptographic secrets across a variety of platforms. The project is designed to be both a repository of various "known secrets" for example, ASP.NET machine keys found in examples in tutorials, and to provide a language-agnostic...

CVE-2022-1746

The authentication mechanism used by poll workers to administer voting using the tested version of Dominion Voting Systems ImageCast X can expose cryptographic secrets used to protect election information. An attacker could leverage this vulnerability to gain access to sensitive information and...

Authentication flaw

The authentication mechanism used by poll workers to administer voting using the tested version of Dominion Voting Systems ImageCast X can expose cryptographic secrets used to protect election information. An attacker could leverage this vulnerability to gain access to sensitive information and...

CVE-2022-1746

CVE-2022-1746 concerns Dominion Voting Systems ImageCast X. The vulnerability is an authentication/privilege assignment flaw in the poll-worker authentication mechanism that could expose cryptographic secrets protecting election information. An attacker could leverage this to access sensitive dat...

CVE-2022-1746 2.2.8 INCORRECT PRIVILEGE ASSIGNMENT CWE-266

The authentication mechanism used by poll workers to administer voting using the tested version of Dominion Voting Systems ImageCast X can expose cryptographic secrets used to protect election information. An attacker could leverage this vulnerability to gain access to sensitive information and...

CVE-2022-1746 2.2.8 INCORRECT PRIVILEGE ASSIGNMENT CWE-266

The authentication mechanism used by poll workers to administer voting using the tested version of Dominion Voting Systems ImageCast X can expose cryptographic secrets used to protect election information. An attacker could leverage this vulnerability to gain access to sensitive information and...

PT-2022-3264

Name of the Vulnerable Software and Affected Versions Dominion Voting Systems ImageCast X affected versions not specified Description The issue is related to the authentication mechanism used by administrators of the ImageCast X device, which is associated with errors in privilege assignment. Thi...

CVE-2021-43392

STMicroelectronics STSAFE-J 1.1.4, J-SAFE3 1.2.5, and J-SIGN sometimes allow attackers to obtain information on cryptographic secrets. This is associated with the ECDSA signature algorithm on the Java Card J-SAFE3 and STSAFE-J platforms exposing a 3.0.4 Java Card API. It is exploitable for STSAFE...

Code injection

STMicroelectronics STSAFE-J 1.1.4, J-SAFE3 1.2.5, and J-SIGN sometimes allow attackers to obtain information on cryptographic secrets. This is associated with the ECDSA signature algorithm on the Java Card J-SAFE3 and STSAFE-J platforms exposing a 3.0.4 Java Card API. It is exploitable for STSAFE...

CVE-2021-43392

CVE-2021-43392 affects STMicroelectronics STSAFE-J 1.1.4, J-SAFE3 1.2.5, and J-SIGN, exposing information about cryptographic secrets via the ECDSA signature algorithm on the Java Card 3.0.4 API. The issue is exploitable for STSAFE-J in closed configurations and for J-SIGN when signature verifica...

CVE-2021-43392

STMicroelectronics STSAFE-J 1.1.4, J-SAFE3 1.2.5, and J-SIGN sometimes allow attackers to obtain information on cryptographic secrets. This is associated with the ECDSA signature algorithm on the Java Card J-SAFE3 and STSAFE-J platforms exposing a 3.0.4 Java Card API. It is exploitable for STSAFE...

STMicroelectronics STSAFE-J 数据伪造问题漏洞

The STMicroelectronics STSAFE-J is a highly secure solution from STMicroelectronics Switzerland. It acts as a security element by providing authentication, data management and encryption services to local or remote hosts. Security vulnerabilities exist in the STMicroelectronics STSAFE-J that coul...

Cloning Google Titan 2FA keys

This is a clever side-channel attack: The cloning works by using a hot air gun and a scalpel to remove the plastic key casing and expose the NXP A700X chip, which acts as a secure element that stores the cryptographic secrets. Next, an attacker connects the chip to hardware and software that take...

Nintendo: Arbitrary code execution in TSEC Heavy Secure, return-oriented programming in TSEC Secure ROM, and recovery of TSEC-derived cryptographic secrets

The vulnerability in TSEC Heavy Secure allowed for arbitrary code execution. A return-oriented programming vulnerability was discovered in the TSEC Secure ROM. Cryptographic secrets derived from TSEC were recovered...

CVE-2019-18672

Insufficient checks in the finite state machine of the ShapeShift KeepKey hardware wallet before firmware 6.2.2 allow a partial reset of cryptographic secrets to known values via crafted messages. Notably, this breaks the security of U2F for new server registrations and invalidates existing...