RSA1_5 (RSAES-PKCS1-v1_5) decryption lacks implicit rejection, exposing a Bleichenbacher/Marvin padding oracle

Impact RSACrypt::decryptWithRSA15 used by the RSA15 key-encryption algorithm implements RSAES-PKCS1-v15 decryption by inspecting the padding after RSADP and throwing InvalidArgumentException as soon as the padding is malformed. It does not implement the implicit-rejection countermeasure required ...

CVE-2026-49000

Technical details (affected products, components, versions, exploit info) are not publicly available in the provided documents. Monitor for updates from NVD, the CVE List, and vendors.

CVE-2026-49000 Cryptography Implementation Flaw vulnerability in ZTE ZXUniPOS NDS-LTE product

An insecure password scheme refers to vulnerabilities arising from improper selection of encryption algorithms, inadequate key management, or flawed code implementation, which may lead to data leakage or tampering, such as hard-coded keys or the use of weak encryption algorithms...

CVE-2026-49000 Cryptography Implementation Flaw vulnerability in ZTE ZXUniPOS NDS-LTE product

An insecure password scheme refers to vulnerabilities arising from improper selection of encryption algorithms, inadequate key management, or flawed code implementation, which may lead to data leakage or tampering, such as hard-coded keys or the use of weak encryption algorithms...

Astra Linux - уязвимость в wpa

In Hostapd 2.10 and earlier, the PKEX code remains active even after a successful PKEX association. An attacker who has successfully bootstrapped public keys with another entity using PKEX in the past will be able to subvert future bootstrapping attempts by passively observing the public keys. By...

Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses cryptography-46.0.3-cp311-abi3-manylinux_2_34_x86_64.whl which is vulnerable to CVE-2026-26007

Summary IBM Maximo Application Suite - Visual Inspection component uses cryptography-46.0.3-cp311-abi3-manylinux234x8664.whl which is vulnerable to CVE-2026-26007 , This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2026-26007...

Use of a Broken or Risky Cryptographic Algorithm

Overview Affected versions of this package are vulnerable to Use of a Broken or Risky Cryptographic Algorithm in the OpenID Connect authentication. An attacker can impersonate any user and obtain unauthorized S3 credentials with any policy, including administrative privileges, by forging identity...

CVE-2025-14505

The ECDSA implementation of the Elliptic package generates incorrect signatures if an interim value of 'k' as computed based on step 3.2 of RFC 6979 https://datatracker.ietf.org/doc/html/rfc6979 has leading zeros and is susceptible to cryptanalysis, which can lead to secret key exposure. This...

EUVD-2025-204349

A cryptography vulnerability in Kentico Xperience allows attackers to potentially manipulate URL hash values through existing hashing mechanisms. The hotfix introduces an additional security layer to prevent hash value reuse and potential exploitation...

CVE-2025-43723

CVE-2025-43723 affects Dell PowerScale OneFS. The issue is a use of a broken or risky cryptographic algorithm in PowerScale OneFS, allowing an unauthenticated remote attacker to potentially cause information disclosure. Affected versions are PowerScale OneFS prior to 9.10.1.3 and 9.11.0.0 through...

EUVD-2018-0030

Malware in sbrugna...

EUVD-2022-5096

Malicious code in bioql PyPI...

EUVD-2025-27250

Malicious code in bioql PyPI...

EUVD-2024-0496

Malicious code in bioql PyPI...

CVE-2025-7970

A security issue exists within FactoryTalk Activation Manager. An error in the implementation of cryptography within the software could allow attackers to decrypt traffic. This could result in data exposure, session hijacking, or full communication compromise...

Rockwell FactoryTalk Activation Manager 5.x < 5.02 Information Disclosure

The version of Rockwell FactoryTalk Activation Manager installed on the remote Windows host is 5.x prior to 5.02. It is, therefore, affected by an information disclosure vulnerability. An error in the implementation of cryptography within the software could allow attackers to decrypt traffic. Thi...

CVE-2025-7970

A security issue exists within FactoryTalk Activation Manager. An error in the implementation of cryptography within the software could allow attackers to decrypt traffic. This could result in data exposure, session hijacking, or full communication compromise...

CVE-2025-7970 Rockwell Automation FactoryTalk Activation Manager Lack of Encryption Vulnerability

A security issue exists within FactoryTalk Activation Manager. An error in the implementation of cryptography within the software could allow attackers to decrypt traffic. This could result in data exposure, session hijacking, or full communication compromise...

CVE-2025-7970 Rockwell Automation FactoryTalk Activation Manager Lack of Encryption Vulnerability

A security issue exists within FactoryTalk Activation Manager. An error in the implementation of cryptography within the software could allow attackers to decrypt traffic. This could result in data exposure, session hijacking, or full communication compromise...

Linux Distros Unpatched Vulnerability : CVE-2019-19962

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - wolfSSL before 4.3.0 mishandles calls to wcSignatureGenerateHash, leading to fault injection in RSA cryptography. CVE-2019-19962 Note that Nessus relies on the...