EUVD-2023-43242

Malicious code in bioql PyPI...

EUVD-2023-41296

Malicious code in bioql PyPI...

From Quantum Hacks to AI Defenses – Expert Guide to Building Unbreakable Cyber Resilience

Quantum computing and AI working together will bring incredible opportunities. Together, the technologies will help us extend innovation further and faster than ever before. But, imagine the flip side, waking up to news that hackers have used a quantum computer to crack your company's encryption...

CVE-2025-9239

A vulnerability was identified in elunez eladmin up to 2.7. Affected by this vulnerability is the function EncryptUtils of the file eladmin-common/src/main/java/me/zhengjie/utils/EncryptUtils.java of the component DES Key Handler. The manipulation of the argument STRPARAM with the input Passw0rd...

CVE-2025-9239 elunez eladmin DES Key EncryptUtils.java EncryptUtils inadequate encryption

A vulnerability was identified in elunez eladmin up to 2.7. Affected by this vulnerability is the function EncryptUtils of the file eladmin-common/src/main/java/me/zhengjie/utils/EncryptUtils.java of the component DES Key Handler. The manipulation of the argument STRPARAM with the input Passw0rd...

DELL CloudLink XML External Entity References Improperly Restricted Vulnerability

DELL CloudLink is a data encryption and key management solution from Dell that is targeted at enterprise-level users and supports public, private and hybrid cloud environments. DELL CloudLink suffers from an improperly restricted XML external entity reference vulnerability that can be exploited b...

PT-2025-34143 · Elunez · Elunez Eladmin

Name of the Vulnerable Software and Affected Versions: elunez eladmin versions prior to 2.8 Description: A vulnerability exists in the EncryptUtils function within the DES Key Handler component of elunez eladmin. Manipulation of the STR PARAM argument with the input Passw0rd results in inadequate...

CVE-2025-33100

IBM Concert Software 1.0.0 through 1.1.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data...

CVE-2025-33100

CVE-2025-33100 concerns IBM Concert Software versions 1.0.0–1.1.0 that allegedly contain hard-coded credentials used for inbound authentication, outbound communication, or data encryption. The core issue is a trust/credential hard-coding flaw, which could enable unauthorized access or leakage of ...

Prescriptive Zero Trust- Assessing the Impact of Zero Trust on Cyber Attack Prevention

Increasingly sophisticated and varied cyber threats necessitate ever improving enterprise security postures. For many organizations today, those postures have a foundation in the Zero Trust Architecture. This strategy sees trust as something an enterprise must not give lightly or assume too...

Cyber Risks to Next-Gen Brain-Computer Interfaces: Analysis and Recommendations

Brain-computer interfaces BCIs show enormous potential for advancing personalized medicine. However, BCIs also introduce new avenues for cyber-attacks or security compromises. In this article, we analyze the problem and make recommendations for device manufacturers to better secure devices and to...

Dell CloudLink 代码问题漏洞

DELL CloudLink is a data encryption and key management solution from Dell that is targeted at enterprise-level users and supports public, private and hybrid cloud environments. DELL CloudLink suffers from an improperly restricted XML external entity reference vulnerability that can be exploited b...

Broadcom Symantec PGP Encryption 安全漏洞

Broadcom Symantec PGP Encryption is a data encryption software from Broadcom, Inc. A security vulnerability exists in Broadcom Symantec PGP Encryption that originates from the server not properly validating or encoding user input data, which could lead to a stored cross-site scripting attack...

Broadcom Symantec PGP Encryption 安全漏洞

Broadcom Symantec PGP Encryption is a data encryption software from Broadcom Corporation USA. A security vulnerability exists in Broadcom Symantec PGP Encryption that stems from an improper assignment of privileges, which could result in elevated privileges...

CVE-2025-40680

Lack of sensitive data encryption in CapillaryScope v2.5.0 of Capillary io, which stores both the proxy credentials and the JWT session token in plain text within different registry keys on the Windows operating system. Any authenticated local user with read access to the registry can extract the...

CVE-2025-40680 Encryption of sensitive data in CapillaryScope missing

Lack of sensitive data encryption in CapillaryScope v2.5.0 of Capillary io, which stores both the proxy credentials and the JWT session token in plain text within different registry keys on the Windows operating system. Any authenticated local user with read access to the registry can extract the...

PT-2025-30662 · Microsoft +1 · Windows +1

Name of the Vulnerable Software and Affected Versions: CapillaryScope version 2.5.0 Description: The software lacks sensitive data encryption, storing proxy credentials and the JWT session token in plain text within Windows registry keys. Any authenticated local user with read access to the...

PT-2025-30495 · Duracomm · Duracomm Spm-500 Dp-10In-100-Mu

Name of the Vulnerable Software and Affected Versions: DuraComm SPM-500 DP-10iN-100-MU affected versions not specified Description: The device transmits sensitive data without encryption, potentially allowing attackers to intercept it. Recommendations: At the moment, there is no information about...

Vulnerability of Cryptographic Services in Windows operating systems, allowing attackers to disclose protected information

The vulnerability of Cryptographic Services in Windows operating systems is related to insufficiently secure data encryption. Exploiting this vulnerability can allow a malicious actor to disclose protected information remotely...

The vulnerability of the Aqua Security Scanner plugin in the Jenkins automation server, related to the lack of data encryption measures, allows attackers to gain unauthorized access to protected information.

The vulnerability of the Aqua Security Scanner plugin in the Jenkins automation server is related to the lack of data encryption measures. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information...