10 matches found
Missing Authentication for Critical Function
Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the decryptMessage.json.php endpoint, which processes user-supplied private keys, encrypted messages, and...
CVE-2025-63675
cryptidy through 1.2.4 allows code execution via untrusted data because pickle.loads is used. This occurs in aesdecryptmessage in symmetricencryption.py...
Deserialization of Untrusted Data
Overview cryptidy is a Python high level library for symmetric & asymmetric encryption Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the aesdecryptmessage function. An attacker can execute arbitrary code by supplying crafted data that is deserialized...
CVE-2025-63675
cryptidy through 1.2.4 allows code execution via untrusted data because pickle.loads is used. This occurs in aesdecryptmessage in symmetricencryption.py...
CVE-2025-63675
cryptidy through 1.2.4 allows code execution via untrusted data because pickle.loads is used. This occurs in aesdecryptmessage in symmetricencryption.py...
CVE-2025-63675
cryptidy through 1.2.4 allows code execution via untrusted data because pickle.loads is used. This occurs in aesdecryptmessage in symmetricencryption.py...
PT-2025-44585
Name of the Vulnerable Software and Affected Versions cryptidy versions through 1.2.4 Description The software allows code execution due to the use of pickle.loads with untrusted data. This issue occurs within the aes decrypt message function located in the symmetric encryption.py file...
PT-2024-11022 · Unknown · Contiki-Ng
Name of the Vulnerable Software and Affected Versions: Contiki-NG tinyDTLS versions through master branch 53a0d97 Description: The issue allows attackers to obtain sensitive information via crafted input to the dtls ccm decrypt message function. Recommendations: For Contiki-NG tinyDTLS versions...
Contiki-NG Security Vulnerability
Contiki-NG is an open source cross-platform operating system for next-generation IoT Internet of Things devices. A security vulnerability exists in Contiki-NG tinyDTLS version 2018-08-30 and prior versions, which stems from a mishandling of oversized packets in dtlsccmdecryptmessage can lead to...
CVE-2022-2393
A flaw was found in pki-core, which could allow a user to get a certificate for another user identity when directory-based authentication is enabled. This flaw allows an authenticated attacker on the adjacent network to impersonate another user within the scope of the domain, but they would not b...