MAL-2026-4521 Malicious code in class-weaver (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b4e45cdd0a93db2db56ae7fd2c348305a5ce7aeab9c6fb4b2331c2a547b2c5e7 class-weaver advertises itself as a className/theme utility keywords clsx, utils, styling; exports named classNames and twMerge mimicking...

IBM Aspera Shares 加密问题漏洞

IBM Aspera Shares is a Web application from International Business Machines IBM. An encryption issue vulnerability exists in IBM Aspera Shares versions 1.9.9 through 1.11.0. The vulnerability stems from the use of a weak encryption algorithm and can be exploited by an attacker to decrypt highly...

PT-2026-27165

Name of the Vulnerable Software and Affected Versions TP-Link Archer NX200 TP-Link Archer NX210 TP-Link Archer NX500 TP-Link Archer NX600 Description A cryptographic key that is hardcoded into the configuration mechanism allows decryption and re-encryption of device configuration data. An...

CVE-2024-43178

IBM Concert 1.0.0 through 2.1.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information...

CVE-2026-26334 Calero VeraSMART < 2026 R1 Hardcoded Static AES Keys Allow Decryption of Service Credentials

Calero VeraSMART versions prior to 2026 R1 contain hardcoded static AES encryption keys within Veramark.Framework.dll Veramark.Core.Config class. These keys are used to encrypt the password of the service account stored in C:\VeraSMART Data\app.settings. An attacker with local access to the...

PT-2026-5085

Vulnerability that allows a Padding Oracle Attack to be performed on the Funambol v30.0.0.20 cloud server. The thumbnail display URL allows an attacker to decrypt and encrypt the parameters used by the application to generate ‘self-signed’ access URLs...

AZL-72637 CVE-2025-68284 affecting package kernel for versions less than 6.6.119.3-1

In the Linux kernel, the following vulnerability has been resolved: libceph: prevent potential out-of-bounds writes in handleauthsessionkey The len field originates from untrusted network packets. Boundary checks have been added to prevent potential out-of-bounds writes when decrypting the...

CVE-2025-68284 libceph: prevent potential out-of-bounds writes in handle_auth_session_key()

In the Linux kernel, the following vulnerability has been resolved: libceph: prevent potential out-of-bounds writes in handleauthsessionkey The len field originates from untrusted network packets. Boundary checks have been added to prevent potential out-of-bounds writes when decrypting the...

CVE-2025-68284

CVE-2025-68284 concerns the Linux kernel/libceph: the issue arises from handling the authentication session key where the len field comes from untrusted network packets. The patch adds boundary checks to prevent potential out-of-bounds writes when decrypting the connection secret or processing se...

CVE-2025-68284 libceph: prevent potential out-of-bounds writes in handle_auth_session_key()

In the Linux kernel, the following vulnerability has been resolved: libceph: prevent potential out-of-bounds writes in handleauthsessionkey The len field originates from untrusted network packets. Boundary checks have been added to prevent potential out-of-bounds writes when decrypting the...

PT-2025-51688

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw within the libceph component, specifically in the handle auth session key function. This issue could lead to potential out-of-bounds writes due to...

CVE-2025-52268

CVE-2025-52268 affects StarCharge Artemis AC Charger 7-22 kW v1.0.4. The issue is a hardcoded AES key that enables attackers to forge or decrypt valid login tokens. Documented across multiple sources (NVD, Red Hat, ENISA/EUVD, CVE list, CNNVD) with the same vulnerability description. Exploitation...

EUVD-2021-26879

Malware in sbrugna...

CVE-2025-55619

Summary: CVE-2025-55619 affects the Reolink Android app (version 4.54.0.4.20250526). The root cause is a hardcoded encryption key and IV, which attackers can leverage to decrypt access tokens and web session tokens stored in the app via reverse engineering. This vulnerability has a high impact (C...

Ivanti Endpoint Manager 安全漏洞

Ivanti Endpoint Manager is a comprehensive endpoint management solution developed by Ivanti to manage all endpoint devices in an enterprise network. An encryption misuse vulnerability exists in Ivanti Endpoint Manager, which can be exploited by an attacker to decrypt other users' passwords...

ejson2env 操作系统命令注入漏洞

ejson2env is a Shopify open source tool for decrypting EJSON secrets and exporting them as environment variables. An operating system command injection vulnerability exists in ejson2env versions prior to 2.0.8, which stems from insufficient output cleanup and could lead to command injection...

SunGrow iSolarCloud 安全漏洞

SunGrow iSolarCloud is an Android app for new energy power plant management from China SunGrow SunGrow. It is used for power plant data collection, monitoring, operation and maintenance and operation management. A security vulnerability exists in the SunGrow iSolarCloud Android app version...

IBM Cognos Controller 加密问题漏洞

IBM Cognos Controller is a suite of business intelligence and planning solutions from International Business Machines IBM. The product features process automation, financial audit control, and the creation and management of financial reports. An encryption issue vulnerability exists in IBM Cognos...

PyPI Repository Found Hosting Fake Crypto Wallet Recovery Tools That Steal User Data

A new set of malicious packages has been unearthed in the Python Package Index PyPI repository that masqueraded as cryptocurrency wallet recovery and management services, only to siphon sensitive data and facilitate the theft of valuable digital assets. "The attack targeted users of Atomic, Trust...

CVE-2024-39921

Observable timing discrepancy issue exists in IPCOM EX2 Series V01L02NF0001 to V01L06NF0401, V01L20NF0001 to V01L20NF0401, V02L20NF0001 to V02L21NF0301, and IPCOM VE2 Series V01L04NF0001 to V01L06NF0112. If this vulnerability is exploited, some of the encrypted communication may be decrypted by a...