Lucene search
K

162 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-57852

Malicious code in bioql PyPI...

7.5CVSS7.6AI score0.00499EPSS
Exploits0References1
OSV
OSV
added 2025/08/13 12:10 a.m.2 views

SUSE-SU-2025:02773-1 Security update for libgcrypt

This update for libgcrypt fixes the following issues: - CVE-2024-2236: timing-based side-channel flaw in RSA implementation can lead to decryption of RSA ciphertexts bsc1221107...

5.9CVSS7AI score0.01114EPSS
Exploits0References3
SUSE Linux
SUSE Linux
added 2025/08/12 8:23 a.m.2 views

Security update for libgcrypt

This update for libgcrypt fixes the following issues: CVE-2024-2236: timing-based side-channel flaw in RSA implementation can lead to decryption of RSA ciphertexts bsc1221107. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or...

5.9CVSS9.8AI score0.01114EPSS
Exploits0References4
SUSE Linux
SUSE Linux
added 2025/08/07 3:38 a.m.2 views

Security update for libgcrypt

This update for libgcrypt fixes the following issues: CVE-2024-2236: timing-based side-channel flaw in RSA implementation can lead to decryption of RSA ciphertexts bsc1221107. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or...

5.9CVSS9.8AI score0.01114EPSS
Exploits0References6
Cvelist
Cvelist
added 2025/07/16 8:1 p.m.11 views

CVE-2025-6982 Hardcoded DES Decryption Keys in TP-Link Archer C50 V3/V4/V5 and C20 V5

Use of Hard-coded Credentials in TP-Link Archer C50 V3 = 180703/V4 = 250117 /V5 = 200407 , and C20 V5 USV5260419 or EUV5260317 allows attackers to decrypt the config.xml files...

6.9CVSS0.00252EPSS
Exploits0References3
CVE
CVE
added 2025/07/16 8:1 p.m.25 views

CVE-2025-6982

CVE-2025-6982 affects TP-Link Archer C50 V3/V4/V5 firmware with hard-coded DES decryption keys, allowing offline decryption of config.xml and potential exposure of admin credentials and settings. Affected versions are V3 (<=180703), V4 (<=250117), and V5 (

6.9CVSS6AI score0.00252EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/06/29 12:0 a.m.3 views

CVE-2015-20112

RLPx 5 has two CTR streams based on the same key, IV, and nonce. This can facilitate decryption on a private network...

3.4CVSS7.1AI score0.0014EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/06/25 12:47 p.m.14 views

CVE-2025-6513

Standard Windows users can access the configuration file for database access of the BRAIN2 application and decrypt it...

9.3CVSS7.3AI score0.00146EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/06/10 12:0 a.m.3 views

Ivanti Workspace Control 安全漏洞

Ivanti Workspace Control is a suite of workspace control software from Ivanti USA. The software includes features such as user management, application management and report management. A security vulnerability exists in Ivanti Workspace Control versions prior to 10.19.10.0, which stems from a...

8.8CVSS6.4AI score0.00352EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 11:38 a.m.10 views

CVE-2025-24461

In JetBrains TeamCity before 2024.12.1 decryption of connection secrets without proper permissions was possible via Test Connection endpoint...

6.5CVSS6.9AI score0.00302EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:29 a.m.7 views

CVE-2024-35537

TVS Motor Company Limited TVS Connect Android v4.6.0 and IOS v5.0.0 was discovered to insecurely handle the RSA key pair, allowing attackers to possibly access sensitive information via decryption...

7.5CVSS6.9AI score0.00344EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 10:45 p.m.8 views

CVE-2022-45170

An issue was discovered in LIVEBOX Collaboration vDesk through v018. A Cryptographic Issue can occur under the /api/v1/vencrypt/decrypt/file endpoint. A malicious user, logged into a victim's account, is able to decipher a file without knowing the key set by the user...

6.5CVSS6.8AI score0.00444EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:24 p.m.21 views

CVE-2021-29443

jose is an npm library providing a number of cryptographic operations. In vulnerable versions AESCBCHMACSHA2 Algorithm A128CBC-HS256, A192CBC-HS384, A256CBC-HS512 decryption would always execute both HMAC tag verification and CBC decryption, if either failed JWEDecryptionFailed would be thrown. A...

5.9CVSS6.8AI score0.01167EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:25 p.m.5 views

CVE-2020-11005

The WindowsHello open source library NuGet HaemmerElectronics.SeppPenner.WindowsHello, before version 1.0.4, has a vulnerability where encrypted data could potentially be decrypted without needing authentication. If the library is used to encrypt text and write the output to a txt file, another...

5.5CVSS5.5AI score0.00234EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/21 9:4 p.m.16 views

CVE-2009-5057

The S/MIME feature in Open Ticket Request System OTRS before 2.3.4 does not configure the RANDFILE and HOME environment variables for OpenSSL, which might make it easier for remote attackers to decrypt e-mail messages that had lower than intended entropy available for cryptographic operations,...

5CVSS7AI score0.01645EPSS
Exploits0References1
Snyk
Snyk
added 2025/05/21 6:32 p.m.1 views

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection due to the improper handling of environment variables during the decryption process. An attacker with control over .ejson files can execute arbitrary commands on the host system by injecting malicious keys or encrypted...

7.5CVSS8.1AI score0.01334EPSS
Exploits0References2
CNVD
CNVD
added 2025/05/14 12:0 a.m.3 views

Tenda RX2 Pro Information Disclosure Vulnerability

Tenda RX2 Pro is a high performance WiFi 6 signal amplifier from Tenda China. The Tenda RX2 Pro suffers from an information disclosure vulnerability that originates from the explicit transmission of sensitive information in the web management portal, which can be exploited by an attacker to decry...

8.2CVSS6.5AI score0.00229EPSS
Exploits1References1
BDU FSTEC
BDU FSTEC
added 2025/03/21 12:0 a.m.7 views

The vulnerability of the EVP_DecryptUpdate function in the OpenSSL library of the Sante PACS Server web server allows a hacker to execute arbitrary code.

The vulnerability of the EVPDecryptUpdate function in the OpenSSL library of the Sante PACS Server web server system is related to reading data beyond the buffer boundaries in memory. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code by sending specially crafte...

10CVSS8.1AI score0.00851EPSS
Exploits2References3Affected Software1
NVD
NVD
added 2025/03/03 5:15 p.m.25 views

CVE-2025-27498

aes-gcm is a pure Rust implementation of the AES-GCM. In decryptinplacedetached, the decrypted ciphertext which is the correct ciphertext is exposed even if the tag is incorrect. This is because in decryptinplace in asconcore.rs, tag verification causes an error to be returned with the plaintext...

5.6CVSS0.00117EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/02/09 12:27 a.m.19 views

CVE-2024-52881

An issue was discovered in AudioCodes One Voice Operations Center OVOC before 8.4.582. Due to the use of a hard-coded key, an attacker is able to decrypt sensitive data such as passwords extracted from the topology file...

7.5CVSS6.6AI score0.0033EPSS
Exploits0References1
Rows per page
Query Builder