CVE-2015-20112

CVE-2015-20112 concerns Ethereum’s RLPx 5 transport. The vulnerability arises because two CTR streams run from the same key, IV, and nonce, which could allow an adversary to decrypt traffic on a private network. Affected component: RLPx 5. Underlying issue: re-use of CTR parameters across streams...

Trend Makers Sight Bulb Pro 加密问题漏洞

Trend Makers Sight Bulb Pro is a camera from Trend Makers, Inc. The Trend Makers Sight Bulb Pro suffers from an encryption issue vulnerability that stems from the plaintext transfer of an AES key during initial setup, which could lead to the decryption of communications and the disclosure of...

📄 McAfee Agent 5.7.6 Insecure Storage

This script demonstrates the vulnerability in McAfee's Trellix Agent Database where attackers can retrieve and decrypt credentials from the ma.db database file. Version 5.7.6 is affected. Exploit Title: McAfee Agent 5.7.6 - Insecure Storage of Sensitive Information Date: 24 June 2025 Exploit...

McAfee Agent 5.7.6 - Insecure Storage of Sensitive Information

Exploit Title: McAfee Agent 5.7.6 - Insecure Storage of Sensitive Information Date: 24 June 2025 Exploit Author: Keenan Scott Vendor Homepage: hxxps://www.mcafee.com/ Software Download: N/A Unable to find Version: Arguments CmdletBinding param string$DbSource =...

CVE-2025-6513

Standard Windows users can access the configuration file for database access of the BRAIN2 application and decrypt it...

PT-2025-26705 · Dropbox · Dropbox

Name of the Vulnerable Software and Affected Versions: Dropbox affected versions not specified Description: The issue concerns file decryption in Dropbox. No further details are provided about the nature of the issue or its potential impact. Recommendations: At the moment, there is no information...

CVE-2025-52464

Meshtastic is an open source mesh networking solution. In versions from 2.5.0 to before 2.6.11, the flashing procedure of several hardware vendors was resulting in duplicated public/private keys. Additionally, the Meshtastic was failing to properly initialize the internal randomness pool on some...

Cost-Effective Optimization and Implementation of the CRT-Paillier Decryption Algorithm for Enhanced Performance

To address the privacy protection problem in cloud computing, privacy enhancement techniques such as the Paillier additive homomorphism algorithm are receiving widespread attention. Paillier algorithm allows addition and scalar multiplication operations in dencrypted state, which can effectively...

Unspecified Vulnerability in Ivanti Workspace Control

Ivanti Workspace Control is a desktop management solution from Ivanti. A security vulnerability exists in Ivanti Workspace Control, which is rooted in a hard-coded key that can be exploited by an attacker to decrypt stored environment variable credentials and obtain sensitive information...

kernel: smb: client: fix UAF in decryption with multichannel

A use-after-free UAF vulnerability was found in the Linux kernel's SMB client functionality. A local attacker with permissions to connect to arbitrary SMB servers with precise timing could exploit this flaw to alter system memory, leading to denials of service, alteration of sensitive memory...

TencentOS Server 4: kernel (TSSA-2024:0979)

"The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0979 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilitie...

TencentOS Server 3: openssl (TSSA-2023:0021)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2023:0021 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

PT-2025-25185 · Sungrow · Isolarcloud

Name of the Vulnerable Software and Affected Versions: SunGrow's back end users system iSolarCloud affected versions not specified Description: The issue concerns the MQTT service used by iSolarCloud to transport data from connected devices to the user's web browser. The MQTT server lacks...

Sungrow iSolarCloud 安全漏洞

Sungrow iSolarCloud Sunshine Cloud is a software for monitoring and managing PV power plants from China's Sunny Power Sungrow. A security vulnerability exists in Sungrow iSolarCloud, which stems from an under-restricted MQTT service that could result in subscribing to arbitrary topics and...

CVE-2025-5353

A hardcoded key in Ivanti Workspace Control before version 10.19.10.0 allows a local authenticated attacker to decrypt stored SQL credentials...

CVE-2025-22463

A hardcoded key in Ivanti Workspace Control before version 10.19.10.0 allows a local authenticated attacker to decrypt the stored environment password...

Ivanti Workspace Control 安全漏洞

Ivanti Workspace Control is a suite of workspace control software from Ivanti USA. The software includes features such as user management, application management and report management. A security vulnerability exists in Ivanti Workspace Control versions prior to 10.19.10.0, which stems from a...

CLSA-2025-1749479602 gnutls: Fix of 3 CVEs

Keep the broken pkcs11 tests disabled. - Added CVE-2024-0567 PoC test. - CVE-2023-5981-pre1: improve level of randomness for each operations, always use gnutlsswitchlibstate for pk wrappers. - CVE-2023-5981-pre2: add constant time/cache operations to prevent or minimaze timining or cache side...

SECNEURON: Reliable and Flexible Abuse Control in Local LLMs Via Hybrid Neuron Encryption

Large language models LLMs with diverse capabilities are increasingly being deployed in local environments, presenting significant security and controllability challenges. These locally deployed LLMs operate outside the direct control of developers, rendering them more susceptible to abuse...

CVE-2025-49164

Arris VIP1113 devices through 2025-05-30 with KreaTV SDK have a firmware decryption key of cd1c2d78f2cba1f73ca7e697b4a485f49a8a7d0c8b0fdc9f51ced50f2530668a...