PT-2025-26705 · Dropbox · Dropbox

Name of the Vulnerable Software and Affected Versions: Dropbox affected versions not specified Description: The issue concerns file decryption in Dropbox. No further details are provided about the nature of the issue or its potential impact. Recommendations: At the moment, there is no information...

CVE-2025-52464

Meshtastic is an open source mesh networking solution. In versions from 2.5.0 to before 2.6.11, the flashing procedure of several hardware vendors was resulting in duplicated public/private keys. Additionally, the Meshtastic was failing to properly initialize the internal randomness pool on some...

Cost-Effective Optimization and Implementation of the CRT-Paillier Decryption Algorithm for Enhanced Performance

To address the privacy protection problem in cloud computing, privacy enhancement techniques such as the Paillier additive homomorphism algorithm are receiving widespread attention. Paillier algorithm allows addition and scalar multiplication operations in dencrypted state, which can effectively...

Unspecified Vulnerability in Ivanti Workspace Control

Ivanti Workspace Control is a desktop management solution from Ivanti. A security vulnerability exists in Ivanti Workspace Control, which is rooted in a hard-coded key that can be exploited by an attacker to decrypt stored environment variable credentials and obtain sensitive information...

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix UAF in decryption with multichannel After commit f7025d861694 "smb: client: allocate crypto only for primary server" and commit b0abcd65ec54 "smb: client: fix UAF in async decryption", the channels started reusin...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: smb: client: fixed UAF in async decryption Performing async decryption large read results in a crash due to a slabuseafterfree issue in the crypto API. Reproducing the issue: mount.cifs -o ...,seal,esize=1 //srv/share /mnt dd...

kernel: smb: client: fix UAF in decryption with multichannel

A use-after-free UAF vulnerability was found in the Linux kernel's SMB client functionality. A local attacker with permissions to connect to arbitrary SMB servers with precise timing could exploit this flaw to alter system memory, leading to denials of service, alteration of sensitive memory...

TencentOS Server 4: kernel (TSSA-2024:0979)

"The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0979 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilitie...

TencentOS Server 3: openssl (TSSA-2023:0021)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2023:0021 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

PT-2025-25185 · Sungrow · Isolarcloud

Name of the Vulnerable Software and Affected Versions: SunGrow's back end users system iSolarCloud affected versions not specified Description: The issue concerns the MQTT service used by iSolarCloud to transport data from connected devices to the user's web browser. The MQTT server lacks...

Sungrow iSolarCloud 安全漏洞

Sungrow iSolarCloud Sunshine Cloud is a software for monitoring and managing PV power plants from China's Sunny Power Sungrow. A security vulnerability exists in Sungrow iSolarCloud, which stems from an under-restricted MQTT service that could result in subscribing to arbitrary topics and...

CVE-2025-5353

A hardcoded key in Ivanti Workspace Control before version 10.19.10.0 allows a local authenticated attacker to decrypt stored SQL credentials...

CVE-2025-22463

A hardcoded key in Ivanti Workspace Control before version 10.19.10.0 allows a local authenticated attacker to decrypt the stored environment password...

Ivanti Workspace Control 安全漏洞

Ivanti Workspace Control is a suite of workspace control software from Ivanti USA. The software includes features such as user management, application management and report management. A security vulnerability exists in Ivanti Workspace Control versions prior to 10.19.10.0, which stems from a...

CLSA-2025-1749479602 gnutls: Fix of 3 CVEs

Keep the broken pkcs11 tests disabled. - Added CVE-2024-0567 PoC test. - CVE-2023-5981-pre1: improve level of randomness for each operations, always use gnutlsswitchlibstate for pk wrappers. - CVE-2023-5981-pre2: add constant time/cache operations to prevent or minimaze timining or cache side...

SECNEURON: Reliable and Flexible Abuse Control in Local LLMs Via Hybrid Neuron Encryption

Large language models LLMs with diverse capabilities are increasingly being deployed in local environments, presenting significant security and controllability challenges. These locally deployed LLMs operate outside the direct control of developers, rendering them more susceptible to abuse...

CVE-2025-49164

Arris VIP1113 devices through 2025-05-30 with KreaTV SDK have a firmware decryption key of cd1c2d78f2cba1f73ca7e697b4a485f49a8a7d0c8b0fdc9f51ced50f2530668a...

CVE-2025-49164

Arris VIP1113 devices through 2025-05-30 with KreaTV SDK have a firmware decryption key of cd1c2d78f2cba1f73ca7e697b4a485f49a8a7d0c8b0fdc9f51ced50f2530668a...

Arris VIP1113 安全漏洞

The Arris VIP1113 is a set-top box for HD IPTV services from Arris USA. A security vulnerability exists in the Arris VIP1113 version 2025-05-30 and earlier, which stems from a firmware decryption key of cd1c2d78f2cba1f73ca7e697b4a485f49a8a7d0c8b0fdc9f51ced50f2530668a...

CVE-2025-49164

Arris VIP1113 devices through 2025-05-30 with KreaTV SDK have a firmware decryption key of cd1c2d78f2cba1f73ca7e697b4a485f49a8a7d0c8b0fdc9f51ced50f2530668a...