CVE-2025-59107

Dormakaba provides the software FWServiceTool to update the firmware version of the Access Managers via the network. The firmware in some instances is provided in an encrypted ZIP file. Within this tool, the password used to decrypt the ZIP and extract the firmware is set statically and can be...

CVE-2025-59107

Dormakaba’s FWServiceTool uses an encrypted ZIP to deliver firmware for Access Managers. A static password is embedded to decrypt and extract the firmware, and this password has been valid across multiple firmware versions. This enables local access to firmware content, affecting confidentiality ...

Dormakaba Access Manager security vulnerabilities

Dormakaba Access Manager is a smart hardware controller developed by the American company Dormakaba. There is a security vulnerability in Dormakaba Access Manager, which stems from the use of a static extractable password in the firmware update ZIP file, potentially allowing the firmware to be...

PT-2026-4757

Dormakaba provides the software FWServiceTool to update the firmware version of the Access Managers via the network. The firmware in some instances is provided in an encrypted ZIP file. Within this tool, the password used to decrypt the ZIP and extract the firmware is set statically and can be...

CVE-2025-25051

An attacker could decrypt sensitive data, impersonate legitimate users or devices, and potentially gain access to network resources for lateral attacks...

CVE-2026-23966

sm-crypto provides JavaScript implementations of the Chinese cryptographic algorithms SM2, SM3, and SM4. A private key recovery vulnerability exists in the SM2 decryption logic of sm-crypto prior to version 0.3.14. By interacting with the SM2 decryption interface multiple times, an attacker can...

CVE-2025-25051

An attacker could decrypt sensitive data, impersonate legitimate users or devices, and potentially gain access to network resources for lateral attacks...

CVE-2025-25051

An attacker could decrypt sensitive data, impersonate legitimate users or devices, and potentially gain access to network resources for lateral attacks...

CVE-2025-25051 AutomationDirect CLICK Programmable Logic Controller Plaintext Storage of a Password

An attacker could decrypt sensitive data, impersonate legitimate users or devices, and potentially gain access to network resources for lateral attacks...

CVE-2025-25051

CVE-2025-25051 pertains to AutomationDirect CLICK PLC, where the vulnerability arises from plaintext storage of a password in the project file. An attacker with access to the project file could decrypt credentials, impersonate legitimate users or devices, and potentially access network resources ...

SUSE-SU-2026:0263-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP5 RT kernel was updated to fix various security issues The following security issues were fixed: - CVE-2022-50630: mm: hugetlb: fix UAF in hugetlbhandleuserfault bsc1254785. - CVE-2022-50700: wifi: ath10k: Delay the unmapping of the buffer bsc1255576. -...

AutomationDirect CLICK Programmable Logic Controller

RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to impersonate users, escalate privileges, gain unauthorized access to systems and services, and decrypt sensitive data. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the...

CVE-2026-23966

sm-crypto provides JavaScript implementations of the Chinese cryptographic algorithms SM2, SM3, and SM4. A private key recovery vulnerability exists in the SM2 decryption logic of sm-crypto prior to version 0.3.14. By interacting with the SM2 decryption interface multiple times, an attacker can...

CVE-2026-23966 sm-crypto Affected by Private Key Recovery in SM2-PKE

sm-crypto provides JavaScript implementations of the Chinese cryptographic algorithms SM2, SM3, and SM4. A private key recovery vulnerability exists in the SM2 decryption logic of sm-crypto prior to version 0.3.14. By interacting with the SM2 decryption interface multiple times, an attacker can...

CVE-2026-23966

CVE-2026-23966 (sm-crypto) affects the JavaScript library implementing SM2/SM3/SM4. The vulnerability resides in the SM2 decryption logic, where an attacker can recover the private key by repeatedly invoking the SM2 decryption interface. The issue exists in versions prior to 0.3.14; version 0.3.1...

CVE-2026-23966

sm-crypto provides JavaScript implementations of the Chinese cryptographic algorithms SM2, SM3, and SM4. A private key recovery vulnerability exists in the SM2 decryption logic of sm-crypto prior to version 0.3.14. By interacting with the SM2 decryption interface multiple times, an attacker can...

CVE-2026-23966 sm-crypto Affected by Private Key Recovery in SM2-PKE

sm-crypto provides JavaScript implementations of the Chinese cryptographic algorithms SM2, SM3, and SM4. A private key recovery vulnerability exists in the SM2 decryption logic of sm-crypto prior to version 0.3.14. By interacting with the SM2 decryption interface multiple times, an attacker can...

CVE-2026-23966 sm-crypto Affected by Private Key Recovery in SM2-PKE

sm-crypto provides JavaScript implementations of the Chinese cryptographic algorithms SM2, SM3, and SM4. A private key recovery vulnerability exists in the SM2 decryption logic of sm-crypto prior to version 0.3.14. By interacting with the SM2 decryption interface multiple times, an attacker can...

sm-crypto data forgery vulnerability

sm-crypto is an encryption algorithm developed by June01, a personal developer. Versions of sm-crypto prior to 0.3.14 contained a data manipulation vulnerability. This vulnerability stemmed from defects in the SM2 decryption logic, which could lead to the recovery of private keys...

AutomationDirect CLICK Programmable Logic Controller security vulnerability

The AutomationDirect CLICK Programmable Logic Controller is a programmable logic controller developed by the AutomationDirect company in the United States. The AutomationDirect CLICK Programmable Logic Controller has a security vulnerability. This vulnerability allows attackers to decrypt sensiti...