CVE-2026-45787

electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. Prior to 3.9.5, deterministic AES-192-CBC with a fixed zero IV, constant KDF salt, and no MAC leads to confidentiality and integrity failures for synced bookmark/profile data. Attackers can crack common...

CVE-2026-45787

electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. Prior to 3.9.5, deterministic AES-192-CBC with a fixed zero IV, constant KDF salt, and no MAC leads to confidentiality and integrity failures for synced bookmark/profile data. Attackers can crack common...

CVE-2026-45787

The CVE-2026-45787 entry concerns electerm, an open-source terminal/SSH/etc. client. Technical details in connected sources show that versions prior to 3.9.5 use deterministic AES-192-CBC with a fixed zero IV, a constant KDF salt, and no MAC, causing confidentiality and integrity failures for syn...

Use of Password Hash With Insufficient Computational Effort

Overview electerm is an open-sourced terminal/ssh/telnet/serialport/sftp client Affected versions of this package are vulnerable to Use of Password Hash With Insufficient Computational Effort due to the encrypt process. An attacker can compromise the confidentiality and integrity of synced bookma...

GHSA-G29V-Q6H7-76WH electerm's encrypt method not safe enough

Impact Insecure sync encryption: deterministic AES-192-CBC with a fixed zero IV, constant KDF salt, and no MAC leads to confidentiality and integrity failures for synced bookmark/profile data. Attackers can crack common passwords across installs and perform undetected ciphertext bit-flips to alte...

electerm's encrypt method not safe enough

Impact Insecure sync encryption: deterministic AES-192-CBC with a fixed zero IV, constant KDF salt, and no MAC leads to confidentiality and integrity failures for synced bookmark/profile data. Attackers can crack common passwords across installs and perform undetected ciphertext bit-flips to alte...

PT-2026-41204

Name of the Vulnerable Software and Affected Versions electerm versions prior to 3.9.5 Description Insecure sync encryption occurs due to the use of deterministic AES-192-CBC with a fixed zero IV Initialization Vector, a constant KDF Key Derivation Function salt, and the absence of a MAC Message...

EUVD-2026-2027

Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, Jervis uses deterministic AES IV derivation from a passphrase. This vulnerability is fixed in 2.2...

EUVD-2025-27023

Malicious code in bioql PyPI...

EUVD-2025-26195

Malicious code in bioql PyPI...

EUVD-2025-21707

Malicious code in bioql PyPI...

CVE-2025-30200

ECOVACS robot vacuums and base stations communicate via an insecure Wi-Fi network with a deterministic AES encryption key, which can be easily derived...

CVE-2025-30200

ECOVACS robot vacuums and base stations communicate via an insecure Wi-Fi network with a deterministic AES encryption key, which can be easily derived...

CVE-2025-30200 ECOVACS Vacuum and Base Station Hard-Coded AES Encryption

ECOVACS robot vacuums and base stations communicate via an insecure Wi-Fi network with a deterministic AES encryption key, which can be easily derived...

CVE-2025-9071 Insecure RSA-OAEP implementation with all-zero seed for padding in Oberon PSA Crypto

Erroneously using an all-zero seed for RSA-OEAP padding instead of the generated random bytes, in Oberon microsystems AG’s Oberon PSA Crypto library in all versions up to 1.5.1, results in deterministic RSA and thus in a loss of confidentiality for guessable messages, recognition of repeated...

Oberon PSA Crypto library 安全漏洞

Oberon PSA Crypto library is a cryptographic library from the Swiss company Oberon. A security vulnerability exists in Oberon PSA Crypto library version 1.5.1 and earlier, which stems from the use of all-zero seeds instead of random bytes, which could lead to RSA deterministic encryption, resulti...

CVE-2025-32874

An issue was discovered in Kaseya Rapid Fire Tools Network Detective through 2.0.16.0. A vulnerability exists in the EncryptionUtil class because symmetric encryption is implemented in a deterministic and non-randomized fashion. The method Encryptbyte clearData derives both the encryption key and...

CVE-2025-32874

CVE-2025-32874 affects Kaseya Rapid Fire Tools Network Detective up to version 2.0.16.0. The issue is in the EncryptionUtil class where symmetric encryption is implemented deterministically; the key and IV are derived from a fixed, hardcoded input using a static salt. As a result, identical plain...

PT-2025-28963 · Undefined · Undefined

Name of the Vulnerable Software and Affected Versions: Kaseya Rapid Fire Tools Network Detective versions through 2.0.16.0 Description: A cryptographic implementation flaw exists in the password encryption mechanism within the EncryptionUtil class. Symmetric encryption is implemented in a...

CVE-2024-53845 AES/CBC Constant IV Vulnerability in ESPTouch v2

ESPTouch is a connection protocol for internet of things devices. In the ESPTouchV2 protocol, while there is an option to use a custom AES key, there is no option to set the IV Initialization Vector prior to versions 5.3.2, 5.2.4, 5.1.6, and 5.0.8. The IV is set to zero and remains constant...