CVE-2025-41744

Sprecher Automations SPRECON-E series uses default cryptographic keys that allow an unprivileged remote attacker to access all encrypted communications, thereby compromising confidentiality and integrity...

[SECURITY] Fedora 43 Update: openbao-2.4.4-1.fc43

Openbao secures, stores, and tightly controls access to tokens, passwords, certificates, API keys, and other secrets in modern computing. Openbao handles leasing, key revocation, key rolling, and auditing. Through a unified API, us ers can access an encrypted Key/Value store and network...

CVE-2025-41744

Sprecher Automations SPRECON-E series uses default cryptographic keys that allow an unprivileged remote attacker to access all encrypted communications, thereby compromising confidentiality and integrity...

EUVD-2025-200222

Sprecher Automations SPRECON-E series uses default cryptographic keys that allow an unprivileged remote attacker to access all encrypted communications, thereby compromising confidentiality and integrity...

CVE-2025-41744 Sprecher Automation: SPRECON-E series has static default key material for TLS connections

Sprecher Automations SPRECON-E series uses default cryptographic keys that allow an unprivileged remote attacker to access all encrypted communications, thereby compromising confidentiality and integrity...

CVE-2025-41744

CVE-2025-41744 affects Sprecher Automation SPRECON-E series devices. Connected exploits confirm use of a default symmetric AES-256 key embedded across firmware, enabling unauthenticated remote attackers to decrypt and potentially tamper with encrypted network traffic. Impact is confidentiality an...

PT-2025-48663

Name of the Vulnerable Software and Affected Versions Sprecher Automations SPRECON-E series affected versions not specified Description The Sprecher Automations SPRECON-E series utilizes default cryptographic keys. This allows a remote attacker, without special privileges, to access all encrypted...

Sprecherautomation Sprecher SPRECON-E 安全漏洞

Sprecherautomation Sprecher SPRECON-E is a service package application from Sprecherautomation Austria that provides operational consulting, planning, development, engineering and equipment site installation, commissioning and operator training. A security vulnerability exists in Sprecherautomati...

ShadyPanda Turns Popular Browser Extensions with 4.3 Million Installs Into Spyware

A threat actor known as ShadyPanda has been linked to a seven-year-long browser extension campaign that has amassed over 4.3 million installations over time. Five of these extensions started off as legitimate programs before malicious changes were introduced in mid-2024, according to a report fro...

CVE-2025-65951

Inside Track / Entropy Derby is a research-grade horse-racing betting engine. Prior to commit 2d38d2f, the VDF-based timelock encryption system fails to enforce sequential delay against the betting operator. Bettors pre-compute the entire Wesolowski VDF and include vdfOutputHex in their encrypted...

Exploit for Missing Authentication for Critical Function in Veeam Veeam_Backup_\&_Replication

CVE-2023-27532 - Veeam Backup & Replication Vulnerability...

AMD CPUs have an unspecified vulnerability

AMD CPUs are a family of CPUs from AMD. An unspecified vulnerability exists in AMD CPUs, which can be exploited by an attacker to run SEV-SNP clients with stale TLB entries, resulting in a loss of data integrity...

Linux Distros Unpatched Vulnerability : CVE-2025-0033

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper access control within AMD SEV-SNP could allow an admin privileged attacker to write to the RMP during SNP initialization, potentially resulting in a lo...

EUVD-2025-198507

A bug within some AMD CPUs could allow a local admin-privileged attacker to run a SEV-SNP guest using stale TLB entries, potentially resulting in loss of data integrity...

UBUNTU-CVE-2025-29934

A bug within some AMD CPUs could allow a local admin-privileged attacker to run a SEV-SNP guest using stale TLB entries, potentially resulting in loss of data integrity...

CVE-2025-29934

Summary: CVE-2025-29934 is associated with AMD CPUs and SEV-SNP, where an attacker with local admin privileges could abuse stale TLB entries to run a SEV-SNP guest, potentially causing data integrity loss. The vulnerability is described across multiple sources (NVD, EUVD, CNVD, OSV, Debian, Ubunt...

UBUNTU-CVE-2025-13470

In RNP version 0.18.0 a refactoring regression causes the symmetric session key used for Public-Key Encrypted Session Key PKESK packets to be left uninitialized except for zeroing, resulting in it always being an all-zero byte array. Any data encrypted using public-key encryption in this release...

CVE-2025-34337

eGovFramework/egovframe-common-components versions up to and including 4.3.1 includes Web Editor image upload and related file delivery functionality that uses symmetric encryption to protect URL parameters, but exposes an encryption oracle that allows attackers to generate valid ciphertext for...

CVE-2025-13315

Twonky Server 8.5.2 on Linux and Windows is vulnerable to an access control flaw. An unauthenticated attacker can bypass web service API authentication controls to leak a log file and read the administrator's username and encrypted password...

Security Bulletin: Astronomer with IBM is vulnerable to invalid signature verification due to the OpenPGP.js package (CVE-2025-47934)

Summary OpenPGP.js is used by Astronomer with IBM as part of OpenPGP processing functionality. Vulnerability Details CVEID:CVE-2025-47934 DESCRIPTION: OpenPGP.js is a JavaScript implementation of the OpenPGP protocol. Startinf in version 5.0.1 and prior to versions 5.11.3 and 6.1.1, a maliciously...