5444 matches found
SUSE CVE-2025-48937
matrix-rust-sdk is an implementation of a Matrix client-server library in Rust. matrix-sdk-crypto since version 0.8.0 and up to 0.11.0 does not correctly validate the sender of an encrypted event. Accordingly, a malicious homeserver operator can modify events served to clients, making those event...
Fortinet FortiPortal Log Message Disclosure Vulnerability
Fortinet FortiPortal is an advanced, feature-rich hosted security analysis and management support tool for Fortinet's FortiGate, FortiWiFi and FortiAP product lines, available as a virtual machine for MSPs. Fortinet FortiPortal suffers from a log information disclosure vulnerability that originat...
matrix-sdk-crypto vulnerable to sender of encrypted events being spoofed by homeserver administrator
Summary matrix-sdk-crypto since version 0.8.0 up to 0.11.0 does not correctly validate the sender of an encrypted event. Accordingly, a malicious homeserver operator can modify events served to clients, making those events appear to the recipient as if they were sent by another user. Although the...
CVE-2025-48937
matrix-rust-sdk is an implementation of a Matrix client-server library in Rust. matrix-sdk-crypto since version 0.8.0 and up to 0.11.0 does not correctly validate the sender of an encrypted event. Accordingly, a malicious homeserver operator can modify events served to clients, making those event...
CVE-2025-48937 matrix-sdk-crypto vulnerable to sender of encrypted events being spoofed by homeserver administrator
matrix-rust-sdk is an implementation of a Matrix client-server library in Rust. matrix-sdk-crypto since version 0.8.0 and up to 0.11.0 does not correctly validate the sender of an encrypted event. Accordingly, a malicious homeserver operator can modify events served to clients, making those event...
CVE-2025-48937 matrix-sdk-crypto vulnerable to sender of encrypted events being spoofed by homeserver administrator
matrix-rust-sdk is an implementation of a Matrix client-server library in Rust. matrix-sdk-crypto since version 0.8.0 and up to 0.11.0 does not correctly validate the sender of an encrypted event. Accordingly, a malicious homeserver operator can modify events served to clients, making those event...
CVE-2025-43697
Improper Preservation of Permissions vulnerability in Salesforce OmniStudio DataMapper allows exposure of encrypted data. This impacts OmniStudio: before Spring 2025...
CVE-2025-43700
Improper Preservation of Permissions vulnerability in Salesforce OmniStudio FlexCards allows exposure of encrypted data. This impacts OmniStudio: before Spring 2025...
CVE-2025-43697
Improper Preservation of Permissions vulnerability in Salesforce OmniStudio DataMapper allows exposure of encrypted data. This impacts OmniStudio: before Spring 2025...
CVE-2025-43697
CVE-2025-43697 is a Salesforce OmniStudio (DataMapper) issue described as Improper Preservation of Permissions, enabling exposure of encrypted data for affected records when field-level permissions are not enforced. Public details indicate the vulnerability affects OmniStudio before Spring 2025 a...
CVE-2025-43697
Improper Preservation of Permissions vulnerability in Salesforce OmniStudio DataMapper allows exposure of encrypted data. This impacts OmniStudio: before Spring 2025...
CVE-2025-43700
Improper Preservation of Permissions vulnerability in Salesforce OmniStudio FlexCards allows exposure of encrypted data. This impacts OmniStudio: before Spring 2025...
CVE-2025-43700
CVE-2025-43700 is a vulnerability in Salesforce OmniStudio (FlexCards) described as Improper Preservation of Permissions that can expose encrypted data. Public sources (NVD/NVD-derived entries) state impact on OmniStudio versions before Spring 2025 with a CVSS v3.1 base score of 7.5 (HIGH), indic...
Salesforce OmniStudio 安全漏洞
Salesforce OmniStudio is a digitization platform from US-based Salesforce, Inc. A security vulnerability exists in versions of Salesforce OmniStudio prior to 2025, which stems from an improper privilege retention issue that could lead to the disclosure of encrypted data...
Salesforce OmniStudio 安全漏洞
Salesforce OmniStudio is a digitization platform from US-based Salesforce, Inc. A security vulnerability exists in versions of Salesforce OmniStudio prior to 2025, which stems from an improper privilege retention issue that could lead to the disclosure of encrypted data...
PT-2025-24684 · Unknown · Matrix-Rust-Sdk
Name of the Vulnerable Software and Affected Versions: matrix-rust-sdk versions 0.8.0 through 0.11.0 Description: The issue arises from the failure to correctly validate the sender of an encrypted event in the matrix-sdk-crypto component. This allows a malicious homeserver operator to modify even...
The vulnerability of the Cisco Identity Services Engine (ISE) platform, which relates to the use of strictly encrypted login credentials, allows a hacker to alter the software configuration.
The vulnerability of the Cisco Identity Services Engine ISE platform relates to the use of strictly encrypted login credentials. Exploiting this vulnerability could allow a malicious actor to remotely modify the software configuration...
The vulnerability of the dtale library, related to the use of strictly encrypted credentials during the processing of the SECRET_KEY parameter, allows a hacker to bypass existing security restrictions and execute arbitrary code on the server.
The vulnerability of the dtale library lies in the use of strictly encrypted user credentials during the processing of the SECRETKEY parameter. Exploiting this vulnerability allows an attacker to bypass existing security restrictions and execute arbitrary code on the server...
A Private Smart Wallet with Probabilistic Compliance
We propose a privacy-preserving smart wallet with a novel invitation-based private onboarding mechanism. The solution integrates two levels of compliance in concert with an authority party: a proof of innocence mechanism and an ancestral commitment tracking system using bloom filters for...
Private Key and Password Protection by Steganographic Image Encryption
We propose a technique to protect and preserve a private key or a passcode in an encrypted two-dimensional graphical image. The plaintext private key or the passcode is converted into an encrypted QR code and embedded into a real-life color image with a steganographic scheme. The private key or t...