The vulnerability of the telnetd service in D-Link router microprogramming systems such as DIR-605L and DIR-816L allows a hacker to execute arbitrary code.

The vulnerability of the telnetd service in D-Link router microprogramming systems like DIR-605L and DIR-816L lies in the use of strictly encrypted login credentials. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by using the built-in login credentials...

Language of Network: a Generative Pre-Trained Model for Encrypted Traffic Comprehension

The increasing demand for privacy protection and security considerations leads to a significant rise in the proportion of encrypted network traffic. Since traffic content becomes unrecognizable after encryption, accurate analysis is challenging, making it difficult to classify applications and...

Fedora: Security Advisory (FEDORA-2025-c38fd06bec)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

LLM-Driven APT Detection for 6G Wireless Networks: a Systematic Review and Taxonomy

Sixth Generation 6G wireless networks, which are expected to be deployed in the 2030s, have already created great excitement in academia and the private sector with their extremely high communication speed and low latency rates. However, despite the ultra-low latency, high throughput, and...

CVE-2024-36511

An improperly implemented security check for standard vulnerability CWE-358 in FortiADC Web Application Firewall WAF 7.4.0 through 7.4.4, 7.2 all versions, 7.1 all versions, 7.0 all versions, 6.2 all versions, 6.1 all versions, 6.0 all versions when cookie security policy is enabled may allow an...

CVE-2024-36495

The application Faronics WINSelect Standard + Enterprise saves its configuration in an encrypted file on the file system which "Everyone" has read and write access to, path to file: C:\ProgramData\WINSelect\WINSelect.wsd The path for the affected WINSelect Enterprise configuration file is:...

CVE-2024-20261

A vulnerability in the file policy feature that is used to inspect encrypted archive files of Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to bypass a configured file policy to block an encrypted archive file. This vulnerability exists because of a...

Nextcloud: Information disclosure via Desktop client when attempting to lock a file inside a end-to-end encrypted directory

A security vulnerability was discovered in the desktop client of a file-sharing application. The vulnerability allowed information disclosure when attempting to lock a file inside an end-to-end encrypted directory...

CVE-2024-39925

An issue was discovered in Vaultwarden formerly BitwardenRS 1.30.3. It lacks an offboarding process for members who leave an organization. As a result, the shared organization key is not rotated when a member departs. Consequently, the departing member, whose access should be revoked, retains a...

CVE-2024-39921

Observable timing discrepancy issue exists in IPCOM EX2 Series V01L02NF0001 to V01L06NF0401, V01L20NF0001 to V01L20NF0401, V02L20NF0001 to V02L21NF0301, and IPCOM VE2 Series V01L04NF0001 to V01L06NF0112. If this vulnerability is exploited, some of the encrypted communication may be decrypted by a...

CVE-2024-54466

An authorization issue was addressed with improved state management. This issue is fixed in macOS Sequoia 15.2, macOS Sonoma 14.7.2, macOS Ventura 13.7.2. An encrypted volume may be accessed by a different user without prompting for the password...

CVE-2024-47805

Jenkins Credentials Plugin 1380.va435002fa924 and earlier, except 1371.1373.v4ebfab7161e9, does not redact encrypted values of credentials using the SecretBytes type when accessing item config.xml via REST API or CLI...

CVE-2023-22918

A post-authentication information exposure vulnerability in the CGI program of Zyxel ATP series firmware versions 4.32 through 5.35, USG FLEX series firmware versions 4.50 through 5.35, USG FLEX 50W firmware versions 4.16 through 5.35, USG20W-VPN firmware versions 4.16 through 5.35, VPN series...

CVE-2023-20109

A vulnerability in the Cisco Group Encrypted Transport VPN GET VPN feature of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker who has administrative control of either a group member or a key server to execute arbitrary code on an affected device or cause...

CVE-2023-41305

Vulnerability of 5G messages being sent without being encrypted in a VPN environment in the SMS message module. Successful exploitation of this vulnerability may affect confidentiality...

CVE-2023-50443

Encrypted disks created by PRIMX CRYHOD for Windows before Q.2020.4 ANSSI qualification submission or CRYHOD for Windows before 2023.5 can be modified by an unauthenticated attacker to include a UNC reference so that it could trigger outbound network traffic from computers on which disks are open...

CVE-2023-40354

An issue was discovered in MariaDB MaxScale before 23.02.3. A user enters an encrypted password on a "maxctrl create service" command line, but this password is then stored in cleartext in the resulting .cnf file under /var/lib/maxscale/maxscale.cnf.d. The fixed versions are 2.5.28, 6.4.9, 22.08....

CVE-2023-35763

Iagona ScrutisWeb versions 2.1.37 and prior are vulnerable to a cryptographic vulnerability that could allow an unauthenticated user to decrypt encrypted passwords into plaintext...

CVE-2023-29501

Jiyu Kukan Toku-Toku coupon App for iOS versions 3.5.0 and earlier, and Jiyu Kukan Toku-Toku coupon App for Android versions 3.5.0 and earlier are vulnerable to improper server certificate verification. If this vulnerability is exploited, a man-in-the-middle attack may allow an attacker to...

CVE-2023-21499

Out-of-bounds write vulnerability in TACommunicationmposencryptpin in mPOS TUI trustlet prior to SMR May-2023 Release 1 allows local attackers to execute arbitrary code...