Race Condition

Overview Affected versions of this package are vulnerable to Race Condition due to a race condition in the traffic processing mechanism. An attacker can intercept and read packets that should be encrypted. Remediation Upgrade github.com/cilium/cilium/bpf/lib to version 1.15.16, 1.16.9, 1.17.3 or...

DecETT: Accurate App Fingerprinting under Encrypted Tunnels Via Dual Decouple-Based Semantic Enhancement

Whitepaper called DecETT: Accurate App Fingerprinting Under Encrypted Tunnels Via Dual Decouple-Based Semantic Enhancement...

The vulnerability of the /etc/shadow file in TOTOLINK CA300-PoE router microprogramming software allows a hacker to disclose protected information.

The vulnerability of the /etc/shadow file in TOTOLINK CA300-PoE router microprogramming systems is related to the use of strictly encrypted login credentials. Exploiting this vulnerability could allow an attacker to disclose the protected information...

The vulnerability of the multi-platform SCADA system KROON-TM, related to the use of a rigidly encrypted cryptographic key for the SSL certificate, allows a intruder to gain unauthorized access to protected information.

The vulnerability of the multi-platform SCADA system KROON-TM is related to the use of a rigidly encrypted cryptographic key for the SSL certificate. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information...

The vulnerability of the encrypted() function in the cross-platform framework for developing Qt software allows a hacker to induce a service failure.

The vulnerability of the encrypted function in the cross-platform framework for Qt software development is related to synchronization errors when using a shared resource. Exploiting this vulnerability can allow an attacker to cause service failures...

PCDiff: Proactive Control for Ownership Protection in Diffusion Models with Watermark Compatibility

With the growing demand for protecting the intellectual property IP of text-to-image diffusion models, we propose PCDiff -- a proactive access control framework that redefines model authorization by regulating generation quality. At its core, PCDIFF integrates a trainable fuser module and...

Operation BULUT: Encrypted Chats from Sky ECC, ANOM Lead to 232 Arrests

Intelligence from encrypted platforms like Sky ECC and ANOM has led to the arrest of 232 individuals and…...

FLSSM: a Federated Learning Storage Security Model with Homomorphic Encryption

Federated learning based on homomorphic encryption has received widespread attention due to its high security and enhanced protection of user data privacy. However, the characteristics of encrypted computation lead to three challenging problems: "computation-efficiency", "attack-tracing" and...

The vulnerability of the Primo RPA Orchestrator module of the Primo RPA automation platform allows a intruder to gain unauthorized access to protected information.

The vulnerability of the Primo RPA Orchestrator module of the Primo RPA automation platform lies in the use of a strictly encrypted cryptographic key. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information...

smb: client: Add check for next_buffer in receive_encrypted_standard()

...

uberAgent is unable to read encrypted credentials stored in Windows Credential Store

Customer is attempting to store encrypted credentials in the Windows Credentials Store as described in the uberAgent documentation https://docs.citrix.com/en-us/uberagent/7-3-1/uxm-features-configuration/username-and-configuration-setting-encryption-2.html, but uberAgent is unable to read the...

The vulnerability of the Data Manager component of Siemens SENTRON 7KT PAC1260, a multi-functional device for measuring parameters of electrical circuits, allows a hacker to gain unauthorized access to the device.

The vulnerability of the Data Manager component in the microprogramming software for multifunctional measurement devices for measuring electrical network parameters from Siemens SENTRON 7KT PAC1260 is related to the use of rigidly encrypted account data. Exploiting this vulnerability can allow an...

CVE-2025-3426

The CVE-2025-3426 entry describes lack of reverse engineering protections in Philips IntelliSpace Portal binaries, enabling discovery of hardcoded credentials. Affected products are IntelliSpace Portal 12 and earlier and Advanced Visualization Workspace 15. Technical details from connected source...

BIT-JENKINS-2025-31721

A missing permission check in Jenkins 2.503 and earlier, LTS 2.492.2 and earlier allows attackers with Computer/Create permission but without Computer/Configure permission to copy an agent, gaining access to encrypted secrets in its configuration...

GHSA-WR6W-JXG7-QPFH Jenkins Missing Permission Check

Jenkins 2.503 and earlier, LTS 2.492.2 and earlier does not perform a permission check in an HTTP endpoint. This allows attackers with Computer/Create permission but without Computer/Configure permission to copy an agent, gaining access to encrypted secrets in its configuration. This is due to an...

Missing Authorization

Overview org.jenkins-ci.main:jenkins-core is an open source automation server. Affected versions of this package are vulnerable to Missing Authorization in the doCreateItem method. A user with Computer/Create permission can copy an agent and thereby access encrypted secrets in its configuration...

CVE-2025-31721

A missing permission check in Jenkins 2.503 and earlier, LTS 2.492.2 and earlier allows attackers with Computer/Create permission but without Computer/Configure permission to copy an agent, gaining access to encrypted secrets in its configuration...

CVE-2025-31721

A missing permission check in Jenkins 2.503 and earlier, LTS 2.492.2 and earlier allows attackers with Computer/Create permission but without Computer/Configure permission to copy an agent, gaining access to encrypted secrets in its configuration...

CVE-2025-31721

A missing permission check in Jenkins 2.503 and earlier, LTS 2.492.2 and earlier allows attackers with Computer/Create permission but without Computer/Configure permission to copy an agent, gaining access to encrypted secrets in its configuration...

CVE-2025-31721

A missing permission check in Jenkins 2.503 and earlier, LTS 2.492.2 and earlier allows attackers with Computer/Create permission but without Computer/Configure permission to copy an agent, gaining access to encrypted secrets in its configuration...