Information disclosure via Desktop client when attempting to lock a file inside a end-to-end encrypted directory

None...

Nextcloud Desktop Client 安全漏洞

Nextcloud Desktop Client is an open source file synchronization and sharing tool from Nextcloud GmbH. A security vulnerability exists in Nextcloud Desktop Client versions prior to 3.16.5, which stems from the unencrypted sending of file paths in an end-to-end encrypted directory, which could lead...

PRC State-Sponsored Actors Use BRICKSTORM Malware Across Public Sector and Information Technology Systems

The Cybersecurity and Infrastructure Security Agency CISA is aware of ongoing intrusions by People’s Republic of China PRC state-sponsored cyber actors using BRICKSTORM malware for long-term persistence on victim systems. BRICKSTORM is a sophisticated backdoor for VMware vSphere1,2 and Windows...

Exploit for CVE-2025-41744

Lab: CVE-2025-41744 - Use of Default Cryptographic Key in Spre...

CVE-2025-41744

Sprecher Automations SPRECON-E series uses default cryptographic keys that allow an unprivileged remote attacker to access all encrypted communications, thereby compromising confidentiality and integrity...

[SECURITY] Fedora 43 Update: openbao-2.4.4-1.fc43

Openbao secures, stores, and tightly controls access to tokens, passwords, certificates, API keys, and other secrets in modern computing. Openbao handles leasing, key revocation, key rolling, and auditing. Through a unified API, us ers can access an encrypted Key/Value store and network...

CVE-2025-41744

Sprecher Automations SPRECON-E series uses default cryptographic keys that allow an unprivileged remote attacker to access all encrypted communications, thereby compromising confidentiality and integrity...

CVE-2025-41744 Sprecher Automation: SPRECON-E series has static default key material for TLS connections

Sprecher Automations SPRECON-E series uses default cryptographic keys that allow an unprivileged remote attacker to access all encrypted communications, thereby compromising confidentiality and integrity...

EUVD-2025-200222

Sprecher Automations SPRECON-E series uses default cryptographic keys that allow an unprivileged remote attacker to access all encrypted communications, thereby compromising confidentiality and integrity...

CVE-2025-41744

CVE-2025-41744 affects Sprecher Automation SPRECON-E series devices. Connected exploits confirm use of a default symmetric AES-256 key embedded across firmware, enabling unauthenticated remote attackers to decrypt and potentially tamper with encrypted network traffic. Impact is confidentiality an...

PT-2025-48663

Name of the Vulnerable Software and Affected Versions Sprecher Automations SPRECON-E series affected versions not specified Description The Sprecher Automations SPRECON-E series utilizes default cryptographic keys. This allows a remote attacker, without special privileges, to access all encrypted...

Sprecherautomation Sprecher SPRECON-E 安全漏洞

Sprecherautomation Sprecher SPRECON-E is a service package application from Sprecherautomation Austria that provides operational consulting, planning, development, engineering and equipment site installation, commissioning and operator training. A security vulnerability exists in Sprecherautomati...

ShadyPanda Turns Popular Browser Extensions with 4.3 Million Installs Into Spyware

A threat actor known as ShadyPanda has been linked to a seven-year-long browser extension campaign that has amassed over 4.3 million installations over time. Five of these extensions started off as legitimate programs before malicious changes were introduced in mid-2024, according to a report fro...

CVE-2025-65951

Inside Track / Entropy Derby is a research-grade horse-racing betting engine. Prior to commit 2d38d2f, the VDF-based timelock encryption system fails to enforce sequential delay against the betting operator. Bettors pre-compute the entire Wesolowski VDF and include vdfOutputHex in their encrypted...

Exploit for Missing Authentication for Critical Function in Veeam Veeam_Backup_\&_Replication

CVE-2023-27532 - Veeam Backup & Replication Vulnerability...

AMD CPUs have an unspecified vulnerability

AMD CPUs are a family of CPUs from AMD. An unspecified vulnerability exists in AMD CPUs, which can be exploited by an attacker to run SEV-SNP clients with stale TLB entries, resulting in a loss of data integrity...

Linux Distros Unpatched Vulnerability : CVE-2025-0033

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper access control within AMD SEV-SNP could allow an admin privileged attacker to write to the RMP during SNP initialization, potentially resulting in a lo...

EUVD-2025-198507

A bug within some AMD CPUs could allow a local admin-privileged attacker to run a SEV-SNP guest using stale TLB entries, potentially resulting in loss of data integrity...

UBUNTU-CVE-2025-29934

A bug within some AMD CPUs could allow a local admin-privileged attacker to run a SEV-SNP guest using stale TLB entries, potentially resulting in loss of data integrity...

CVE-2025-29934

Summary: CVE-2025-29934 is associated with AMD CPUs and SEV-SNP, where an attacker with local admin privileges could abuse stale TLB entries to run a SEV-SNP guest, potentially causing data integrity loss. The vulnerability is described across multiple sources (NVD, EUVD, CNVD, OSV, Debian, Ubunt...