Open Source Point of Sale 加密问题漏洞

Open Source Point of Sale is an open-source sales point system based on the Open Source Point of Sale framework. Versions of Open Source Point of Sale 3.4.2 and earlier had encryption-related vulnerabilities. These vulnerabilities stemmed from a function in the Employee Login component called...

WWBN AVideo 加密问题漏洞

WWBN AVideo is a video platform building system developed by the WWBN team using PHP. Versions of WWBN AVideo prior to 26.0 contained vulnerabilities related to encryption. These vulnerabilities stemmed from the use of weak RSA keys and the lack of authentication at the endpoint, which could lead...

SAMSUNG Galaxy Store 安全漏洞

SAMSUNG Galaxy Store is an application store owned by South Korean company Samsung. Versions of SAMSUNG Galaxy Store prior to version 4.6.03.8 contained security vulnerabilities. These vulnerabilities stemmed from improper encryption signature verification, which could allow local attackers to...

CVE-2025-64429

DuckDB 1.4.0–pre-1.4.2 encryption implementation is vulnerable due to multiple cryptographic weaknesses: insecure RNG (pcg32 fallback), possible memory wipe omission (memset) leaving secrets, and header manipulation could downgrade from GCM to CTR, bypassing integrity. There may also be unhandled...

CVE-2025-64429

DuckDB is a SQL database management system. DuckDB implemented block-based encryption of DB on the filesystem starting with DuckDB 1.4.0. There are a few issues related to this implementation. The DuckDB can fall back to an insecure random number generator pcg32 to generate cryptographic keys or...

EUVD-2003-0007

Malware in sbrugna...

EUVD-2006-4395

Malware in sbrugna...

EUVD-2017-4609

Malware in sbrugna...

EUVD-2002-2151

Malware in sbrugna...

EUVD-2021-29005

Malicious code in bioql PyPI...

Encryption Backdoor in Military/Police Radios

I wrote about this in 2023. Here's the story: Three Dutch security analysts discovered the vulnerabilities­--five in total--­in a European radio standard called TETRA Terrestrial Trunked Radio, which is used in radios made by Motorola, Damm, Hytera, and others. The standard has been used in radio...

Ivanti Endpoint Manager < 2022 SU8 Security Update 1 / 2024 < 2024 SU3 July 2025 Security Update

The version of Ivanti Endpoint Manager running on the remote host is prior to 2022 SU8 Security Update 1 or 2024 prior to 2024 SU3. It is, therefore, affected by multiple vulnerabilities: - Improper use of encryption in the agent of Ivanti Endpoint Manager before version 2024 SU3 and 2022 SU8...

Siemens SCALANCE X-200RNA Switch Devices Exposure of Sensitive Information to an Unauthorized Actor (CVE-2016-0704)

An oracle protection mechanism in the getclientmasterkey function in s2srvr.c in the SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a overwrites incorrect MASTER-KEY bytes during use of export cipher suites, which makes it easier fo...

Cisco Firepower Management Center 安全漏洞

Cisco Firepower Management Center FMC is the next generation firewall management center software from Cisco. Cisco Firepower Management Center has security vulnerabilities that stem from improper encryption of sensitive information stored in the GUI configuration manager. An attacker could exploi...

Hackers Can Clone Millions of Toyota, Hyundai, and Kia Keys

Encryption flaws in a common anti-theft feature expose vehicles from major manufacturers...

CVE-2019-3431

All versions up to V4.01.01.02 of ZTE ZXCLOUD GoldenData VAP product have encryption problems vulnerability. Attackers could sniff unencrypted account and password through the network for front-end system access...

IEEE P1735 Encryption Is Broken—Flaws Allow Intellectual Property Theft

Researchers have uncovered several major weaknesses in the implementation of the Institute of Electrical and Electronics Engineers IEEE P1735 cryptography standard that can be exploited to unlock, modify or steal encrypted system-on-chip blueprints. The IEEE P1735 scheme was designed to encrypt...

KRACK Vulnerability in WiFi WPA2

Akamai is aware of a family of vulnerabilities known as the Key Reinstallation Attack or KRACK. These vulnerabilities abuse implementation flaws found in all modern wireless networks using WPA2. The KRACK attack is effective at the protocol level and therefore affects all systems using current Wi...

Hacker Hijacks a Police Drone from 2 Km Away with $40 Kit

A researcher has demonstrated how easy it is to steal high-end drones, commonly deployed by government agencies and police forces, from 2 kilometres away with the help of less than $40 worth of hardware. The attack was developed by IBM security researcher Nils Rodday, who recently presented his...

Rogue Android Gaming app that steals WhatsApp conversations

Google has recently removed a Rogue Android gaming app called "Balloon Pop 2" from its official Play store that was actually stealing user's private Whatsapp app conversations. Every day numerous friends ask me if it is possible to steal WhatsApp chat messages and how, of course a malware...