Lucene search
K

68 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2023-46423

Malicious code in bioql PyPI...

6.5CVSS6.8AI score0.00244EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2025/07/28 4:12 a.m.10 views

Critical Flaws in Niagara Framework Threaten Smart Buildings and Industrial Systems Worldwide

Cybersecurity researchers have discovered over a dozen security vulnerabilities impacting Tridium's Niagara Framework that could allow an attacker on the same network to compromise the system under certain circumstances. "These vulnerabilities are fully exploitable if a Niagara system is...

9.8CVSS8.2AI score0.07416EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/20 6:54 p.m.3 views

Security Bulletin: Update JRE for Older Versions of IBM SPSS Statistics

Summary Vulnerabilities related to encryption were found in older versions of the Java Runtime Environment JRE. This Interim Fix addresses those problems. The IF applies to all applicable Java SE CVEs published by Oracle as part of their April 2025 Critical Patch Update plus CVE-2025-4447...

7.8CVSS6.5AI score0.0073EPSS
Exploits0Affected Software1
OSV
OSV
added 2025/06/18 5:51 p.m.3 views

GHSA-8G98-M4J9-QWW5 Taylored webhook validation vulnerabilities

Critical Security Advisory for Taylored npm package v7.0.7 - tag 7.0.5 Summary A series of moderate to high-severity security vulnerabilities have been identified specifically in version 7.0.7 of \taylored. These vulnerabilities reside in the "Backend-in-a-Box" template distributed with this...

7.5AI score
Exploits0References3
NVD
NVD
added 2025/06/02 12:15 p.m.54 views

CVE-2025-48495

Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. By renaming the friendly name of an API key, an authenticated user could inject JS into the API key overview, which would also be executed when another user clicks on his API tab. Prior to version 2.0.0,...

5.4CVSS0.00117EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/22 6:35 p.m.8 views

CVE-2021-33686

Under certain conditions, SAP Business One version - 10.0, allows an unauthorized attacker to get access to some encrypted sensitive information, but does not have control over kind or degree...

5.3CVSS6.8AI score0.00798EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/05/01 12:0 a.m.14 views

CVE-2025-32884

An issue was discovered on goTenna Mesh devices with app 5.5.3 and firmware 1.1.12. By default, a GID is the user's phone number unless they specifically opt out. A phone number is very sensitive information because it can be tied back to individuals. The app does not encrypt the GID in messages...

4.3CVSS0.00137EPSS
Exploits0References2
CVE
CVE
added 2025/05/01 12:0 a.m.65 views

CVE-2025-46634

The CVE-2025-46634 issue affects the Tenda RX2 Pro web management portal (firmware 16.03.30.14). The underlying problem is that the portal transmits the user’s password hash in cleartext before encryption is established, allowing an unauthenticated attacker to observe credentials and replay the h...

8.2CVSS6.5AI score0.00145EPSS
Exploits1References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/04/18 12:0 a.m.5 views

CBL Mariner 2.0 Security Update: qemu (CVE-2023-3180)

The version of qemu installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-3180 advisory. - A flaw was found in the QEMU virtual crypto device while handling data encryption/decryption requests in...

6.5CVSS6.8AI score0.00234EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/03/04 12:0 a.m.16 views

Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 : wpa_supplicant and hostapd vulnerabilities (USN-7317-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7317-1 advisory. George Chatzisofroniou and Panayiotis Kotzanikolaou discovered that wpasupplicant and hostapd reused encryption elements ...

9.8CVSS8AI score0.02944EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/02/06 12:0 a.m.5 views

CVE-2024-36558

Forever KidsWatch Call Me KW-50 R36YDRA3PWGM7SV1.02019071516.19.24cobh suffers from Cleartext Transmission of Sensitive Information due to lack of encryption in device-server communication...

6.9AI score0.00149EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/12/12 1:49 p.m.21 views

CVE-2024-28146 Hardcoded credentials

The application uses several hard-coded credentials to encrypt config files during backup, to decrypt the new firmware during an update and some passwords allow a direct connection to the database server of the affected device...

7AI score0.00267EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/08/08 12:0 a.m.4 views

Qualcomm Chip Licensing Issues Vulnerabilities

A Qualcomm chip is a chip from Qualcomm Incorporated USA. A way to miniaturize circuits mainly semiconductor devices, but also passive components, etc. and are often manufactured on the surface of semiconductor wafers. The Qualcomm chip suffers from a security vulnerability that stems from improp...

7.1CVSS7.1AI score0.00104EPSS
Exploits0References2
CNVD
CNVD
added 2023/05/18 12:0 a.m.7 views

Dell CloudLink Encryption Issues Vulnerabilities

Dell CloudLink is a data encryption and key management system from Dell USA. An encryption issue vulnerability exists in Dell CloudLink version 7.1.2 and prior versions. The vulnerability stems from the system's use of insecure encryption, which could be exploited by an attacker to cause certain...

7.5CVSS6.4AI score0.00424EPSS
Exploits0References1
OSV
OSV
added 2022/07/06 12:15 p.m.5 views

SUSE-SU-2022:2308-1 Security update for openssl-1_1

This update for openssl-11 fixes the following issues: - CVE-2022-1292: Fixed command injection in crehash bsc1199166. - CVE-2022-2068: Fixed more shell code injection issues in crehash. bsc1200550 - CVE-2022-2097: Fixed partial missing encryption in AES OCB mode bsc1201099...

10CVSS8AI score0.95764EPSS
Exploits6References8
OSV
OSV
added 2022/01/31 2:11 p.m.7 views

SUSE-SU-2022:0241-1 Security update for the Linux Kernel (Live Patch 14 for SLE 15 SP2)

This update for the Linux Kernel 5.3.18-2467 fixes several issues. The following security issues were fixed: - CVE-2022-0185: Incorrect param length parsing in legacyparseparam which could have led to a local privilege escalation bsc1194517. - CVE-2021-4154: Fixed option parsing with cgroups...

8.8CVSS8AI score0.25151EPSS
Exploits13References9
CNNVD
CNNVD
added 2021/11/19 12:0 a.m.5 views

EdgeX Foundry 加密问题漏洞

EdgeX Foundry is an open source project to build a common open framework for IoT edge computing. A cryptographic issue vulnerability exists in EdgeX's Functions SDK that allows an attacker to decrypt messages via unspecified vectors...

5.7CVSS5.7AI score0.00313EPSS
Exploits0References3
OSV
OSV
added 2021/10/12 11:23 a.m.6 views

SUSE-SU-2021:3352-1 Security update for apache2-mod_auth_openidc

This update for apache2-modauthopenidc fixes the following issues: - CVE-2021-32785: format string bug via hiredis bsc1188638 - CVE-2021-32786: open redirect in logout functionality bsc1188639 - CVE-2021-32791: Hardcoded static IV and AAD with a reused key in AES GCM encryption bsc1188849 -...

7.5CVSS5.9AI score0.02731EPSS
Exploits2References11
CNVD
CNVD
added 2021/06/16 12:0 a.m.11 views

IBM Resilient Information Disclosure Vulnerability (CNVD-2021-43361)

IBM Resilient is a suite of incident response platforms from IBM in the United States. The platform supports functions such as incident response process orchestration and incident management. A security vulnerability exists in IBM Resilient OnPrem, which can be exploited by an attacker to obtain...

4.4CVSS6.2AI score0.00114EPSS
Exploits0References1
OSV
OSV
added 2021/06/09 11:55 a.m.11 views

SUSE-SU-2021:1913-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-33200: Enforcing incorrect limits for pointer arithmetic operations by the BPF verifier could be abused to perform out-of-bounds reads and writes in...

8.8CVSS8.3AI score0.07604EPSS
Exploits6References77
Rows per page
Query Builder