Lucene search
K

1455 matches found

NVD
NVD
added 2026/05/06 12:16 p.m.6 views

CVE-2026-43134

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix missing key size check for L2CAPLECONNREQ This adds a check for encryption key size upon receiving L2CAPLECONNREQ which is required by L2CAP/LE/CFC/BV-15-C which expects L2CAPCRLEBADKEYSIZE...

8.1CVSS0.00177EPSS
Exploits0References8
CVE
CVE
added 2026/05/06 11:27 a.m.21 views

CVE-2026-43134

The CVE-2026-43134 entry affects the Linux kernel Bluetooth stack. The root cause is a missing encryption key size check in the L2CAP_LE_CONN_REQ handling, which could permit a malformed L2CAP LE connection request and trigger a protocol violation. A patch was added to perform the key-size valida...

8.1CVSS5.8AI score0.00177EPSS
Exploits0References8Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/06 11:27 a.m.7 views

CVE-2026-43134

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix missing key size check for L2CAPLECONNREQ This adds a check for encryption key size upon receiving L2CAPLECONNREQ which is required by L2CAP/LE/CFC/BV-15-C which expects L2CAPCRLEBADKEYSIZE...

5.8AI score0.00177EPSS
Exploits0References9Affected Software1
Cvelist
Cvelist
added 2026/05/06 11:27 a.m.28 views

CVE-2026-43134 Bluetooth: L2CAP: Fix missing key size check for L2CAP_LE_CONN_REQ

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix missing key size check for L2CAPLECONNREQ This adds a check for encryption key size upon receiving L2CAPLECONNREQ which is required by L2CAP/LE/CFC/BV-15-C which expects L2CAPCRLEBADKEYSIZE...

8.1CVSS0.00177EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.10 views

PT-2026-37474

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Bluetooth L2CAP component fails to perform a key size check when receiving L2CAP LE CONN REQ. This missing validation is contrary to the L2CAP/LE/CFC/BV-15-C requirement, which expec...

8.1CVSS5.4AI score0.00177EPSS
Exploits0
NVD
NVD
added 2026/04/24 3:16 p.m.15 views

CVE-2026-31543

In the Linux kernel, the following vulnerability has been resolved: crashdump: don't log dm-crypt key bytes in readkeyfromuserkeying When debug logging is enabled, readkeyfromuserkeying logs the first 8 bytes of the key payload and partially exposes the dm-crypt key. Stop logging any key bytes...

5.5CVSS0.00121EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/04/24 2:33 p.m.3 views

CVE-2026-31543

In the Linux kernel, the following vulnerability has been resolved: crashdump: don't log dm-crypt key bytes in readkeyfromuserkeying When debug logging is enabled, readkeyfromuserkeying logs the first 8 bytes of the key payload and partially exposes the dm-crypt key. Stop logging any key bytes...

5.5CVSS5.2AI score0.00121EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/04/16 12:0 a.m.11 views

PT-2026-51774

Name of the Vulnerable Software and Affected Versions Flowise versions prior to 3.1.0 Description The software uses a weak hardcoded default value 'Secre$t' for the TOKEN HASH SECRET environment variable in the packages/server/src/enterprise/utils/tempTokenUtils.ts file when the variable is not...

5.6CVSS6.2AI score0.00093EPSS
Exploits0References9
Snyk
Snyk
added 2026/04/09 6:31 p.m.7 views

Use of Hard-coded Cryptographic Key

Overview Affected versions of this package are vulnerable to Use of Hard-coded Cryptographic Key in the remember-me cookie encryption key and salt. An attacker can obtain full user credentials by stealing a cookie from a logged-in user if the default encryption key has not been changed. Remediati...

8.7CVSS5.8AI score0.00234EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/09 3:52 p.m.17 views

CVE-2026-33266 Apache OpenMeetings: Hardcoded Remember-Me Cookie Encryption Key and Salt

Use of Hard-coded Cryptographic Key vulnerability in Apache OpenMeetings. The remember-me cookie encryption key is set to default value in openmeetings.properties and not being auto-rotated. In case OM admin hasn't changed the default encryption key, an attacker who has stolen a cookie from a...

0.00234EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/09 3:52 p.m.2 views

CVE-2026-33266 Apache OpenMeetings: Hardcoded Remember-Me Cookie Encryption Key and Salt

Use of Hard-coded Cryptographic Key vulnerability in Apache OpenMeetings. The remember-me cookie encryption key is set to default value in openmeetings.properties and not being auto-rotated. In case OM admin hasn't changed the default encryption key, an attacker who has stolen a cookie from a...

5.8AI score0.00234EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/08 12:0 a.m.13 views

Intel Core Processors 安全漏洞

Intel Core Processors are central processing units CPUs from Intel Corporation in the Intel Core series. Intel Core Processors have a security vulnerability that arises from using the default encryption key, which may lead to an increase in privileges...

6.6CVSS5.8AI score0.00111EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/07 12:0 a.m.8 views

OpenSSL 安全漏洞

OpenSSL is an open-source encryption library developed by the OpenSSL team, capable of implementing Secure Sockets Layer SSLv2/v3 and Secure Transport Layer TLSv1 protocols. This product supports various encryption algorithms, including symmetric ciphers, hash algorithms, and secure hash...

7.5CVSS7.3AI score0.00981EPSS
Exploits0References8
EUVD
EUVD
added 2026/04/06 4:12 p.m.5 views

EUVD-2026-19360

Dgraph is an open source distributed GraphQL database. Prior to 25.3.1, the restoreTenant admin mutation is missing from the authorization middleware config admin.go, making it completely unauthenticated. Unlike the similar restore mutation which requires Guardian-of-Galaxy authentication,...

10CVSS5.9AI score0.00452EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/04/03 12:0 a.m.9 views

Dialogue App 安全漏洞

Dialogue App is an artificial intelligence dialogue application developed by Dialogue Company. Versions of Dialogue App 4.3.2 and earlier contained security vulnerabilities, which were caused by the use of a hardcoded encryption key for the parameter SEGMENTWRITEKEY...

4.8CVSS5.8AI score0.00106EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/04/02 12:0 a.m.5 views

PT-2026-29916

The restoreTenant admin mutation is missing from the authorization middleware config admin.go:499-522, making it completely unauthenticated. Unlike the similar restore mutation which requires Guardian-of-Galaxy authentication, restoreTenant executes with zero middleware. This mutation accepts...

10CVSS6AI score
Exploits0References5
CNNVD
CNNVD
added 2026/04/02 12:0 a.m.10 views

HCL BigFix Platform 安全漏洞

The HCL BigFix Platform is a developed by the Indian company HCL. This platform supports automatic discovery, management, and remediation of endpoint security issues. There are security vulnerabilities in the HCL BigFix Platform, which stem from insecure private encryption key permissions. This m...

8.8CVSS5.8AI score0.00101EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/01 5:4 p.m.4 views

CVE-2026-34236

Auth0-PHP is a PHP SDK for Auth0 Authentication and Management APIs. From version 8.0.0 to before version 8.19.0, in applications built with the Auth0 PHP SDK, cookies are encrypted with insufficient entropy, which may result in threat actors brute-forcing the encryption key and forging session...

8.2CVSS5.8AI score0.00221EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/03/29 3:30 p.m.2 views

GHSA-VJQW-W5JR-G9W5 Duplicate Advisory: OpenClaw: Feishu webhook mode accepted forged events when only `verificationToken` was configured

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-g353-mgv3-8pcj. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.12 contains an authentication bypass vulnerability in Feishu webhook mode when only...

8.8CVSS6AI score0.00247EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/03/28 12:27 a.m.6 views

SUSE CVE-2026-32606

IncusOS is an immutable OS image dedicated to running Incus. Prior to 202603142010, the default configuration of systemd-cryptenroll as used by IncusOS through mkosi allows for an attacker with physical access to the machine to access the encrypted data without requiring any interaction by the...

7.6CVSS5.9AI score0.0014EPSS
Exploits0References3
Rows per page
Query Builder