25816 matches found
CVE-2026-20157
As part of Cisco's ongoing commitment to proactive security and product quality, the Cisco RoomOS engineering team has conducted a comprehensive internal security review. This review resulted in a software hardening release that addresses multiple internally discovered vulnerabilities. The...
EUVD-2026-44718
As part of Cisco's ongoing commitment to proactive security and product quality, the Cisco RoomOS engineering team has conducted a comprehensive internal security review. This review resulted in a software hardening release that addresses multiple internally discovered vulnerabilities. The...
CVE-2026-20157
Technical details are not publicly available in provided documents. The CVE entry mentions missing encryption under CWE-311 and a Cisco RoomOS hardening release, but specific affected products, versions, root cause, impact, or fixes are not disclosed here. Monitor for updates.
CVE-2026-20157 Cisco RoomOS Security Hardening Release - Missing Encryption Vulnerabilities
As part of Cisco's ongoing commitment to proactive security and product quality, the Cisco RoomOS engineering team has conducted a comprehensive internal security review. This review resulted in a software hardening release that addresses multiple internally discovered vulnerabilities. The...
WAVLINK WN530HG4 - Improper Access Control
WAVLINK WN530HG4 M30HG4.V5030.191116 is susceptible to improper access control. It contains a hardcoded encryption/decryption key for its configuration files at /etcro/lighttpd/www/cgi-bin/ExportAllSettings.sh. An attacker can possibly obtain sensitive information, modify data, and/or execute...
DotNetNuke 9.2 - 9.2.2 - Weak Encryption & Cookie Deserialization
DNN DotNetNuke versions 9.2 through 9.2.2 use a weak encryption algorithm to protect input parameters because of an incomplete fix for CVE-2018-15811. This cryptographic weakness enables attackers to craft malicious DNNPersonalization cookies that can be deserialized, leading to remote code...
LibreOffice: LibreOffice: Denial of Service via crafted OOXML documents
A flaw was found in LibreOffice. A remote attacker could exploit this out-of-bounds write vulnerability by tricking a user into opening a specially crafted OOXML Office Open XML document with mismatched encryption salt parameters. This could lead to a denial of service DoS, making the application...
DotNetNuke 9.2 - 9.2.1 - Weak Encryption & Cookie Deserialization
DNN DotNetNuke versions 9.2 through 9.2.1 use a weak encryption algorithm to protect input parameters. This cryptographic weakness enables attackers to craft malicious DNNPersonalization cookies that can be deserialized, leading to remote code execution. id: CVE-2018-15811 info: name: DotNetNuke...
CrashStealer macOS Malware Uses Notarized Dropper to Pass Gatekeeper Checks
Cybersecurity researchers have flagged a new macOS information stealer called CrashStealer that's capable of harvesting sensitive data from compromised systems. Unlike other information stealers that are built on AppleScript droppers or Objective-C-based wrappers, CrashStealer is implemented in...
openssl: OpenSSL: Denial of Service due to NULL pointer dereference in CMS EnvelopedData processing
A flaw was found in OpenSSL. A remote attacker could exploit this vulnerability by sending a specially crafted Cryptographic Message Syntax CMS EnvelopedData message. During the processing of a KeyTransportRecipientInfo with RSA-OAEP encryption, the system attempts to access an optional parameter...
CVE-2026-22093
The EVbee Service Android app uses TLS encrypted communication HTTPS, but does not validate the certificate provided by the server. This allows an attacker on the network path between the app and EVbee server to intercept and manipulate the communication between the app and server. The traffic is...
CVE-2026-22093
CVE-2026-22093 affects EVbee Service app (v1.4.101.00). The issue arises because the Android app performs TLS/HTTPS communication but does not validate the server certificate, enabling a man‑in‑the‑middle attacker on the network path to intercept and manipulate traffic. Additionally, the app is d...
CVE-2026-22093 Adversary-in-the-Middle (AitM) attack vulnerability in EVbee Service app
The EVbee Service Android app uses TLS encrypted communication HTTPS, but does not validate the certificate provided by the server. This allows an attacker on the network path between the app and EVbee server to intercept and manipulate the communication between the app and server. The traffic is...
LibreOffice: LibreOffice: Denial of Service via crafted OOXML documents
A flaw was found in LibreOffice. A remote attacker could exploit this out-of-bounds write vulnerability by tricking a user into opening a specially crafted OOXML Office Open XML document with mismatched encryption salt parameters. This could lead to a denial of service DoS, making the application...
LibreOffice: LibreOffice: Denial of Service via crafted OOXML documents
A flaw was found in LibreOffice. A remote attacker could exploit this out-of-bounds write vulnerability by tricking a user into opening a specially crafted OOXML Office Open XML document with mismatched encryption salt parameters. This could lead to a denial of service DoS, making the application...
openssl: OpenSSL: Denial of Service due to NULL pointer dereference in CMS EnvelopedData processing
A flaw was found in OpenSSL. A remote attacker could exploit this vulnerability by sending a specially crafted Cryptographic Message Syntax CMS EnvelopedData message. During the processing of a KeyTransportRecipientInfo with RSA-OAEP encryption, the system attempts to access an optional parameter...
Miniorange Social Login and Register <= 7.6.3 - Authentication Bypass
The WordPress Social Login and Register Discord, Google, Twitter, LinkedIn plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 7.6.4. This is due to insufficient encryption on the user being supplied during a login validated through the plugin. This makes...
Apache Tomcat: Apache Tomcat: Missing Encryption of Sensitive Data due to EncryptInterceptor bypass
A flaw was found in Apache Tomcat. This vulnerability, categorized as Missing Encryption of Sensitive Data, arises from a bypass in the EncryptInterceptor, a component designed to ensure data encryption. This bypass, introduced as a fix for CVE-2026-29146, allows sensitive data to remain...
Important: Red Hat Security Advisory: tomcat security, bug fix, and enhancement update
An update for tomcat is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...
Malicious code in solidity-dev (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 30501f6602a5b5b436ef5d6224ec332fa866c9e8b9da4d0de3bc69de868b1fff soliditydev/init.py contains a large base64-encoded Linux x8664 ELF binary in PAYLOADB64. On import soliditydev, the module decodes the blob, writes ...