PT-2026-33487

Name of the Vulnerable Software and Affected Versions xrdp versions prior to 0.10.6 Description xrdp fails to implement verification for the Message Authentication Code MAC signature of encrypted RDP packets when the Classic RDP Security layer is used. Although signatures are generated by the...

Apache Tomcat 10.1.22 < 10.1.54 multiple vulnerabilities

The version of Tomcat installed on the remote host is prior to 10.1.54. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat10.1.54security-10 advisory. - Insertion of Sensitive Information into Log File vulnerability in the cloud membership for clusteri...

Apache Tomcat 9.0.92 < 9.0.117 multiple vulnerabilities

The version of Tomcat installed on the remote host is prior to 9.0.117. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat9.0.117security-9 advisory. - Insertion of Sensitive Information into Log File vulnerability in the cloud membership for clusterin...

[SECURITY] Fedora 44 Update: plasma-vault-6.6.4-1.fc44

Plasma Vault allows to lock and encrypt sets of documents and hide them from prying eyes even when the user is logged in...

SUSE CVE-2026-40962

FFmpeg before 8.1 has an integer overflow and resultant out-of-bounds write via CENC Common Encryption subsample data to libavformat/mov.c...

Flowise: Weak Default Token Hash Secret

Detection Method: Kolega.dev Deep Code Scan | Attribute | Value | |---|---| | Location | packages/server/src/enterprise/utils/tempTokenUtils.ts:31-34 | | Practical Exploitability | Medium | | Developer Approver | [email protected] | Description The encryption key for token encryption has a weak...

GHSA-M7MQ-85XJ-9X33 Flowise: Weak Default Token Hash Secret

Detection Method: Kolega.dev Deep Code Scan | Attribute | Value | |---|---| | Location | packages/server/src/enterprise/utils/tempTokenUtils.ts:31-34 | | Practical Exploitability | Medium | | Developer Approver | [email protected] | Description The encryption key for token encryption has a weak...

Exploit for Missing Encryption of Sensitive Data in Apache Tomcat

CVE-2026-34486-Tribes Apache Tomcat Tribes cluster communicat...

CVE-2026-41015

radare2 before 9236f44, when configured on UNIX without SSL, allows command injection via a PDB name to rabin2 -PP. NOTE: although users are supposed to use the latest version from git not a release, the date range for the vulnerable code was less than a week, occurring after 6.1.2 but before 6.1...

DEBIAN-CVE-2026-40962

FFmpeg before 8.1 has an integer overflow and resultant out-of-bounds write via CENC Common Encryption subsample data to libavformat/mov.c...

CVE-2026-40962

FFmpeg before 8.1 has an integer overflow and resultant out-of-bounds write via CENC Common Encryption subsample data to libavformat/mov.c...

EUVD-2026-23153

FFmpeg before 8.1 has an integer overflow and resultant out-of-bounds write via CENC Common Encryption subsample data to libavformat/mov.c...

CVE-2026-40962

FFmpeg before 8.1 has an integer overflow and resultant out-of-bounds write via CENC Common Encryption subsample data to libavformat/mov.c...

EUVD-2026-23137

Inadequate Encryption Strength vulnerability in TP-Link Archer C7 v5 and v5.8 uhttpd modules allows Password Recovery Exploitation. The web interface encrypts the admin password client-side using RSA-1024 before sending it to the router during login. An adjacent attacker with the ability to...

CVE-2026-5363

Inadequate Encryption Strength vulnerability in TP-Link Archer C7 v5 and v5.8 uhttpd modules allows Password Recovery Exploitation. The web interface encrypts the admin password client-side using RSA-1024 before sending it to the router during login. An adjacent attacker with the ability to...

TP-Link Archer C7 安全漏洞

The TP-Link Archer C7 is a router produced by the TP-Link company. The TP-Link Archer C7 Build 20220715 and earlier versions have security vulnerabilities. These vulnerabilities stem from insufficient encryption strength, which may allow password recovery attacks to occur...

CVE-2026-5363 Use of weak cryptographic key in TP-Link Archer C7

Inadequate Encryption Strength vulnerability in TP-Link Archer C7 v5 and v5.8 uhttpd modules allows Password Recovery Exploitation. The web interface encrypts the admin password client-side using RSA-1024 before sending it to the router during login. An adjacent attacker with the ability to...

CVE-2026-5363

TP-Link Archer C7 v5/v5.8 (uhttpd) is affected by CVE-2026-5363 due to inadequate encryption strength: the admin password is encrypted client-side with RSA-1024 before login, allowing an adjacent attacker to brute-force or factor the 1024-bit key and recover plaintext credentials, leading to unau...

CVE-2026-5363

Inadequate Encryption Strength vulnerability in TP-Link Archer C7 v5 and v5.8 uhttpd modules allows Password Recovery Exploitation. The web interface encrypts the admin password client-side using RSA-1024 before sending it to the router during login. An adjacent attacker with the ability to...

Anonymizing Network Traffic: A Dive into SOCKS5 and Data Encryption

SOCKS5 protocol explained: anonymize traffic, boost security with encryption, bypass restrictions, and enable reliable data collection for business use...