Lucene search
K

25566 matches found

CNNVD
CNNVD
added 2026/02/19 12:0 a.m.7 views

go-ethereum 安全漏洞

go-ethereum is an open-source Ethereum protocol library developed by ethereum. Versions of go-ethereum prior to 1.16.9 contained security vulnerabilities. These vulnerabilities stemmed from defects in the ECIES encryption implementation, allowing attackers to extract bits from the keys of p2p nod...

7.5CVSS5.8AI score0.00447EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/02/19 12:0 a.m.11 views

PT-2026-20966

Name of the Vulnerable Software and Affected Versions Cilium versions 1.18.0 through 1.18.5 Description Cilium, a networking, observability, and security solution utilizing an eBPF-based dataplane, is affected by an issue where traffic from Pods on other nodes may be incorrectly permitted. This...

9.9CVSS5.4AI score0.27661EPSS
Exploits45References124
Amazon
Amazon
added 2026/02/19 12:0 a.m.7 views

Medium: runfinch-finch

Issue Overview: net/http: memory exhaustion in Request.ParseForm CVE-2025-61726 archive/zip: denial of service when parsing arbitrary ZIP archives CVE-2025-61728 crypto/tls: handshake messages may be processed at the incorrect encryption level CVE-2025-61730 crypto/tls: Config.Clone copies...

10CVSS5.8AI score0.01945EPSS
Exploits3
Github Security Blog
Github Security Blog
added 2026/02/18 10:33 p.m.5 views

uTLS has a fingerprint vulnerability from GREASE ECH mismatch for Chrome parrots

There is a fingerprint mismatch with Chrome when using GREASE ECH, having to do with ciphersuite selection. When Chrome selects the preferred ciphersuite in the outer ClientHello and the ciphersuite for ECH, it does so consistently based on hardware support. That means, for example, if it prefers...

5.3CVSS5.5AI score0.00154EPSS
Exploits0References6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/18 10:9 p.m.9 views

Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM Cloud Pak for Applications, is affected by a vulnerability that could provide weaker than expected security (CVE-2025-13333)

Summary IBM WebSphere Application Server, which is bundled with IBM Cloud Pak for Applications, is affected by a vulnerability that could provide weaker than expected security when enabling AES-256 password encryption. Vulnerability Details Refer to the security bulletins listed in the...

4.9CVSS5.5AI score0.0031EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/18 10:7 p.m.10 views

Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM Enterprise Application Runtimes, is affected by a vulnerability that could provide weaker than expected security (CVE-2025-13333)

Summary IBM WebSphere Application Server, which is bundled with IBM Enterprise Application Runtimes, is affected by a vulnerability that could provide weaker than expected security when enabling AES-256 password encryption. Vulnerability Details Refer to the security bulletins listed in the...

4.9CVSS5.6AI score0.0031EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/18 10:5 p.m.8 views

Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM WebSphere Hybrid Edition, is affected by a vulnerability that could provide weaker than expected security (CVE-2025-13333)

Summary IBM WebSphere Application Server, which is bundled with IBM WebSphere Hybrid Edition, is affected by a vulnerability that could provide weaker than expected security when enabling AES-256 password encryption. Vulnerability Details Refer to the security bulletins listed in the...

4.9CVSS5.5AI score0.0031EPSS
Exploits0Affected Software1
Amazon
Amazon
added 2026/02/18 12:0 a.m.9 views

Medium: runc

Issue Overview: net/http: memory exhaustion in Request.ParseForm CVE-2025-61726 archive/zip: denial of service when parsing arbitrary ZIP archives CVE-2025-61728 crypto/tls: handshake messages may be processed at the incorrect encryption level CVE-2025-61730 crypto/tls: Config.Clone copies...

10CVSS8.3AI score0.01945EPSS
Exploits2
OSV
OSV
added 2026/02/17 6:9 p.m.6 views

GO-2026-4478 Mattermost Server SAML implementation does not require encryption or signature verification as default in github.com/mattermost/mattermost-server

Mattermost Server SAML implementation does not require encryption or signature verification as default in github.com/mattermost/mattermost-server. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this ...

7.5CVSS5.6AI score0.00656EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/02/17 4:32 p.m.3 views

CVE-2026-2618 Beetel 777VR1 SSH Service risky encryption

A vulnerability was determined in Beetel 777VR1 up to 01.00.09. This impacts an unknown function of the component SSH Service. This manipulation causes risky cryptographic algorithm. The attack is possible to be carried out remotely. The attack is considered to have high complexity. The...

6.3CVSS4.9AI score0.0034EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2026/02/17 9:15 a.m.4 views

openssl: Out-of-bounds read & write in RFC 3211 KEK Unwrap

A flaw was found in the OpenSSL CMS implementation RFC 3211 KEK Unwrap. This vulnerability allows memory corruption, an application level denial of service, or potential execution of attacker-supplied code via crafted CMS messages using password-based encryption PWRI...

7.5CVSS6AI score0.01744EPSS
Exploits0References4
The Hacker News
The Hacker News
added 2026/02/17 6:44 a.m.7 views

Apple Tests End-to-End Encrypted RCS Messaging in iOS 26.4 Developer Beta

Apple on Monday released a new developer beta of iOS and iPadOS with support for end-to-end encryption E2EE in Rich Communications Services RCS messages. The feature is currently available for testing in iOS and iPadOS 26.4 Beta, and is expected to be shipped to customers in a future update for...

5.9AI score
Exploits0
Fedora
Fedora
added 2026/02/17 1:16 a.m.8 views

[SECURITY] Fedora 42 Update: gnupg2-2.4.9-2.fc42

GnuPG is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440 and the S/MIME standard as described...

8.4CVSS5.5AI score0.00421EPSS
Exploits1
CNNVD
CNNVD
added 2026/02/17 12:0 a.m.6 views

IBM Security QRadar EDR 加密问题漏洞

IBM Security QRadar EDR is a terminal detection and response software developed by the American multinational company IBM. There are vulnerabilities related to encryption in versions 3.12 to 3.12.23 of IBM Security QRadar EDR. These vulnerabilities stem from the use of encryption algorithms that...

7.5CVSS5.8AI score0.00143EPSS
Exploits0References1
Packet Storm News
Packet Storm News
added 2026/02/17 12:0 a.m.22 views

Zero Knowledge (About) Encryption: A Comparative Security Analysis of Three Cloud-based Password Managers

Zero Knowledge Encryption is a term widely used by vendors of cloud-based password managers. Although it has no strict technical meaning, the term conveys the idea that the server, who stores encrypted password vaults on behalf of users, is unable to learn anything about the contents of those...

5.5AI score
Exploits0
CNNVD
CNNVD
added 2026/02/17 12:0 a.m.5 views

Beetel 777VR1 加密问题漏洞

Beetel 777VR1 is a router produced by the Beetel company. Versions of Beetel 777VR1 starting from 01.00.09 and earlier have a security vulnerability related to encryption algorithms used by the SSH Service component...

7.4CVSS5.8AI score0.0034EPSS
Exploits1References5
Packet Storm News
Packet Storm News
added 2026/02/17 12:0 a.m.2 views

DARTH-PUM: A Hybrid Processing-Using-Memory Architecture

Analog processing-using-memory PUM; a.k.a. in-memory computing makes use of electrical interactions inside memory arrays to perform bulk matrix-vector multiplication MVM operations. However, many popular matrix-based kernels need to execute non-MVM operations, which analog PUM cannot directly...

5.8AI score
Exploits0
FreeBSD
FreeBSD
added 2026/02/17 12:0 a.m.6 views

go-ethereum -- vulnerabilities

https://github.com/ethereum/go-ethereum/security/advisories reports: DoS via malicious p2p message CVE-2026-26313 DoS via malicious p2p message CVE-2026-26314 Improper ECIES Public Key Validation in RLPx Handshake CVE-2026-26315...

8.7CVSS5.8AI score0.0058EPSS
Exploits0References3
The Hacker News
The Hacker News
added 2026/02/16 6:6 p.m.10 views

Study Uncovers 25 Password Recovery Attacks in Major Cloud Password Managers

A new study has found that multiple cloud-based password managers, including Bitwarden, Dashlane, and LastPass, are susceptible to password recovery attacks under certain conditions. "The attacks range in severity from integrity violations to the complete compromise of all vaults in an...

6.2AI score
Exploits0
Vulnrichment
Vulnrichment
added 2026/02/15 10:58 a.m.3 views

CVE-2026-2539 Micca KE700 Cleartext transmission of key fob ID

The RF communication protocol in the Micca KE700 car alarm system does not encrypt its data frames. An attacker with a radio interception tool e.g., SDR can capture the random number and counters transmitted in cleartext, which is sensitive information required for authentication...

7.1CVSS5.5AI score0.00128EPSS
Exploits0References1
Rows per page
Query Builder