CVE-2026-5363 Use of weak cryptographic key in TP-Link Archer C7

Inadequate Encryption Strength vulnerability in TP-Link Archer C7 v5 and v5.8 uhttpd modules allows Password Recovery Exploitation. The web interface encrypts the admin password client-side using RSA-1024 before sending it to the router during login. An adjacent attacker with the ability to...

CVE-2026-5363

Inadequate Encryption Strength vulnerability in TP-Link Archer C7 v5 and v5.8 uhttpd modules allows Password Recovery Exploitation. The web interface encrypts the admin password client-side using RSA-1024 before sending it to the router during login. An adjacent attacker with the ability to...

Anonymizing Network Traffic: A Dive into SOCKS5 and Data Encryption

SOCKS5 protocol explained: anonymize traffic, boost security with encryption, bypass restrictions, and enable reliable data collection for business use...

Securing Remote Server Access: Why VPNs Matter for Administrators

VPNs help secure remote server access by encrypting traffic, restricting entry to authorized users, and reducing exposure of critical systems to the internet...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the AEADEncDataPacket parser in AEADEncDataPacket.java. An attacker can crash packet parsing by supplying an AEAD-encrypted OpenPGP packet with an out-of-range chunk size valu...

CVE-2026-3505 Unbounded PGP AEAD chunk size leads to pre-auth resource exhaustion.

Allocation of resources without limits or throttling, Uncontrolled Resource Consumption vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcpg on all pg modules. This vulnerability is associated with program files AEADEncDataPacket.Java, BcAEADUtil.Java, JceAEADUtil.Java,...

Exploit for Missing Encryption of Sensitive Data in Apache Tomcat

CVE-2026-34486 Apache Tomcat EncryptInterceptor Bypass Vulnera...

Exploit for Missing Encryption of Sensitive Data in Apache Tomcat

No d...

PT-2026-33186

Name of the Vulnerable Software and Affected Versions TP-Link Archer C7 versions v5 and v5.8 through Build 20220715 Description Inadequate encryption strength in the uhttpd modules allows for password recovery exploitation. The web interface encrypts the admin password client-side using RSA-1024...

Bouncy Castle Java 安全漏洞

Bouncy Castle Java is an open-source encryption algorithm developed by Legion of the Bouncy Castle Inc. Versions of Bouncy Castle Java from 1.49 to 1.84 contained security vulnerabilities. These vulnerabilities were due to the use of defective encryption algorithms, which could allow empty...

Grafana Loki 安全漏洞

Grafana Loki is an open-source log aggregation system developed by Grafana. There is a security vulnerability in Grafana Loki, which stems from insufficient validation of path traversal sequences. This vulnerability could allow attackers to read Ruler API endpoint files through double-encryption...

PT-2026-33030

Name of the Vulnerable Software and Affected Versions BC-JAVA versions prior to 1.84 Description An issue in the bcpg modules allows for unbounded PGP AEAD chunk size, which can lead to pre-authentication resource exhaustion. Resource exhaustion occurs when a system lacks limits or throttling on...

EUVD-2025-209440

The OECH1 prefix encoding is intended to obfuscate values across the OpenEdge platform. It has been identified as cryptographically weak and unsuitable for stored encodings and enterprise applications. OECH1 encodings should be considered exploitable and immediately replaced by any other...

CVE-2025-8095

The OECH1 prefix encoding is intended to obfuscate values across the OpenEdge platform. It has been identified as cryptographically weak and unsuitable for stored encodings and enterprise applications. OECH1 encodings should be considered exploitable and immediately replaced by any other...

CVE-2025-8095 Recoverable obfuscation using the OECH1 prefix encoding in OpenEdge

The OECH1 prefix encoding is intended to obfuscate values across the OpenEdge platform. It has been identified as cryptographically weak and unsuitable for stored encodings and enterprise applications. OECH1 encodings should be considered exploitable and immediately replaced by any other...

CVE-2025-8095 Recoverable obfuscation using the OECH1 prefix encoding in OpenEdge

The OECH1 prefix encoding is intended to obfuscate values across the OpenEdge platform. It has been identified as cryptographically weak and unsuitable for stored encodings and enterprise applications. OECH1 encodings should be considered exploitable and immediately replaced by any other...

CVE-2025-8095

CVE-2025-8095 describes a vulnerability in the OECH1 prefix encoding used by the OpenEdge platform. The encoding is cryptographically weak and unsuitable for stored encodings or enterprise applications; OECH1 should be considered exploitable and immediately replaced with a supported prefix encodi...

CVE-2025-8095

The OECH1 prefix encoding is intended to obfuscate values across the OpenEdge platform. It has been identified as cryptographically weak and unsuitable for stored encodings and enterprise applications. OECH1 encodings should be considered exploitable and immediately replaced by any other...

JLSEC-2026-108 Deno's AES GCM authentication tags are not verified

Summary This affects AES-256-GCM and AES-128-GCM in Deno, introduced by commit 0d1beed. Specifically, the authentication tag is not being validated. This means tampered ciphertexts or incorrect keys might not be detected, which breaks the guarantees expected from AES-GCM. Older versions of Deno...

Progress OpenEdge 安全漏洞

Progress OpenEdge is an enterprise-level application development and database management platform provided by the American company Progress. There is a security vulnerability in Progress OpenEdge, which stems from the weak encryption strength of the OECH1 prefix encoding. This vulnerability may...