CVE-2023-43688

An issue was discovered in Malwarebytes 4.x and 5.x and Nebula 2020-10-21 and later. There is a Heap buffer overflow in various buffer encryption utilities...

Malwarebytes 安全漏洞

Malwarebytes is an application software developed by the American company Malwarebytes, which provides anti-malware capabilities for devices. This software is designed to protect against viruses, spyware, Trojan horses, worms, dialers, and other malicious software. Versions of Malwarebytes 4.x an...

PT-2026-48307

An attacker with write permissions to the database table managed by JdbcAssertingPartyMetadataRepository saml2 asserting party metadata may be able to store malicious serialized payloads in the columns containing the collection of verification or encryption credentials verification credentials an...

CVE-2023-43688

CVE-2023-43688 affects Malwarebytes 4.x and 5.x, and Nebula 2020-10-21 and later. The issue is a heap buffer overflow in various buffer encryption utilities . The CVSS metrics indicate a high base score (7.5) with a network attack vector and no user interaction. Connected documents confirm the af...

PT-2026-48156

An issue was discovered in Malwarebytes 4.x and 5.x and Nebula 2020-10-21 and later. There is a Heap buffer overflow in various buffer encryption utilities...

OpenSSL 安全漏洞

OpenSSL is an open-source encryption library developed by the OpenSSL team that enables the implementation of Secure Sockets Layer SSLv2/v3 and Secure Transport Layer TLSv1 protocols. This product supports various encryption algorithms, including symmetric ciphers, hash algorithms, and secure has...

PT-2026-48289

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description A bug in the query analysis processing of the $vectorSearch aggregation stage for Queryable Encryption QE or Client-Side Field Level Encryption CSFLE causes...

CVE-2023-43688

An issue was discovered in Malwarebytes 4.x and 5.x and Nebula 2020-10-21 and later. There is a Heap buffer overflow in various buffer encryption utilities...

PT-2026-48317

Applications that configure their broker connection via RabbitConnectionFactoryBean.setUri"amqps://..." without also calling setUseSSLtrue get TLS encryption with no certificate validation and no hostname verification. Affected versions: Spring AMQP 4.0.0 through 4.0.3; 3.2.0 through 3.2.10; 3.1....

UBUNTU-CVE-2026-45445

Issue summary: When an application drives an AES-OCB context through the public EVPCipher one-shot interface, the application-supplied initialisation vector IV is silently discarded. Impact summary: Every message encrypted under the same key uses the same effective nonce regardless of the IV...

grepai 加密问题漏洞

grepai is a semantic search-based code understanding tool developed by Yoan Bernabeu. Version 0.35.0 of grepai has an encryption vulnerability. This vulnerability stems from improper handling of the parameter contenthash in the PostgresStore.LookupByContentHash function within the file...

GL.iNet多款产品 加密问题漏洞

GL.iNet MT3000 and other products are developed by GL.iNet Corporation. The GL.iNet MT3000 is a portable router that uses the Wi-Fi 6 protocol. The GL.iNet AX1800 is a wireless router. The GL.iNet A1300 is a Wi-Fi 5 travel router. Several of GL.iNet’s products have encryption vulnerabilities, whi...

Chacha20Poly1305 key-encryption algorithm discards the Poly1305 authentication tag, performing no authentication on decryption

Impact The experimental Chacha20Poly1305 key-encryption algorithm generates the 16-byte Poly1305 authentication tag during encryptKey but discards it: the tag is never written to the header and therefore never reaches the wire. On the receiving side, decryptKey calls...

PBES2-HS*+A*KW unwrap accepts an unbounded p2c iteration count, enabling CPU-amplification denial of service

Impact When a JWE uses a password-based key-encryption algorithm PBES2-HS256+A128KW, PBES2-HS384+A192KW, PBES2-HS512+A256KW, PBES2AESKW::unwrapKey reads the p2c PBKDF2 iteration count parameter directly from the attacker-controlled JOSE header and passes it to hashpbkdf2 with no upper bound. The...

CVE-2020-25900

HelloTalk through 3.4.1 stores full-precision GPS coordinates even when the user had intended to share only a country or city. Furthermore, these coordinates are placed into a database on the client of other users. The client side was changed in 2019 to encrypt that database...

CVE-2025-8873

On affected platforms running Arista EOS with IPsec configured, a specially crafted packet can cause the dataplane to stop processing all IPsec traffic. The control plane may detect this condition, and attempt to reset the IPsec processing pipeline. After reset traffic may not resume being...

EulerOS Virtualization 2.13.1 : openssl (EulerOS-SA-2026-2142)

According to the versions of the openssl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Issue summary: Writing large, newline-free data into a BIO chain using the line-buffering filter where the next BIO performs short...

RHEL 10 : image-builder (RHSA-2026:22937)

The remote Redhat Enterprise Linux 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:22937 advisory. A local binary for building customized OS artifacts such as VM images and OSTree commits. Uses osbuild under the hood. Security Fixes:...

CVE-2025-59852

HCL DFXAnalytics is affected by an Insufficient Transport Layer Protection vulnerability where data is transmitted over the network without encryption, which could allow an attacker to compromise the confidentiality, integrity, and authentication of sensitive information...

CVE-2026-36606

Mercusys AC12G EU V1 router with firmware AC12GEUV1200909 encrypts configuration backups with a hardcoded DES key using single DES in ECB mode. An attacker who obtains a backup file can decrypt it to recover all stored credentials including admin password, WiFi PSK, and DDNS credentials...