CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Snyk•added 2026/04/20 10:0 p.m.•0 views

Improper Verification of Cryptographic Signature

Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature in the managed authenticated encryptor while computing HMAC validation tag. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Note: Shared framework...

9.1CVSS5.9AI score0.00023EPSS

Snyk•added 2025/08/21 6:31 p.m.•1 views

Timing Attack

Overview com.liferay.portal:com.liferay.portal.impl is a package part of Liferay. Affected versions of this package are vulnerable to Timing Attack via the password encryptor during the login process. An attacker can determine the existence of user accounts by analyzing differences in server...

6.9CVSS7.2AI score0.00078EPSS

Snyk•added 2025/08/21 6:31 p.m.•0 views

Timing Attack

Overview Affected versions of this package are vulnerable to Timing Attack via the password encryptor during the login process. An attacker can determine the existence of user accounts by analyzing differences in server response times to crafted authentication requests. Remediation Upgrade...

6.9CVSS7.2AI score0.00078EPSS

Snyk•added 2025/08/21 6:31 p.m.•1 views

Timing Attack

6.9CVSS7.2AI score0.00078EPSS

OSV•added 2025/04/24 3:22 p.m.•3 views

MAL-2025-3297 Malicious code in keypair-encryptor (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7c02f1145632762977fc8763c9f6ee3f5c9272b45196357654217a1bc1ce13bd Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score

OSSF Malicious Packages•added 2025/04/24 3:22 p.m.•2 views

Malicious code in keypair-encryptor (npm)

6.9AI score

Talos Blog•added 2024/11/07 11:0 a.m.•15 views

Unwrapping the emerging Interlock ransomware attack

Cisco Talos Incident Response Talos IR recently observed an attacker conducting big-game hunting and double extortion attacks using the relatively new Interlock ransomware. Our analysis uncovered that the attacker used multiple components in the delivery chain including a Remote Access Tool RAT...

7.8AI score

The Hacker News•added 2024/08/28 10:21 a.m.•40 views

BlackByte Ransomware Exploits VMware ESXi Flaw in Latest Attack Wave

The threat actors behind the BlackByte ransomware group have been observed likely exploiting a recently patched security flaw impacting VMware ESXi hypervisors, while also leveraging various vulnerable drivers to disarm security protections. "The BlackByte ransomware group continues to leverage...

7.2CVSS7.6AI score0.7912EPSS

CVE•added 2024/06/20 12:39 p.m.•42 views

CVE-2023-49113

The CVE-2023-49113 issue concerns Kiuwan SAST and Kiuwan Local Analyzer (KLA). The vulnerability is a data leakage risk caused by hard-coded secrets found in JARs: InsightServicesConfig.properties contains insight.github.user and insight.github.password, and Encryptor.properties includes the encr...

7.8CVSS7.7AI score0.00031EPSS

Exploits1References3

Positive Technologies•added 2024/06/20 12:0 a.m.•1 views

PT-2024-13679 · Github · Github

Name of the Vulnerable Software and Affected Versions: Kiuwan SAST: versions prior to the fixed version Kiuwan Local Analyzer KLA affected versions not specified Description: The Kiuwan Local Analyzer KLA Java scanning application contains several hard-coded secrets in plain text format,...

7.8CVSS7AI score0.00031EPSS

Exploits1References4

Positive Technologies•added 2024/05/17 12:0 a.m.•1 views

PT-2024-40444 · Nzo · Nzo/Url-Encryptor-Bundle

Name of the Vulnerable Software and Affected Versions: nzo/url-encryptor-bundle versions prior to 5.0.1 nzo/url-encryptor-bundle versions prior to 4.3.2 Description: The issue is related to the lack of mandatory key and IV requirements in the affected versions. By default, the bundle uses the...

7.1AI score

Exploits0References5

Trend Micro Simply Security•added 2023/08/14 12:0 a.m.•6 views

Monti Ransomware Unleashes a New Encryptor for Linux

The Monti ransomware collective has restarted their operations, focusing on institutions in the legal and governmental fields. Simultaneously, a new variant of Monti, based on the Linux platform, has surfaced, demonstrating notable differences from its previous Linux-based versions...

6.9AI score

Kitploit•added 2023/04/05 12:30 a.m.•38 views

Shoggoth - Asmjit Based Polymorphic Encryptor

Shoggoth is an open-source project based on C++ and asmjit library used to encrypt given shellcode, PE, and COFF files polymorphically. Shoggoth will generate an output file that stores the payload and its corresponding loader in an obfuscated form. Since the content of the output is...

7.7AI score

Exploits0References10

Malwarebytes•added 2023/02/08 4:30 p.m.•48 views

Ransomware review: February 2023

This article is based on research by Marcelo Rivero, Malwarebytes' ransomware specialist, who builds a monthly picture of ransomware activity by monitoring the information published by ransomware gangs on their Dark Web leak sites. This information represents victims who were successfully attacke...

7.2AI score

OSSF Malicious Packages•added 2022/06/20 8:19 p.m.•2 views

Malicious code in mrg-api-encryptor (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware cacc8b4e8b48f1916b0c225f97eea1e6bec4d8b19cf30936fd4b041ab16704ff Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score

OSV•added 2022/06/20 8:19 p.m.•4 views

MAL-2022-4706 Malicious code in mrg-api-encryptor (npm)

7AI score

Kitploit•added 2022/01/09 8:30 p.m.•47 views

Shellcode-Encryptor - A Simple Shell Code Encryptor/Decryptor/Executor To Bypass Anti Virus

A simple shell code encryptor/decryptor/executor to bypass anti virus. Note: I have completely redone the work flow for creating the bypass, I have found injecting the binary into memory using PowerShell as the most effective method. Purpose To generate a .Net binary containing base64 encoded, AE...

7.6AI score

Exploits0References3

Kitploit•added 2022/01/07 12:30 p.m.•18 views

Mortar - Evasion Technique To Defeat And Divert Detection And Prevention Of Security Products (AV/EDR/XDR)

red teaming evasion technique to defeat and divert detection and prevention of security products.Mortar Loader performs encryption and decryption of selected binary inside the memory streams and execute it directly with out writing any malicious indicator into the hard-drive. Mortar is able to...

7.6AI score