SUSE CVE-2026-45673

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, Netty's DNS resolver uses a predictable PRNG for generating DNS transaction IDs and defaults to a static UDP source port. This combination reduces the entrop...

CVE-2026-34527

Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, SbieIniServer::HashPassword converts a SHA-1 digest to hexadecimal incorrectly. The high nibble of each byte is shifted right by 8 instead of 4, which always produces zero for an 8-bit...

Improper Synchronization

Overview Affected versions of this package are vulnerable to Improper Synchronization in the process that forwards DoQ queries to UDP upstreams, where the DNS transaction ID txid is not preserved and is always set to 0, reducing entropy in the backend tuple. An attacker can increase the likelihoo...

Improper Synchronization

Overview Affected versions of this package are vulnerable to Improper Synchronization in the process that forwards DoQ queries to UDP upstreams, where the DNS transaction ID txid is not preserved and is always set to 0, reducing entropy in the backend tuple. An attacker can increase the likelihoo...

Improper Synchronization

Overview Affected versions of this package are vulnerable to Improper Synchronization in the process that forwards DoQ queries to UDP upstreams, where the DNS transaction ID txid is not preserved and is always set to 0, reducing entropy in the backend tuple. An attacker can increase the likelihoo...

SUSE CVE-2025-13353

In gokey versions 0.2.0, a flaw in the seed decryption logic resulted in passwords incorrectly being derived solely from the initial vector and the AES-GCM authentication tag of the key seed. This issue has been fixed in gokey version 0.2.0. This is a breaking change. The fix has invalidated any...

CVE-2026-34527

Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, SbieIniServer::HashPassword converts a SHA-1 digest to hexadecimal incorrectly. The high nibble of each byte is shifted right by 8 instead of 4, which always produces zero for an 8-bit...

CVE-2026-34527

CVE-2026-34527 affects Sandboxie-Plus for Windows (versions 1.17.2 and earlier). The vulnerability arises in SbieIniServer::HashPassword, where the high nibble of each SHA-1 digest byte is extracted incorrectly (shifted by 8 instead of 4). This causes the stored EditPassword hash to preserve only...

CVE-2026-34527 Sandboxie-Plus EditPassword hash entropy reduced from 160 bits to 80 bits due to incorrect nibble extraction

Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, SbieIniServer::HashPassword converts a SHA-1 digest to hexadecimal incorrectly. The high nibble of each byte is shifted right by 8 instead of 4, which always produces zero for an 8-bit...

EUVD-2026-27466

Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, SbieIniServer::HashPassword converts a SHA-1 digest to hexadecimal incorrectly. The high nibble of each byte is shifted right by 8 instead of 4, which always produces zero for an 8-bit...

CVE-2026-34527 Sandboxie-Plus EditPassword hash entropy reduced from 160 bits to 80 bits due to incorrect nibble extraction

Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, SbieIniServer::HashPassword converts a SHA-1 digest to hexadecimal incorrectly. The high nibble of each byte is shifted right by 8 instead of 4, which always produces zero for an 8-bit...

PT-2026-37249

Affected Version: OpenMage LTS ≤ 20.16.0 confirmed on 20.16.0 Affected File: https://github.com/OpenMage/magento-lts/blob/main/app/code/core/Mage/Api/Model/Session.php – start method Summary The XML-RPC / SOAP API session ID is generated using an outdated, time-based construction rather than a...

Sandboxie-Plus 安全漏洞

Sandboxie-Plus is a sandbox isolation software developed by Sandboxie-Plus Inc. Versions of Sandboxie-Plus prior to 1.17.2 contained a security vulnerability. This vulnerability stemmed from the HashPassword function, which incorrectly shifted the high half-bits 8 positions to the right instead o...

PT-2026-37230

Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, SbieIniServer::HashPassword converts a SHA-1 digest to hexadecimal incorrectly. The high nibble of each byte is shifted right by 8 instead of 4, which always produces zero for an 8-bit...

UBUNTU-CVE-2025-13353

In gokey versions 0.2.0, a flaw in the seed decryption logic resulted in passwords incorrectly being derived solely from the initial vector and the AES-GCM authentication tag of the key seed. This issue has been fixed in gokey version 0.2.0. This is a breaking change. The fix has invalidated any...

CVE-2025-13353 gokey allows secret recovery from a seed file without the master password

In gokey versions 0.2.0, a flaw in the seed decryption logic resulted in passwords incorrectly being derived solely from the initial vector and the AES-GCM authentication tag of the key seed. This issue has been fixed in gokey version 0.2.0. This is a breaking change. The fix has invalidated any...

gokey 安全漏洞

gokey is a Go language library open-sourced by Cloudflare. A security vulnerability exists in gokey versions prior to 0.2.0, which stems from a flaw in the seed decryption logic that could lead to password entropy reduction and password recovery attacks...

Weak Encoding for Password

Overview @strapi/admin is a Strapi Admin Affected versions of this package are vulnerable to Weak Encoding for Password in to the implementation of password hashing. An attacker can reduce the effective entropy of user passwords and potentially mislead users about the required password length by...

EUVD-2019-6763

Malware in sbrugna...

EUVD-2012-2722

Malware in sbrugna...