Lucene search
+L

174 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2025-6964

Malicious code in bioql PyPI...

6.5CVSS6.5AI score0.0033EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-25346

Malicious code in bioql PyPI...

4.1CVSS5AI score0.00054EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2025-13215

Malicious code in bioql PyPI...

5.6AI score0.00165EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-3551

Malicious code in bioql PyPI...

9.8CVSS6.3AI score0.00481EPSS
Exploits0References6
CNNVD
CNNVD
added 2025/08/14 12:0 a.m.7 views

BOSCH ctrlX OS 安全漏洞

BOSCH ctrlX OS is a Linux-based real-time operating system from the German company BOSCH. A security vulnerability exists in BOSCH ctrlX OS that stems from an unclear description of backup file encryption, which could lead to a user misinterpreting the backup file encryption status...

7.1CVSS6.6AI score0.00113EPSS
Exploits0References1
Filippo.io
Filippo.io
added 2025/07/14 3:17 p.m.10 views

Encrypting Files with Passkeys and age

Typage age-encryption on npm is a TypeScript1 implementation of the age file encryption format. It runs with Node.js, Deno, Bun, and browsers, and implements native age recipients, passphrase encryption, ASCII armoring, and supports custom recipient interfaces, like the Go implementation. However...

6.8AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 6:54 a.m.7 views

CVE-2024-28146

The application uses several hard-coded credentials to encrypt config files during backup, to decrypt the new firmware during an update and some passwords allow a direct connection to the database server of the affected device...

8.4CVSS7AI score0.00267EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:44 p.m.11 views

CVE-2022-29053

A missing cryptographic steps vulnerability CWE-325 in the functions that encrypt the keytab files in FortiOS version 7.2.0, 7.0.0 through 7.0.5 and below 7.0.0 may allow an attacker in possession of the encrypted file to decipher it...

3.3CVSS6.8AI score0.00255EPSS
Exploits0References1
Veracode
Veracode
added 2025/03/27 6:36 a.m.10 views

Exposed Dangerous Method Or Function

H2O-3 is vulnerable to Exposed Dangerous Method or Function. The vulnerability is due to improper access control due to an exposed EncryptionTool endpoint that allows an attacker to encrypt files on the target server with a chosen key, potentially leading to ransomware-like behavior by overwritin...

6.5CVSS7AI score0.0033EPSS
Exploits1References4Affected Software2
RedhatCVE
RedhatCVE
added 2025/03/22 12:57 p.m.9 views

CVE-2024-6863

In h2oai/h2o-3 version 3.46.0, an endpoint exposing a custom EncryptionTool allows an attacker to encrypt any files on the target server with a key of their choosing. The chosen key can also be overwritten, resulting in ransomware-like behavior. This vulnerability makes it possible for an attacke...

6.5CVSS6.8AI score0.0033EPSS
Exploits1References1
Snyk
Snyk
added 2025/03/20 12:32 p.m.6 views

Exposed Dangerous Method or Function

Overview Affected versions of this package are vulnerable to Exposed Dangerous Method or Function through the EncryptionTool endpoint. An attacker can encrypt arbitrary files on the target server with a key of their choosing, making it exceedingly difficult for the target to recover the keys need...

6.9CVSS7AI score0.0033EPSS
Exploits1References2
NVD
NVD
added 2025/03/20 10:15 a.m.12 views

CVE-2024-6863

In h2oai/h2o-3 version 3.46.0, an endpoint exposing a custom EncryptionTool allows an attacker to encrypt any files on the target server with a key of their choosing. The chosen key can also be overwritten, resulting in ransomware-like behavior. This vulnerability makes it possible for an attacke...

6.5CVSS0.0033EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/03/20 10:10 a.m.5 views

CVE-2024-6863 Encryption of Arbitrary Files with Attacker-Controlled Key in h2oai/h2o-3

In h2oai/h2o-3 version 3.46.0, an endpoint exposing a custom EncryptionTool allows an attacker to encrypt any files on the target server with a key of their choosing. The chosen key can also be overwritten, resulting in ransomware-like behavior. This vulnerability makes it possible for an attacke...

6.5CVSS6.5AI score0.0033EPSS
Exploits1References1
CVE
CVE
added 2025/03/20 10:10 a.m.57 views

CVE-2024-6863

CVE-2024-6863 affects h2oai/h2o-3 v3.46.0 through an endpoint exposing a custom EncryptionTool that allows an attacker to encrypt arbitrary files on the target server with a key of their choosing, with the key potentially overwritable and ransomware-like behavior described. The vulnerability’s im...

6.5CVSS6.5AI score0.0033EPSS
Exploits1References1Affected Software1
Qualys Blog
Qualys Blog
added 2024/12/18 4:14 p.m.11 views

NotLockBit: A Deep Dive Into the New Ransomware Threat

Overview NotLockBit is a new and emerging ransomware family that actively mimics the behavior and tactics of the well-known LockBit ransomware. It distinguishes itself by being one of the first fully functional ransomware strains to target macOS and Windows systems. Distributed as an x8664 golang...

7AI score
Exploits0
NVD
NVD
added 2024/12/12 2:15 p.m.27 views

CVE-2024-28146

The application uses several hard-coded credentials to encrypt config files during backup, to decrypt the new firmware during an update and some passwords allow a direct connection to the database server of the affected device...

8.4CVSS0.00267EPSS
Exploits0References3
Securelist
Securelist
added 2024/11/26 10:0 a.m.49 views

Analysis of Elpaco: a Mimic variant

Introduction In a recent incident response case, we dealt with a variant of the Mimic ransomware with some interesting customization features. The attackers were able to connect via RDP to the victim's server after a successful brute force attack and then launch the ransomware. After that, the...

7.9AI score0.99512EPSS
Exploits75
CNVD
CNVD
added 2024/11/21 12:0 a.m.11 views

TRCore DVC Trust Management Issue Vulnerability

TRCore DVC is a file insurance system from TRCore China. TRCore DVC suffers from a trust management issue vulnerability that originates from encrypting a file using a hard-coded key, which can be exploited by an attacker to decrypt the file using the hard-coded key and recover the original conten...

6.2CVSS6.8AI score0.00155EPSS
Exploits0References1
OSV
OSV
added 2024/11/18 6:15 a.m.8 views

CVE-2024-11308

The DVC from TRCore encrypts files using a hardcoded key. Attackers can use this key to decrypt the files and restore the original content...

5.5CVSS5.8AI score0.00155EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/11/18 5:59 a.m.32 views

CVE-2024-11308 TRCore DVC - Use of Hard-coded Cryptographic Key

The DVC from TRCore encrypts files using a hardcoded key. Attackers can use this key to decrypt the files and restore the original content...

6.2CVSS0.00155EPSS
Exploits0References2
Rows per page
Query Builder