215 matches found
CVE-2026-9220
Setracker2 Android Companion App com.tgelec.setracker versions 3.1.5 and prior encrypts requests between the watch and its backend with static hardcoded AES keys and initialization vectors. This allows an attacker to decrypt Setracker2 watch traffic...
CVE-2026-9220 Setracker2 Children's Smartwatch Ecosystem Use of hard-coded cryptographic key
Setracker2 Android Companion App com.tgelec.setracker versions 3.1.5 and prior encrypts requests between the watch and its backend with static hardcoded AES keys and initialization vectors. This allows an attacker to decrypt Setracker2 watch traffic...
Malicious code in @briskforge/envcheck (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 09dba573f5d6cb00b09562870f2148b3e539786f5d801f2a263338301d759313 The package advertises itself as a tiny environment-variable validator but ships lib/preflight.js, a heavily obfuscated obfuscator.io string-array...
GL.iNet多款产品 加密问题漏洞
GL.iNet MT3000 and other products are developed by GL.iNet Corporation. The GL.iNet MT3000 is a portable router that uses the Wi-Fi 6 protocol. The GL.iNet AX1800 is a wireless router. The GL.iNet A1300 is a Wi-Fi 5 travel router. Several of GL.iNet’s products have encryption vulnerabilities, whi...
CVE-2026-11347
The linqi application contains hardcoded cryptographic keys. Additionally, the application uses a weak algorithm with a limited ASCII charset to dynamically generate Initialization Vectors IVs for AES/CBC encryption, making known-plaintext attacks feasible. An attacker with local access can...
CVE-2026-8876
Version 3.0.7 of the Securly Chrome Extension contains hardcoded, plaintext AES passphrases in securly.min.js. These keys decrypt crisis alert keyword data and intervention site data...
CVE-2026-42518
This vulnerability exists in e-Sushrut due to disclosure of sensitive information and hardcoded AES encryption keys in client-side JavaScript. An unauthenticated remote attacker could exploit this vulnerability by accessing the client-side code to extract sensitive information and cryptographic...
CVE-2026-11347
The linqi application contains hardcoded cryptographic keys. Additionally, the application uses a weak algorithm with a limited ASCII charset to dynamically generate Initialization Vectors IVs for AES/CBC encryption, making known-plaintext attacks feasible. An attacker with local access can...
EUVD-2026-34811
The linqi application contains hardcoded cryptographic keys. Additionally, the application uses a weak algorithm with a limited ASCII charset to dynamically generate Initialization Vectors IVs for AES/CBC encryption, making known-plaintext attacks feasible. An attacker with local access can...
CVE-2026-11347 Hardcoded Cryptographic Keys and Weak IV Generation in linqi
The linqi application contains hardcoded cryptographic keys. Additionally, the application uses a weak algorithm with a limited ASCII charset to dynamically generate Initialization Vectors IVs for AES/CBC encryption, making known-plaintext attacks feasible. An attacker with local access can...
CVE-2026-11347 Hardcoded Cryptographic Keys and Weak IV Generation in linqi
The linqi application contains hardcoded cryptographic keys. Additionally, the application uses a weak algorithm with a limited ASCII charset to dynamically generate Initialization Vectors IVs for AES/CBC encryption, making known-plaintext attacks feasible. An attacker with local access can...
CVE-2026-11347
The linqi application contains hardcoded cryptographic keys. Additionally, the application uses a weak algorithm with a limited ASCII charset to dynamically generate Initialization Vectors IVs for AES/CBC encryption, making known-plaintext attacks feasible. An attacker with local access can...
CVE-2026-11347
The CVE-2026-11347 entry describes vulnerabilities in the linqi application: hardcoded cryptographic keys and a weak IV-generation mechanism for AES/CBC using a limited ASCII charset. This combination enables known-plaintext attacks and allows an attacker with local access to decrypt obfuscated s...
PT-2026-46913
The linqi application contains hardcoded cryptographic keys. Additionally, the application uses a weak algorithm with a limited ASCII charset to dynamically generate Initialization Vectors IVs for AES/CBC encryption, making known-plaintext attacks feasible. An attacker with local access can...
CVE-2026-8876
Version 3.0.7 of the Securly Chrome Extension contains hardcoded, plaintext AES passphrases in securly.min.js. These keys decrypt crisis alert keyword data and intervention site data...
EUVD-2026-34162
Version 3.0.7 of the Securly Chrome Extension contains hardcoded, plaintext AES passphrases in securly.min.js. These keys decrypt crisis alert keyword data and intervention site data...
Mercusys AC12G 安全漏洞
The Mercusys AC12G is a Gigabit wireless router produced by the Chinese company Mercusys. The Mercusys AC12G EU V1 AC12G EU V1 version has a security vulnerability. This vulnerability stems from the use of hardcoded DES keys for encrypting configuration backups, which may allow attackers to decry...
PT-2026-46049
Name of the Vulnerable Software and Affected Versions Securly Chrome Extension version 3.0.7 Description The software contains hardcoded, plaintext AES passphrases within the securly.min.js file. These passphrases are used to decrypt intervention site data and crisis alert keyword data...
Malicious code in mathepy (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 268eeb8db2d704a5b34b2007a25477fdd9f2de3525462f3dd78192aa5d2f95a1 Package metadata advertises mathepy as a 'Module for Quick Calculations', but the package's importable init.py exposes 13 top-level functions askllm,...
MAL-2026-4755 Malicious code in mathepy (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 268eeb8db2d704a5b34b2007a25477fdd9f2de3525462f3dd78192aa5d2f95a1 Package metadata advertises mathepy as a 'Module for Quick Calculations', but the package's importable init.py exposes 13 top-level functions askllm,...