EUVD-2026-34811

The linqi application contains hardcoded cryptographic keys. Additionally, the application uses a weak algorithm with a limited ASCII charset to dynamically generate Initialization Vectors IVs for AES/CBC encryption, making known-plaintext attacks feasible. An attacker with local access can...

EUVD-2025-135406

Malicious code in thumbi-ivs-trsud npm...

EUVD-2025-135407

Malicious code in thumbi-ivs-trsud npm...

EUVD-2021-14253

Malware in sbrugna...

EUVD-2023-42714

Malicious code in bioql PyPI...

EUVD-2022-28486

Malicious code in bioql PyPI...

EUVD-2023-42715

Malicious code in bioql PyPI...

EUVD-2023-42716

Malicious code in bioql PyPI...

EUVD-2024-17440

Malicious code in bioql PyPI...

CVE-2023-38954

ZKTeco BioAccess IVS v3.3.1 was discovered to contain a SQL injection vulnerability...

CVE-2023-38956

A path traversal vulnerability in ZKTeco BioAccess IVS v3.3.1 allows unauthenticated attackers to read arbitrary files via supplying a crafted payload...

CVE-2023-38958

An access control issue in ZKTeco BioAccess IVS v3.3.1 allows unauthenticated attackers to arbitrarily close and open the doors managed by the platform remotely via sending a crafted web request...

CVE-2021-27499

Ypsomed mylife Cloud, mylife Mobile Application, Ypsomed mylife Cloud: All versions prior to 1.7.2, Ypsomed mylife App: All versions prior to 1.7.5,The application layer encryption of the communication protocol between the Ypsomed mylife App and mylife Cloud uses non-random IVs, which allows...

CVE-2020-0407

In various functions in fscryptice.c and related files in some implementations of f2fs encryption that use encryption hardware which only supports 32-bit IVs Initialization Vectors, 64-bit IVs are used and later are truncated to 32 bits. This may cause IV reuse and thus weakened disk encryption...

CVE-2024-1706

A vulnerability was determined in ZKTeco ZKBio Access IVS up to 3.3.2. This impacts an unknown function of the component Department Name Search Bar. This manipulation with the input hi causes cross site scripting. Remote exploitation of the attack is possible. The exploit has been publicly...

Cross site scripting

A vulnerability, which was classified as problematic, has been found in ZKTeco ZKBio Access IVS up to 3.3.2. Affected by this issue is some unknown functionality of the component Department Name Search Bar. The manipulation with the input hi leads to cross site scripting. The attack may be launch...

CVE-2024-1706 ZKTeco ZKBio Access IVS Department Name Search Bar cross site scripting

A vulnerability was determined in ZKTeco ZKBio Access IVS up to 3.3.2. This impacts an unknown function of the component Department Name Search Bar. This manipulation with the input hi causes cross site scripting. Remote exploitation of the attack is possible. The exploit has been publicly...

CVE-2024-1706

CVE-2024-1706 affects ZKTeco ZKBio Access IVS up to 3.3.2, specifically the Department Name Search Bar component. The vulnerability is an input-based cross-site scripting (XSS) issue that can be exploited remotely; exploitation requires user interaction. Public disclosures exist. The vendor notes...

ZKTeco BioAccess IVS Cross-Site Scripting Vulnerability

ZKTeco BioAccess IVS is a lite web-based security platform from China-based ZKTeco. A cross-site scripting vulnerability exists in ZKTeco BioAccess IVS 3.3.2 and earlier versions, which stems from cross-site scripting in the component Department Name Search Bar...

PT-2024-18239 · Zkteco · Zkbio Access Ivs

Name of the Vulnerable Software and Affected Versions: ZKTeco ZKBio Access IVS versions up to 3.3.2 Description: A problematic issue has been found in the Department Name Search Bar component, allowing for cross-site scripting through the manipulation of input, such as hi. This can be exploited...