Lucene search
+L

95 matches found

NVD
NVD
added 2025/07/25 1:15 p.m.6 views

CVE-2025-38402

In the Linux kernel, the following vulnerability has been resolved: idpf: return 0 size for RSS key if not supported Returning -EOPNOTSUPP from function returning u32 is leading to cast and invalid size value as a result. -EOPNOTSUPP as a size probably will lead to allocation fail. Command: ethto...

5.5CVSS0.00145EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2025/07/25 12:53 p.m.8 views

CVE-2025-38402

In the Linux kernel, the following vulnerability has been resolved: idpf: return 0 size for RSS key if not supported Returning -EOPNOTSUPP from function returning u32 is leading to cast and invalid size value as a result. -EOPNOTSUPP as a size probably will lead to allocation fail. Command: ethto...

5.5CVSS5.4AI score0.00145EPSS
Exploits0
CVE
CVE
added 2025/06/18 11:1 a.m.85 views

CVE-2022-50012

CVE-2022-50012 affects the Linux kernel on 64-bit PowerPC (powerpc/64). The root cause is that jump_label_init() is invoked in setup_feature_keys() too late, since static keys may be used by subroutines of parse_early_param(), which itself is a subroutine of early_init_devtree(). The result is th...

5.5CVSS6.5AI score0.00205EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2025/06/12 12:0 a.m.9 views

PT-2025-25343 · Vantage6 · Vantage6

Name of the Vulnerable Software and Affected Versions: vantage6 versions prior to 4.11.0 Description: The vantage6 server has a predictable JWT secret key generation issue. The auto-generated key is a UUID1, which is not cryptographically secure as it is predictable to some extent. This issue...

6.3CVSS6.3AI score0.0033EPSS
Exploits0References9
Vulnrichment
Vulnrichment
added 2025/06/04 1:26 p.m.11 views

CVE-2025-48960

Weak server key used for TLS encryption. The following products are affected: Acronis Cyber Protect 16 Linux, macOS, Windows before build 39938...

5.9CVSS7.2AI score0.00065EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:55 a.m.15 views

CVE-2024-5674

The Newsletter - API v1 and v2 addon plugin for WordPress is vulnerable to unauthorized subscribers management due to PHP type juggling issue on the checkapikey function in all versions up to, and including, 2.4.5. This makes it possible for unauthenticated attackers to list, create or delete...

6.5CVSS6.9AI score0.00317EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:34 a.m.9 views

CVE-2024-13370

The Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the saveaddonkeylicense function in all versions up to, and including, 1.3.3. This makes it possible fo...

6.5CVSS7.4AI score0.00386EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:0 a.m.10 views

CVE-2023-51840

DoraCMS 2.1.8 is vulnerable to Use of Hard-coded Cryptographic Key...

9.8CVSS7AI score0.00621EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 9:55 p.m.7 views

CVE-2022-35945

GLPI stands for Gestionnaire Libre de Parc Informatique and is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. Information associated to registration key are not properly escaped in registration key configuration...

6.3CVSS6.7AI score0.00558EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:26 p.m.6 views

CVE-2021-38599

WAL-G before 1.1, when a non-libsodium build e.g., one of the official binary releases published as GitHub Releases is used, silently ignores the libsodium encryption key and uploads cleartext backups. This is arguably a Principle of Least Surprise violation because "the user likely wanted to...

7.5CVSS6.8AI score0.00834EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:41 a.m.11 views

CVE-2013-0148

The Data Camouflage aka FairCom Standard Encryption algorithm in FairCom c-treeACE does not ensure that a decryption key is needed for accessing database contents, which allows context-dependent attackers to read cleartext database records by copying a database to another system that has a certai...

7.1CVSS7AI score0.00691EPSS
Exploits0References1
NVD
NVD
added 2025/05/13 4:15 p.m.13 views

CVE-2025-47278

Flask is a web server gateway interface WSGI web application framework. In Flask 3.1.0, the way fallback key configuration was handled resulted in the last fallback key being used for signing, rather than the current signing key. Signing is provided by the itsdangerous library. A list of keys can...

1.8CVSS0.0016EPSS
Exploits0References3
OSV
OSV
added 2025/05/13 3:57 p.m.8 views

CVE-2025-47278 Flask uses fallback key instead of current signing key

Flask is a web server gateway interface WSGI web application framework. In Flask 3.1.0, the way fallback key configuration was handled resulted in the last fallback key being used for signing, rather than the current signing key. Signing is provided by the itsdangerous library. A list of keys can...

1.8CVSS6.1AI score0.0016EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/05/13 12:0 a.m.6 views

PT-2025-20926

Name of the Vulnerable Software and Affected Versions: Flask versions 3.1.0 Description: The issue arises from the incorrect handling of fallback key configuration in Flask, where the last fallback key is used for signing instead of the current signing key. This is due to Flask constructing the...

1.8CVSS6.3AI score0.0016EPSS
Exploits0References24
CVE
CVE
added 2025/04/11 9:38 a.m.52 views

CVE-2025-31362

BizRobo! is affected by CVE-2025-31362 due to use of a hard-coded cryptographic key (CWE-321). Credentials inside robot files may be obtained if the encryption key is available. Affected product: BizRobo! all versions. Impact stated: credentials in robot files may be disclosed when the key is kno...

3.7CVSS6.7AI score0.00231EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/03/20 10:10 a.m.7 views

CVE-2025-0628 Improper Authorization in BerriAI/litellm

An improper authorization vulnerability exists in the main-latest version of BerriAI/litellm. When a user with the role 'internaluserviewer' logs into the application, they are provided with an overly privileged API key. This key can be used to access all the admin functionality of the applicatio...

8.1CVSS8.2AI score0.00315EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/03/07 2:28 a.m.15 views

CVE-2025-27685

Vasion Print formerly PrinterLogic before Virtual Appliance Host 1.0.735 Application 20.0.1330 allows Configuration File Contains CA & Private Key V-2022-001...

7.5CVSS7.1AI score0.00355EPSS
Exploits1References1
CVE
CVE
added 2025/03/04 12:0 a.m.75 views

CVE-2025-26849

CVE-2025-26849 affects Docusnap 13.0.1440.24261 and earlier/later versions due to a hard-coded cryptographic key. This key can be used to decrypt inventory files containing sensitive information (e.g., firewall rules). The description and connected sources confirm the root cause as a hard-coded k...

4.3CVSS4.5AI score0.00234EPSS
Exploits1References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/03/04 12:0 a.m.12 views

Linux Distros Unpatched Vulnerability : CVE-2016-8614

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in Ansible before version 2.2.0. The aptkey module does not properly verify key fingerprints, allowing remote adversary to create an OpenPGP ke...

7.5CVSS6.8AI score0.02458EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/19 12:23 p.m.11 views

CVE-2025-0714

The vulnerability exists in the password storage of Mobateks MobaXterm in versions below 25.0. MobaXTerm uses an initialisation vector IV consisting only of zero bytes and a master key to encrypt each password individually. In the default configuration, on opening MobaXTerm, the user is prompted...

6.5CVSS6.3AI score0.0016EPSS
Exploits0References3
Rows per page
Query Builder