GHSA-97W9-V595-3H5Q cryptidy allows code execution via untrusted data due to pickle.loads

cryptidy through 1.2.4 allows code execution via untrusted data because pickle.loads is used. This occurs in aesdecryptmessage in symmetricencryption.py...

EUVD-2005-3255

Malware in sbrugna...

EUVD-2007-0416

Malware in sbrugna...

EUVD-2022-6668

Malicious code in bioql PyPI...

EUVD-2022-5003

Malicious code in bioql PyPI...

EUVD-2025-13250

Malicious code in bioql PyPI...

EUVD-2025-1595

Malicious code in bioql PyPI...

EUVD-2023-25611

Malicious code in bioql PyPI...

EUVD-2022-6714

Malicious code in bioql PyPI...

ABB RMC-100 安全漏洞

The ABB RMC-100 is a remote modular controller from ABB Switzerland. Capable of managing automation, liquid and gas measurements, asset data centralization for large production and transmission facilities. A security vulnerability exists in the ABB RMC-100 that stems from the use of hard-coded...

CVE-2025-52464

Meshtastic is an open source mesh networking solution. In versions from 2.5.0 to before 2.6.11, the flashing procedure of several hardware vendors was resulting in duplicated public/private keys. Additionally, the Meshtastic was failing to properly initialize the internal randomness pool on some...

Sungrow iSolarCloud 安全漏洞

Sungrow iSolarCloud Sunshine Cloud is a software for monitoring and managing PV power plants from China's Sunny Power Sungrow. A security vulnerability exists in Sungrow iSolarCloud, which stems from an under-restricted MQTT service that could result in subscribing to arbitrary topics and...

CVE-2024-45165

An issue was discovered in UCI IDOL 2 aka uciIDOL or IDOL2 through 2.12. Data is sent between client and server with encryption. However, the key is derived from the string "c2007 UCI Software GmbH B.Boll" without quotes. The key is both static and hardcoded. With access to messages, this results...

CVE-2024-50697

In SunGrow WiNet-SV200.001.00.P027 and earlier versions, when decrypting MQTT messages, the code that parses specific TLV fields does not have sufficient bounds checks. This may result in a stack-based buffer overflow...

EulerOS 2.0 SP12 : ruby (EulerOS-SA-2025-1440)

According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A vulnerability was found in Ruby. The Ruby interpreter is vulnerable to the Marvin Attack. This attack allows the attacker to decrypt previously...

CVE-2025-46632

Initialization vector IV reuse in the web management portal of the Tenda RX2 Pro 16.03.30.14 may allow an attacker to discern information about or more easily decrypt encrypted messages between client and server...

CVE-2025-46632

Initialization vector IV reuse in the web management portal of the Tenda RX2 Pro 16.03.30.14 may allow an attacker to discern information about or more easily decrypt encrypted messages between client and server...

EulerOS 2.0 SP13 : ruby (EulerOS-SA-2025-1326)

According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A vulnerability was found in Ruby. The Ruby interpreter is vulnerable to the Marvin Attack. This attack allows the attacker to decrypt previously...

CVE-2024-50697

In SunGrow WiNet-SV200.001.00.P027 and earlier versions, when decrypting MQTT messages, the code that parses specific TLV fields does not have sufficient bounds checks. This may result in a stack-based buffer overflow...

CVE-2024-50697

In SunGrow WiNet-SV200.001.00.P027 and earlier versions, when decrypting MQTT messages, the code that parses specific TLV fields does not have sufficient bounds checks. This may result in a stack-based buffer overflow...