Use of a Broken or Risky Cryptographic Algorithm

Overview Affected versions of this package are vulnerable to Use of a Broken or Risky Cryptographic Algorithm due to the generateCTR process in G3413CTRBlockCipher. An attacker can recover relationships between encrypted plaintext blocks by driving the cipher past its counter range and causing th...

USN-8132-1 roundcube vulnerabilities

It was discovered that Roundcube Webmail did not properly sanitize certain HTML elements within the e-mail body. An attacker could possibly use this issue to cause a cross-site scripting attack. This issue was only addressed in Ubuntu 16.04 LTS. CVE-2016-4068, CVE-2016-4069 It was discovered that...

CVE-2026-33512

WWBN AVideo (open source video platform) — Affected versions up to 26.0 have an unauthenticated decryptString action in the API plugin that accepts ciphertext and returns plaintext, exposing protected tokens/metadata. Ciphertext is publicly obtainable (e.g., view/url2Embed.json.php). Patch is ava...

AVideo has an unauthenticated decrypt oracle leaking any ciphertext

Summary The API plugin exposes a decryptString action without any authentication. Anyone can submit ciphertext and receive plaintext. Ciphertext is issued publicly e.g., view/url2Embed.json.php, so any user can recover protected tokens/metadata. Severity: High. Details - Entry:...

GHSA-MWJC-5J4X-R686 AVideo has an unauthenticated decrypt oracle leaking any ciphertext

Summary The API plugin exposes a decryptString action without any authentication. Anyone can submit ciphertext and receive plaintext. Ciphertext is issued publicly e.g., view/url2Embed.json.php, so any user can recover protected tokens/metadata. Severity: High. Details - Entry:...

sjcl is missing point-on-curve validation in sjcl.ecc.basicKey.publicKey

All versions of the package sjcl are vulnerable to Improper Verification of Cryptographic Signature due to missing point-on-curve validation in sjcl.ecc.basicKey.publicKey. An attacker can recover a victim's ECDH private key by sending crafted off-curve public keys and observing ECDH outputs. The...

Binardat 10G08-0800GSM 安全漏洞

Binardat 10G08-0800GSM is a high-performance switch from the Chinese company Binardat. The Binardat 10G08-0800GSM Network SwitchV300SP10260209 earlier versions had a security vulnerability. This vulnerability stemmed from the use of Base64 encoding for storing user passwords in client cookies,...

CVE-2025-63364

The CVE-2025-63364 entry affects Waveshare RS232/485 TO WIFI ETH (B) Serial to Ethernet/Wi‑Fi Gateway, Firmware V3.1.1.0 with hardware 4.3.2.1 and Webpage V7.04T.07.002880.0301. The vulnerability is that the device transmits Administrator credentials in plaintext over the network, exposing confid...

CVE-2025-63292

Freebox v5 HD firmware = 1.7.20, Freebox v5 Crystal firmware = 1.7.20, Freebox v6 Révolution r1–r3 firmware = 4.7.x, Freebox Mini 4K firmware = 4.7.x, and Freebox One firmware = 4.7.x were discovered to expose subscribers' IMSI identifiers in plaintext during the initial phase of EAP-SIM...

EUVD-2018-4347

Malware in sbrugna...

EUVD-2019-2534

Malware in sbrugna...

EUVD-2019-2526

Malware in sbrugna...

BIT-NIFI-2020-1942

In Apache NiFi 0.0.1 to 1.11.0, the flow fingerprint factory generated flow fingerprints which included sensitive property descriptor values. In the event a node attempted to join a cluster and the cluster flow was not inheritable, the flow fingerprint of both the cluster and local flow was...

Ubuntu 18.04 LTS / 20.04 LTS : KMail vulnerabilities (USN-7731-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7731-1 advisory. Damian Poddebniak, Christian Dresen, Jens Mller, Fabian Ising, Sebastian Schinzel, Simon Friedberger, Juraj Somorovsky, and Jrg Schwenk...

Linux Distros Unpatched Vulnerability : CVE-2019-10734

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In KDE Trojita 0.7, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted parts...

USN-7730-1 kf5-messagelib vulnerabilities

Damian Poddebniak, Christian Dresen, Jens Müller, Fabian Ising, Sebastian Schinzel, Simon Friedberger, Juraj Somorovsky, and Jörg Schwenk discovered that PIM Messagelib could be made to leak the plaintext of S/MIME encrypted emails when retrieving external content in emails. Under certain...

USN-7729-1 kdepim vulnerabilities

Damian Poddebniak, Christian Dresen, Jens Müller, Fabian Ising, Sebastian Schinzel, Simon Friedberger, Juraj Somorovsky, and Jörg Schwenk discovered that the KMail application of KDE PIM could be made to leak the plaintext of S/MIME encrypted emails when retrieving external content in emails. Und...

Linux Distros Unpatched Vulnerability : CVE-2016-10376

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Gajim through 0.16.7 unconditionally implements the XEP-0146: Remote Controlling Clients extension. This can be abused by malicious XMPP servers to, for example...

Linux Distros Unpatched Vulnerability : CVE-2023-36672

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in the Clario VPN client through 5.9.1.1662 for macOS. The VPN client insecurely configures the operating system such that traffic to th...

SUSE CVE-2025-49087

In Mbed TLS 3.6.1 through 3.6.3 before 3.6.4, a timing discrepancy in block cipher padding removal allows an attacker to recover the plaintext when PKCS7 padding mode is used...