CVE-2026-6146

CVE-2026-6146 affects Perl module Amazon::Credentials up to version 1.2.0. The root cause is the use of Perl’s built‑in rand to generate encryption keys, with secrets stored in an obfuscated form but not securely encrypted. Prior to 1.3.0, a 64‑bit key derived from rand is used, which is predicta...

PT-2026-39740

Name of the Vulnerable Software and Affected Versions Amazon::Credentials versions prior to 1.3.0 Description Amazon::Credentials stores credentials in an obfuscated form to prevent secrets from being accessed via a data dump of the object. The software uses a 64-bit key generated by the built-in...

CVE-2025-21078

Use of insufficiently random value of secretKey in Smart Switch prior to version 3.7.68.6 allows adjacent attackers to access backup data from applications...

Modified Security Analysis of Device-Independent Quantum Key Distribution with Random Key Basis

Security analysis is a critical part in any cryptographic protocol, may it be classical or quantum. Without security analysis, one cannot ensure the secrecy of the distributed keys. To perform a conclusive security analysis, it is very often necessary to frame the problem as an optimization...

FreeFrom Security Vulnerabilities

FreeFrom is an application from FreeFrom, Inc. dedicated to bringing privacy and free speech back to SNSs. A security vulnerability exists in versions of FreeFrom prior to 1.3.5 that stems from the application's reuse of random number key pairs, resulting in direct message DM content between user...

PrestaShop 信息泄露漏洞

PrestaShop is an open source e-commerce solution from PrestaShop, Inc. in the United States. The solution provides multiple payment methods, short message alerts and product image scaling. An information disclosure vulnerability exists in PrestaShop versions prior to 8.1.6, which stems from the...

CVE-2023-34363

An issue was discovered in Progress DataDirect Connect for ODBC before 08.02.2770 for Oracle. When using Oracle Advanced Security OAS encryption, if an error is encountered initializing the encryption object used to encrypt data, the code falls back to a different encryption mechanism that uses a...

SUSE CVE-2021-3979

A key length flaw was found in Red Hat Ceph Storage. An attacker can exploit the fact that the key length is incorrectly passed in an encryption algorithm to create a non random key, which is weaker and can be exploited for loss of confidentiality and integrity on encrypted disks...

Hardcoded credentials

KubePi is a k8s panel. The jwt authentication function of KubePi through version 1.6.2 uses hard-coded Jwtsigkeys, resulting in the same Jwtsigkeys for all online projects. This means that an attacker can forge any jwt token to take over the administrator account of any online project. Furthermor...

CVE-2021-3979

A key length flaw was found in Red Hat Ceph Storage. An attacker can exploit the fact that the key length is incorrectly passed in an encryption algorithm to create a non random key, which is weaker and can be exploited for loss of confidentiality and integrity on encrypted disks...

CVE-2021-3979

A key length flaw was found in Red Hat Ceph Storage. An attacker can exploit the fact that the key length is incorrectly passed in an encryption algorithm to create a non random key, which is weaker and can be exploited for loss of confidentiality and integrity on encrypted disks...

CVE-2021-3979

A key length flaw was found in Red Hat Ceph Storage. An attacker can exploit the fact that the key length is incorrectly passed in an encryption algorithm to create a non random key, which is weaker and can be exploited for loss of confidentiality and integrity on encrypted disks...

CVE-2021-3979

A key length flaw was found in Red Hat Ceph Storage. An attacker can exploit the fact that the key length is incorrectly passed in an encryption algorithm to create a non random key, which is weaker and can be exploited for loss of confidentiality and integrity on encrypted disks...

CVE-2021-3979

A key length flaw was found in Red Hat Ceph Storage. An attacker can exploit the fact that the key length is incorrectly passed in an encryption algorithm to create a non random key, which is weaker and can be exploited for loss of confidentiality and integrity on encrypted disks...

CVE-2021-34588

In Bender/ebee Charge Controllers in multiple versions are prone to unprotected data export. Backup export is protected via a random key. The key is set at user login. It is empty after reboot...

Code injection

In Bender/ebee Charge Controllers in multiple versions are prone to unprotected data export. Backup export is protected via a random key. The key is set at user login. It is empty after reboot...

CVE-2021-34588 Bender Charge Controller: Unprotected data export

In Bender/ebee Charge Controllers in multiple versions are prone to unprotected data export. Backup export is protected via a random key. The key is set at user login. It is empty after reboot...

CVE-2021-3979

A key length flaw was found in Red Hat Ceph Storage. An attacker can exploit the fact that the key length is incorrectly passed in an encryption algorithm to create a non random key, which is weaker and can be exploited for loss of confidentiality and integrity on encrypted disks...

UBUNTU-CVE-2020-10996

An issue was discovered in Percona XtraDB Cluster before 5.7.28-31.41.2. A bundled script inadvertently sets a static transitionkey for SST processes in place of the random key expected...

iNextrix Technologies iNextrix ASTPP Security Feature Issue Vulnerability

INextrix Technologies INextrix ASTPP is an open source VoIP Voice over IP billing solution from INextrix Technologies, UK. iNextrix Technologies A security feature issue vulnerability exists in versions prior to iNextrix ASTPP 4.0.1, which stems from the...