CVE-2026-36609

Mercusys AC12G EU V1 router with firmware AC12GEUV1200909 uses a static authentication nonce that does not change between requests from the same source IP. Combined with the predictable XOR-based password encoding securityEncode function, this allows an attacker to reverse captured authentication...

CVE-2026-6866

CWE-1188 Initialization of a Resource with an Insecure Default vulnerability exists that could cause unauthorized disclosure of sensitive information when credentials revert to initial settings in rare circumstances, enabling unauthorized authentication using known credentials...

Data Sharing Framework 安全漏洞

Data Sharing Framework is an open-source distributed medical data sharing and processing framework based on BPMN and FHIR. Versions of Data Sharing Framework prior to 2.1.0 contained security vulnerabilities, which were caused by the incorrect use of reverse time comparison logic in the OIDC and...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a lock order reversal between nfcunregisterdevice and rfkillfopwrite, which could lead to a deadlock...

SUSE SLES12 Security Update : curl (SUSE-SU-2026:0066-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0066-1 advisory. - CVE-2025-14524: Fixed bearer token leak on cross-protocol redirect bsc1255731 - CVE-2025-15079: Fixed unknown host connection acceptance when...

CVE-2025-14819

CVE-2025-14819 concerns libcurl. When performing TLS transfers with reused easy/multi handles and altering CURLSSLOPT_NO_PARTIALCHAIN, libcurl could reuse a CA store cached in memory where the partial-chain setting was reversed, causing it to accept a trust chain it would otherwise reject. This i...

Traefik 安全漏洞

Traefik is an open source reverse proxy and load balancing tool from Traefik Open Source. A security vulnerability exists in Traefik versions 3.5.0 through 3.6.2, which stems from a reversal of TLS authentication logic and could lead to a man-in-the-middle attack...

AVEVA Edge 加密问题漏洞

AVEVA Edge is a highly scalable and flexible HMI/SCADA software from UK-based Jianwei Software AVEVA. AVEVA Edge suffers from an encryption issue vulnerability that stems from an attacker being able to reverse engineer an Edge user's application native password or Active Directory password by...

Machine and Deep Learning for Indoor UWB Jammer Localization

Ultra-wideband UWB localization delivers centimeter-scale accuracy but is vulnerable to jamming attacks, creating security risks for asset tracking and intrusion detection in smart buildings. Although machine learning ML and deep learning DL methods have improved tag localization, localizing...

Telegram Agrees to Share User Data With Authorities for Criminal Investigations

In a major policy reversal, the popular messaging app Telegram has announced it will give users' IP addresses and phone numbers to authorities in response to valid legal requests in an attempt to rein in criminal activity on the platform. "We've made it clear that the IP addresses and phone numbe...

SUSE CVE-2024-35998

In the Linux kernel, the following vulnerability has been resolved: smb3: fix lock ordering potential deadlock in cifssyncmidresult Coverity spotted that the cifssyncmidresult function could deadlock "Thread deadlock ORDERREVERSAL lockorder: Calling spinlock acquires lock TCPServerInfo.srvlock...

AZL-55440 CVE-2024-35998 affecting package kernel 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: smb3: fix lock ordering potential deadlock in cifssyncmidresult Coverity spotted that the cifssyncmidresult function could deadlock "Thread deadlock ORDERREVERSAL lockorder: Calling spinlock acquires lock TCPServerInfo.srvlock...

UBUNTU-CVE-2024-35998

In the Linux kernel, the following vulnerability has been resolved: smb3: fix lock ordering potential deadlock in cifssyncmidresult Coverity spotted that the cifssyncmidresult function could deadlock "Thread deadlock ORDERREVERSAL lockorder: Calling spinlock acquires lock TCPServerInfo.srvlock...

DEBIAN-CVE-2024-26740

In the Linux kernel, the following vulnerability has been resolved: net/sched: actmirred: use the backlog for mirred ingress The test Davide added in commit ca22da2fbd69 "actmirred: use the backlog for nested calls to mirred ingress" hangs our testing VMs every 10 or so runs, with the familiar...

PT-2024-21496

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The issue arises when reversing the flow of traffic with the redirect egress - ingress, potentially reaching the same socket that generated the packet while still holding its socket lock...

VulnCheck KEV: CVE-2017-8226

Amcrest IPM-721S V2.420.AC00.16.R.20160909 devices have default credentials that are hardcoded in the firmware and can be extracted by anyone who reverses the firmware to identify them. If the firmware version V2.420.AC00.16.R 9/9/2016 is dissected using binwalk tool, one obtains a...

L2 deposits might be reverted

Lines of code Vulnerability details Impact L1ERC20Bridge and L1EthBridge contracts have claimFailedDeposit function to withdraw funds from the initiated deposit, which failed when finalizing on L2. However, if the caller is allowed in senderCanCallFunction modifier, this function can be used to...

Google Urged to Stop Tracking Location Data Ahead of Roe Reversal

Lawmakers argue Android phone data could be “weaponized against women” if the US Supreme Court officially overturns abortion protections...

CVE-2022-25156

Use of Weak Hash vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5UC CPU all versions, Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions, Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU all versions, Mitsubishi Electric MELSEC iQ-R series R04/08/16/32/120ENCPU all...

UniswapV3's path issue for swapExactOutput

Handle cmichel Vulnerability details UniswapV3 expects a path object like tokenA, feeAB, tokenB, feeBC, tokenC. The UniV3Trader.swapExactOutput code tries to reverse this path to get to tokenC, feeBC, tokenB, feeAB, tokenA but that's not what the reverseBytes function does. Note that it reverts t...