Lucene search
+L

264 matches found

Positive Technologies
Positive Technologies
added 4 days ago6 views

PT-2026-58189

Name of the Vulnerable Software and Affected Versions Windows Key Guard affected versions not specified Description A risky implementation of a cryptographic primitive in Windows Key Guard allows an authorized local attacker to bypass a security feature and expose secrets. Recommendations At the...

5.5CVSS6.1AI score0.00202EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/29 9:47 a.m.5 views

Security Bulletin: Multiple Vulnerabilities in IBM DataStax Enterprise

Summary Multiple vulnerabilities were addressed in IBM DataStax Enterprise 6.9.23 Vulnerability Details CVEID:CVE-2025-14813 DESCRIPTION: : Use of a Broken or Risky Cryptographic Algorithm vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcprov on all core modules. This vulnerability is...

9.9CVSS7.3AI score0.01339EPSS
Exploits0Affected Software1
The Hacker News
The Hacker News
added 2026/06/17 10:30 a.m.18 views

The Top 10 Attack Surface Exposures in 2026

Breaches don't always start with a zero-day. An exposed admin panel can get brute-forced, or credentials reused from a previous attack. But when a vulnerability does drop — like MongoBleed earlier this year, which let attackers pull credentials and session tokens from server memory without...

5.7AI score
Exploits0
hivepro
hivepro
added 2026/05/26 10:10 a.m.12 views

Identity Exposure Management: Risks and Response

Start with the path that carries risk. Security teams need a clear view of access risk. Stolen tokens and excessive privileges turn legitimate access into an attack route. Identity risk becomes urgent when one exposed account opens a path across critical systems. Identity exposure management is t...

5.9AI score
Exploits0
The Hacker News
The Hacker News
added 2026/05/15 11:0 a.m.19 views

What 45 Days of Watching Your Own Tools Will Tell You About Your Real Attack Surface

In Your Biggest Security Risk Isn't Malware — It's What You Already Trust , we made a simple argument: the most dangerous activity inside most organizations no longer looks like an attack. It looks like administration. PowerShell, WMIC, netsh, Certutil, MSBuild — the same trusted utilities your I...

5.8AI score
Exploits0
GithubExploit
GithubExploit
added 2026/05/02 6:27 p.m.352 views

l4ki-TooL

TCP Port Scanner A simple Python tool that scans TCP ports on...

9.8CVSS7AI score0.99992EPSS
Exploits175
Snyk
Snyk
added 2026/04/21 8:0 p.m.6 views

Use of a Broken or Risky Cryptographic Algorithm

Overview Affected versions of this package are vulnerable to Use of a Broken or Risky Cryptographic Algorithm in the key generation. An attacker can compromise the confidentiality of generated cryptographic keys by exploiting weak or predictable key material. Remediation A fix was pushed into the...

2.9CVSS7.2AI score0.00122EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/04/21 7:23 p.m.7 views

CVE-2026-5588

A flaw was found in Legion of the Bouncy Castle Inc. BC-JAVA bcpkix. The PKIX draft CompositeVerifier implementation improperly accepts an empty signature sequence as a valid cryptographic signature. This issue allows a remote attacker to bypass signature verification mechanisms, potentially...

7.5CVSS5.4AI score0.00392EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/04/20 3:18 a.m.3 views

CVE-2026-32959

SD-330AC and AMC Manager provided by silex technology, Inc. contain an issue with a use of a broken or risky cryptographic algorithm. Information in the traffic may be retrieved via man-in-the-middle attack...

8.2CVSS5.7AI score0.00209EPSS
Exploits0References4Affected Software2
UbuntuCve
UbuntuCve
added 2026/04/15 10:16 a.m.6 views

CVE-2026-5588

Use of a Broken or Risky Cryptographic Algorithm vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcpkix on all pkix modules, Legion of the Bouncy Castle Inc. BCPKIX-FIPS bcpkix on All pkix modules, Legion of the Bouncy Castle Inc. BCPIX-LTS bcpkix on All pkix modules. This vulnerability...

7.5CVSS7.1AI score0.00392EPSS
Exploits0References2
OSV
OSV
added 2026/04/15 10:16 a.m.5 views

UBUNTU-CVE-2026-5588

Use of a Broken or Risky Cryptographic Algorithm vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcpkix on all pkix modules, Legion of the Bouncy Castle Inc. BCPKIX-FIPS bcpkix on All pkix modules, Legion of the Bouncy Castle Inc. BCPIX-LTS bcpkix on All pkix modules. This vulnerability...

7.5CVSS5.8AI score0.00392EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/15 12:0 a.m.7 views

PT-2026-33031

Name of the Vulnerable Software and Affected Versions BC-JAVA versions 1.49 through 1.83 BCPKIX-FIPS versions 2.0.6 through 2.0.10 BCPKIX-FIPS versions 2.1.7 through 2.1.10 Description The PKIX draft CompositeVerifier accepts an empty signature sequence as valid. This issue is associated with the...

7.5CVSS6.7AI score0.00392EPSS
Exploits0References314
EUVD
EUVD
added 2026/04/06 9:31 p.m.5 views

EUVD-2026-19482

A vulnerability has been found in Meesho Online Shopping App up to 27.3 on Android. Affected is an unknown function of the file /api/endpoint of the component com.meesho.supply. Such manipulation leads to risky cryptographic algorithm. The attack may be performed from remote. The attack requires ...

6.3CVSS5.1AI score0.00188EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/04/06 7:45 p.m.28 views

CVE-2026-5682 Meesho Online Shopping App com.meesho.supply endpoint risky encryption

A vulnerability has been found in Meesho Online Shopping App up to 27.3 on Android. Affected is an unknown function of the file /api/endpoint of the component com.meesho.supply. Such manipulation leads to risky cryptographic algorithm. The attack may be performed from remote. The attack requires ...

6.3CVSS0.00188EPSS
Exploits0References4
CVE
CVE
added 2026/04/06 7:45 p.m.8 views

CVE-2026-5682

CVE-2026-5682 affects Meesho Online Shopping App (Android) in the com.meesho.supply component, specifically an unknown function in /api/endpoint. The issue arises from manipulation that leads to a risky cryptographic algorithm. Attack surface is remote, with high complexity required for exploitat...

6.3CVSS5.1AI score0.00188EPSS
Exploits0References4
Snyk
Snyk
added 2026/02/18 10:33 p.m.5 views

Use of a Cryptographic Primitive with a Risky Implementation

Overview Affected versions of this package are vulnerable to Use of a Cryptographic Primitive with a Risky Implementation in the HelloChrome120, HelloChrome120PQ, HelloChrome131 and HelloChrome133 symbols due to inconsistent ciphersuite selection between the outer ClientHello and ECH for GREASE...

5.3CVSS5.6AI score0.00154EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/02/18 7:30 p.m.7 views

CVE-2026-2618

A vulnerability was determined in Beetel 777VR1 up to 01.00.09. This impacts an unknown function of the component SSH Service. This manipulation causes risky cryptographic algorithm. The attack is possible to be carried out remotely. The attack is considered to have high complexity. The...

7.4CVSS4.9AI score0.0034EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/02/18 4:45 p.m.26 views

CVE-2026-20137 Risky Commands Safeguards Bypass through preloaded Data Models due to Path Traversal vulnerability in Splunk Enterprise

In Splunk Enterprise versions below 10.2.0, 10.0.3, 9.4.5, 9.3.7, and 9.2.9, and Splunk Cloud Platform versions below 10.1.2507.0, 10.0.2503.9, 9.3.2411.112, and 9.3.2408.122, a low-privileged user who does not hold the "admin" or "power" Splunk roles could bypass the SPL safeguards for risky...

3.5CVSS0.00222EPSS
Exploits0References1
NVD
NVD
added 2026/02/17 5:21 p.m.12 views

CVE-2026-2618

A vulnerability was determined in Beetel 777VR1 up to 01.00.09. This impacts an unknown function of the component SSH Service. This manipulation causes risky cryptographic algorithm. The attack is possible to be carried out remotely. The attack is considered to have high complexity. The...

7.4CVSS0.0034EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2026/02/17 4:32 p.m.3 views

CVE-2026-2618 Beetel 777VR1 SSH Service risky encryption

A vulnerability was determined in Beetel 777VR1 up to 01.00.09. This impacts an unknown function of the component SSH Service. This manipulation causes risky cryptographic algorithm. The attack is possible to be carried out remotely. The attack is considered to have high complexity. The...

6.3CVSS4.9AI score0.0034EPSS
Exploits1References5
Rows per page
Query Builder