Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

IBM AIX
IBM AIXadded 2026/03/09 2:38 p.m.7 views

Multiple vulnerabilities impact AIX due to OpenSSL

IBM SECURITY ADVISORY First Issued: Mon Mar 9 14:38:01 CDT 2026 The most recent version of this document is available here: https://aix.software.ibm.com/aix/efixes/security/openssladvisory46.asc Security Bulletin: Multiple vulnerabilities impact AIX due to OpenSSL...

8.8CVSS7.4AI score0.02889EPSS
Exploits7
CVE
CVEadded 2025/12/04 12:0 a.m.7 views

CVE-2025-63363

CVE-2025-63363 affects Waveshare RS232/485 TO WIFI ETH (B) Serial to Ethernet/Wi‑Fi Gateway. The root cause is a lack of Management Frame Protection in firmware version 3.1.1.0 (HW 4.3.2.1; Webpage 7.04T.07.002880.0301), enabling de‑authentication attacks via crafted frames broadcast without auth...

7.5CVSS6.9AI score0.00076EPSS
Exploits1References2Affected Software1
Cvelist
Cvelistadded 2025/10/15 7:19 a.m.3 views

CVE-2025-55039 Apache Spark, Apache Spark: RPC encryption defaults to unauthenticated AES-CTR mode, enabling man-in-the-middle ciphertext modification attacks

This issue affects Apache Spark versions before 3.4.4, 3.5.2 and 4.0.0. Apache Spark versions before 4.0.0, 3.5.2 and 3.4.4 use an insecure default network encryption cipher for RPC communication between nodes. When spark.network.crypto.enabled is set to true it is set to false by default, but...

0.00078EPSS
Exploits0References1
CVE
CVEadded 2025/10/15 7:19 a.m.18 views

CVE-2025-55039

CVE-2025-55039 affects Apache Spark prior to 3.4.4, 3.5.2 and 4.0.0. When spark.network.crypto.enabled is true (default false) and spark.network.crypto.cipher is not configured, Spark uses AES/CTR/NoPadding for RPC traffic, enabling encryption without authentication. A MITM could flip bits in cip...

6.5CVSS6.3AI score0.00078EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blogadded 2022/05/17 1:17 a.m.13 views

SimpleSAMLphp Unauthenticated encryption in CBC mode

SimpleSAMLphp 1.14.12 and earlier make it easier for man-in-the-middle attackers to obtain sensitive information by leveraging use of the aesEncrypt and aesDecrypt methods in the SimpleSAML/Utils/Crypto class to protect session identifiers in replies to non-HTTPS service providers...

5.9CVSS6.3AI score0.0026EPSS
Exploits0References5Affected Software1
OSV
OSVadded 2022/05/17 1:17 a.m.21 views

GHSA-44PR-MGCP-V36R SimpleSAMLphp Unauthenticated encryption in CBC mode

SimpleSAMLphp 1.14.12 and earlier make it easier for man-in-the-middle attackers to obtain sensitive information by leveraging use of the aesEncrypt and aesDecrypt methods in the SimpleSAML/Utils/Crypto class to protect session identifiers in replies to non-HTTPS service providers...

5.9CVSS5.3AI score0.0026EPSS
Exploits0References5
Friends Of PHP
Friends Of PHPadded 2017/04/26 1:24 p.m.14 views

Unauthenticated encryption in CBC mode

More info at https://simplesamlphp.org/security/201704-01...

5.9CVSS7.2AI score0.0026EPSS
Exploits0Affected Software1
Rows per page
Query Builder