Improper Authentication

Overview Affected versions of this package are vulnerable to Improper Authentication in the AesCbcHmacSha2Decryptor.doFinal function, which effectively skips authentication by comparing the computed authentication tag with itself rather than with the received tag, for A128CBC-HS256, A192CBC-HS384...

EUVD-2025-27027

Malicious code in bioql PyPI...

CVE-2025-10043

...

PT-2025-36326

Name of the Vulnerable Software and Affected Versions: Keycloak affected versions not specified Description: A path traversal flaw exists in Keycloak’s vault key handling on Windows. A previous fix for a related issue did not account for the Windows file separator , allowing a high-privilege...

EVE OS Encryption Problem Vulnerability

EVE OS is a general-purpose, open Linux-based operating system for distributed edge computing open-sourced by IF Edge. EVE OS suffers from a security vulnerability that stems from the use of an insecure SHA1 PCR algorithm to seal vault keys, resulting in a reduced complexity of unsealing the keys...

Jenkins 插件 信息泄露漏洞

Jenkins is a Jenkins open source application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins HashiCorp Vault Plugin 3.8.0 and earlier versions are vulnerable to an information disclosure vulnerability that...

Extraneous SSH Public Keys added to Authorized Keys file on Linux VM

Extraneous SSH Public Keys added to Authorized Keys file on Linux VM Summary In addition to letting users provide their own SSH keypairs for authentication, the Microsoft Azure platform relies on SSH keypairs to enable some features that are added to the virtual machine VM at deployment time. We...