Lucene search
+L

13003 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:40 p.m.11 views

CVE-2025-13167

Improper neutralization of input during web page generation 'Cross-site Scripting' vulnerability in contact functionality in Synology Contacts before 1.0.10-20659 allows remote authenticated users to read or write specific files containing non-sensitive information via unspecified vectors...

5.4CVSS5.5AI score0.00254EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:20 p.m.12 views

CVE-2026-41957

An authenticated remote code execution vulnerability through undisclosed vectors exists in the BIG-IP and BIG-IQ Configuration utility. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

8.8CVSS6.4AI score0.00514EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 6:49 p.m.12 views

CVE-2024-47270

Improper preservation of permissions vulnerability in Archiving Push functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administrator privileges to limited file write via unspecified vectors...

2.7CVSS5.5AI score0.00249EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/05 10:18 a.m.8 views

CVE-2026-11347 Hardcoded Cryptographic Keys and Weak IV Generation in linqi

The linqi application contains hardcoded cryptographic keys. Additionally, the application uses a weak algorithm with a limited ASCII charset to dynamically generate Initialization Vectors IVs for AES/CBC encryption, making known-plaintext attacks feasible. An attacker with local access can...

8.5CVSS5.5AI score0.00073EPSS
Exploits0References1
CVE
CVE
added 2026/06/05 10:18 a.m.31 views

CVE-2026-11347

The CVE-2026-11347 entry describes vulnerabilities in the linqi application: hardcoded cryptographic keys and a weak IV-generation mechanism for AES/CBC using a limited ASCII charset. This combination enables known-plaintext attacks and allows an attacker with local access to decrypt obfuscated s...

8.5CVSS5.5AI score0.00073EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/05 12:0 a.m.19 views

PT-2026-46913

The linqi application contains hardcoded cryptographic keys. Additionally, the application uses a weak algorithm with a limited ASCII charset to dynamically generate Initialization Vectors IVs for AES/CBC encryption, making known-plaintext attacks feasible. An attacker with local access can...

8.5CVSS5.5AI score0.00073EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/05 12:0 a.m.13 views

Linqi 安全漏洞

Linqi is an English speaking practice platform developed by the German company Linqi. It combines human language interaction with AI-based feedback. Linqi has a security vulnerability, which stems from hard-coded encryption keys and weak algorithms for generating initialization vectors. This allo...

8.5CVSS5.3AI score0.00073EPSS
Exploits0References1
NVD
NVD
added 2026/06/04 9:16 a.m.11 views

CVE-2026-50210

The device encrypts data using AES-CBC with static zero-filled Initialization Vectors IVs, making it susceptible to replay attacks and known-plaintext decryption...

7.5CVSS0.00245EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/04 7:22 a.m.8 views

CVE-2026-50210 Weak Static Cryptographic Initialization Vectors

The device encrypts data using AES-CBC with static zero-filled Initialization Vectors IVs, making it susceptible to replay attacks and known-plaintext decryption...

6.9CVSS5.8AI score0.00245EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/04 7:22 a.m.10 views

EUVD-2026-34222

The device encrypts data using AES-CBC with static zero-filled Initialization Vectors IVs, making it susceptible to replay attacks and known-plaintext decryption...

7.5CVSS5.8AI score0.00245EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/04 7:22 a.m.9 views

CVE-2026-50210

The device encrypts data using AES-CBC with static zero-filled Initialization Vectors IVs, making it susceptible to replay attacks and known-plaintext decryption...

6.9CVSS5.8AI score0.00245EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/04 7:22 a.m.43 views

CVE-2026-50210 Weak Static Cryptographic Initialization Vectors

The device encrypts data using AES-CBC with static zero-filled Initialization Vectors IVs, making it susceptible to replay attacks and known-plaintext decryption...

6.9CVSS0.00245EPSS
Exploits0References1
CVE
CVE
added 2026/06/04 7:22 a.m.30 views

CVE-2026-50210

CVE-2026-50210 is linked to multiple sources describing a cryptographic weakness where data is encrypted with AES-CBC using static zero-filled IVs. This configuration can enable replay attacks and known-plaintext decryption. The description across NVD, CVE records, and related feeds consistently ...

7.5CVSS5.8AI score0.00245EPSS
Exploits0References1Affected Software1
SUSE CVE
SUSE CVE
added 2026/06/04 2:42 a.m.12 views

SUSE CVE-2022-46295

Multiple out-of-bounds write vulnerabilities exist in the translationVectors parsing functionality in multiple supported formats of Open Babel 3.1.1 and master commit 530dbfa3. A specially-crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to...

7.8CVSS7.1AI score0.00863EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.20 views

PT-2026-46162

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description The device encrypts data using AES-CBC Advanced Encryption Standard in Cipher Block Chaining mode with static zero-filled Initialization Vectors IVs. This...

7.5CVSS5.4AI score0.00245EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/06/04 12:0 a.m.11 views

Acer M6E 安全漏洞

The Acer M6E is a portable 5G mobile hotspot device from Acer, a company based in Taiwan, China. The Acer M6E has a security vulnerability. This vulnerability arises from the use of static zero-padding initialization vectors when encrypting data using AES-CBC encryption. This can lead to replay...

7.5CVSS5.3AI score0.00245EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/03 1:35 p.m.16 views

CVE-2024-47263

An improper limitation of a pathname to a restricted directory 'Path Traversal' vulnerability in Backup.Repository webapi component in Synology Hyper Backup before 4.1.2-4036 allows remote authenticated users with administrator privileges to write specific files containing non-sensitive informati...

4.1CVSS5.8AI score0.00297EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/03 12:0 a.m.25 views

PT-2026-45931

An improper limitation of a pathname to a restricted directory 'Path Traversal' vulnerability in Backup Task functionality in Synology Hyper Backup before 4.1.2-4036 allows remote authenticated users to write specific files via unspecified vectors...

4.3CVSS5.8AI score0.00277EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/05/29 1:16 a.m.9 views

SUSE CVE-2026-46141

In the Linux kernel, the following vulnerability has been resolved: powerpc/xive: fix kmemleak caused by incorrect chipdata lookup The kmemleak reports the following memory leak: Unreferenced object 0xc0000002a7fbc640 size 64: comm "kworker/8:1", pid 540, jiffies 4294937872 hex dump first 32 byte...

5.5CVSS5.8AI score0.00121EPSS
Exploits0References3
OSV
OSV
added 2026/05/28 10:16 a.m.8 views

UBUNTU-CVE-2026-46141

In the Linux kernel, the following vulnerability has been resolved: powerpc/xive: fix kmemleak caused by incorrect chipdata lookup The kmemleak reports the following memory leak: Unreferenced object 0xc0000002a7fbc640 size 64: comm "kworker/8:1", pid 540, jiffies 4294937872 hex dump first 32 byte...

5.5CVSS5.7AI score0.00121EPSS
Exploits0References6
Rows per page
Query Builder