Lucene search
K

131 matches found

NVD
NVD
added 2026/06/30 8:17 p.m.6 views

CVE-2026-7874

IBM Langflow OSS 1.0.0 through 1.10.0 Langflow could allow disclosure of all stored credentials due to the use of a weak and reversible key derivation mechanism for encryption at rest...

9.1CVSS0.00164EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/30 7:11 p.m.7 views

EUVD-2026-40380

IBM Langflow OSS 1.0.0 through 1.10.0 Langflow could allow disclosure of all stored credentials due to the use of a weak and reversible key derivation mechanism for encryption at rest...

9.1CVSS5.8AI score0.00164EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/30 7:11 p.m.44 views

CVE-2026-7874 Weak Cryptographic Key Derivation Exposed All Stored Credentials

IBM Langflow OSS 1.0.0 through 1.10.0 Langflow could allow disclosure of all stored credentials due to the use of a weak and reversible key derivation mechanism for encryption at rest...

9.1CVSS0.00164EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/30 7:11 p.m.6 views

CVE-2026-7874

IBM Langflow OSS 1.0.0 through 1.10.0 Langflow could allow disclosure of all stored credentials due to the use of a weak and reversible key derivation mechanism for encryption at rest...

9.1CVSS5.8AI score0.00164EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.12 views

PT-2026-53950

Name of the Vulnerable Software and Affected Versions IBM Langflow OSS versions 1.0.0 through 1.10.0 Description Langflow uses a weak and reversible key derivation mechanism for encryption at rest, which could lead to the disclosure of all stored credentials. Recommendations At the moment, there ...

9.1CVSS5.9AI score0.00164EPSS
Exploits0References5
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/29 8:14 p.m.4 views

Security Bulletin: Weak Cryptographic Key Derivation Exposed All Stored Credentials

Summary A critical vulnerability in the credential encryption system allowed attackers to decrypt all stored API keys, database passwords, and OAuth tokens. The system used Python's non-cryptographic Mersenne Twister PRNG seeded with the SECRETKEY to derive Fernet encryption keys for credentials...

9.1CVSS5.8AI score0.00164EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/05 7:15 p.m.11 views

CVE-2026-28747

A weak key generation vulnerability exists in specific firmware versions of Milesight AIOT cameras allows authorization to be bypassed...

7.3CVSS5.4AI score0.00177EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/20 12:0 a.m.10 views

WordPress plugin Account Switcher 授权问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

8.8CVSS5.8AI score0.00385EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.11 views

Note Mark 加密问题漏洞

Note Mark is a web-based Markdown note-taking application developed by Leo Spratt. Versions of Note Mark prior to 0.19.4 contained a security vulnerability related to encryption. This vulnerability stemmed from the JWTSECRET configuration value not having a mandatory minimum length or entropy,...

10CVSS5.8AI score0.00124EPSS
Exploits0References2
NVD
NVD
added 2026/04/27 11:16 p.m.10 views

CVE-2026-28747

A weak key generation vulnerability exists in specific firmware versions of Milesight AIOT cameras allows authorization to be bypassed...

7.3CVSS0.00177EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/27 10:44 p.m.29 views

CVE-2026-28747 Milesight Cameras Authorization Bypass Through User-Controlled Key

A weak key generation vulnerability exists in specific firmware versions of Milesight AIOT cameras allows authorization to be bypassed...

7.3CVSS0.00177EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/04/27 10:44 p.m.5 views

CVE-2026-28747

A weak key generation vulnerability exists in specific firmware versions of Milesight AIOT cameras allows authorization to be bypassed...

7.3CVSS5.2AI score0.00177EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/04/27 10:44 p.m.6 views

CVE-2026-28747 Milesight Cameras Authorization Bypass Through User-Controlled Key

A weak key generation vulnerability exists in specific firmware versions of Milesight AIOT cameras allows authorization to be bypassed...

7.3CVSS5.2AI score0.00177EPSS
Exploits0References3
CVE
CVE
added 2026/04/27 10:44 p.m.12 views

CVE-2026-28747

CVE-2026-28747 : A weak key generation vulnerability exists in specific firmware versions of Milesight AIOT cameras that allows authorization to be bypassed. Affected product is Milesight AIOT cameras; root cause is weak key generation in firmware. Impact is high on confidentiality, integrity, an...

7.3CVSS5.2AI score0.00177EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/27 10:44 p.m.8 views

EUVD-2026-25929

A weak key generation vulnerability exists in specific firmware versions of Milesight AIOT cameras allows authorization to be bypassed...

7.3CVSS5.2AI score0.00177EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/27 12:0 a.m.7 views

PT-2026-35538

Name of the Vulnerable Software and Affected Versions Milesight AIOT cameras affected versions not specified Description A weak key generation issue allows authorization to be bypassed. Recommendations At the moment, there is no information about a newer version that contains a fix for this...

7.3CVSS5.4AI score0.00177EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/04/22 12:0 a.m.22 views

PT-2026-36652

Name of the Vulnerable Software and Affected Versions Gitea affected versions not specified Description The built-in SSH server uses default configurations that advertise weak or broken key exchange, MAC, and host key algorithms. Specifically, the server supports the ecdh-sha2-nistp256,...

6.3CVSS5.8AI score
Exploits0References5
GithubExploit
GithubExploit
added 2026/03/23 3:22 p.m.154 views

Exploit for CVE-2024-51346

CVE-2024-51346: Cryptographic Bypass and Media Decryption in E...

5.8AI score0.00123EPSS
Exploits1
Snyk
Snyk
added 2026/03/20 8:49 p.m.3 views

Inadequate Encryption Strength

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Inadequate Encryption Strength due to the use of weak cryptographic key generation in the createKeys function. An attacker can gain unauthorized access to protecte...

9.2CVSS5.8AI score0.00251EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/02/12 12:0 a.m.6 views

PT-2026-7886

Name of the Vulnerable Software and Affected Versions Element Server Suite Community Edition ESS Community versions prior to 25.12.1 Description The Element Server Suite Community Edition ESS Community Helm Chart contains a flaw in its secrets initialization hook, specifically within the...

9.2CVSS5.4AI score0.00278EPSS
Exploits0References8
Rows per page
Query Builder