WordPress plugin Account Switcher 授权问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

Note Mark 加密问题漏洞

Note Mark is a web-based Markdown note-taking application developed by Leo Spratt. Versions of Note Mark prior to 0.19.4 contained a security vulnerability related to encryption. This vulnerability stemmed from the JWTSECRET configuration value not having a mandatory minimum length or entropy,...

CVE-2026-28747

A weak key generation vulnerability exists in specific firmware versions of Milesight AIOT cameras allows authorization to be bypassed...

CVE-2026-28747

CVE-2026-28747 : A weak key generation vulnerability exists in specific firmware versions of Milesight AIOT cameras that allows authorization to be bypassed. Affected product is Milesight AIOT cameras; root cause is weak key generation in firmware. Impact is high on confidentiality, integrity, an...

CVE-2026-28747

A weak key generation vulnerability exists in specific firmware versions of Milesight AIOT cameras allows authorization to be bypassed...

EUVD-2026-25929

A weak key generation vulnerability exists in specific firmware versions of Milesight AIOT cameras allows authorization to be bypassed...

CVE-2026-28747 Milesight Cameras Authorization Bypass Through User-Controlled Key

A weak key generation vulnerability exists in specific firmware versions of Milesight AIOT cameras allows authorization to be bypassed...

CVE-2026-28747 Milesight Cameras Authorization Bypass Through User-Controlled Key

A weak key generation vulnerability exists in specific firmware versions of Milesight AIOT cameras allows authorization to be bypassed...

PT-2026-35538

Name of the Vulnerable Software and Affected Versions Milesight AIOT cameras affected versions not specified Description A weak key generation issue allows authorization to be bypassed. Recommendations At the moment, there is no information about a newer version that contains a fix for this...

PT-2026-36652

Name of the Vulnerable Software and Affected Versions Gitea affected versions not specified Description The built-in SSH server uses default configurations that advertise weak or broken key exchange, MAC, and host key algorithms. Specifically, the server supports the ecdh-sha2-nistp256,...

Exploit for CVE-2024-51346

CVE-2024-51346: Cryptographic Bypass and Media Decryption in E...

Inadequate Encryption Strength

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Inadequate Encryption Strength due to the use of weak cryptographic key generation in the createKeys function. An attacker can gain unauthorized access to protecte...

PT-2026-7886

Name of the Vulnerable Software and Affected Versions Element Server Suite Community Edition ESS Community versions prior to 25.12.1 Description The Element Server Suite Community Edition ESS Community Helm Chart contains a flaw in its secrets initialization hook, specifically within the...

CVE-2025-13399 Insecure Encryption in Communication with the Web Interface on TP-Link VX800v

A weakness in the web interface’s application layer encryption in VX800v v1.0 allows an adjacent attacker to brute force the weak AES key and decrypt intercepted traffic. Successful exploitation requires network proximity but no authentication, and may result in high impact to confidentiality,...

PT-2026-5319

A weakness in the web interface’s application layer encryption in VX800v v1.0 allows an adjacent attacker to brute force the weak AES key and decrypt intercepted traffic. Successful exploitation requires network proximity but no authentication, and may result in high impact to confidentiality,...

MiracleLinux 7 : java-1.8.0-openjdk-1.8.0.151-1.b12.el7 (AXSA:2017-2339:07)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2017-2339:07 advisory. Multiple flaws were discovered in the RMI and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to...

Jervis 加密问题漏洞

Jervis is an automation tool from the individual developer Sam Gleske. A cryptographic issue vulnerability exists in versions prior to Jervis 2.2 that stems from the SHA-256 and derived salt values from a passphrase, resulting in the same key being generated for the same passphrase...

CVE-2023-43637

Due to the implementation of "deriveVaultKey", prior to version 7.10, the generated vault key would always have the last 16 bytes predetermined to be "arfoobarfoobarfo". This issue happens because "deriveVaultKey" calls "retrieveCloudKey" which will always return "foobarfoobarfoobarfoobarfoobarfo...

CVE-2025-12770 New User Approve <= 3.0.9 - Unauthenticated Sensitive Information Disclosure via Type Juggling

The New User Approve plugin for WordPress is vulnerable to unauthorized data disclosure in all versions up to, and including, 3.0.9 due to insufficient API key validation using loose equality comparison. This makes it possible for unauthenticated attackers to retrieve personally identifiable...

PT-2025-45099

Name of the Vulnerable Software and Affected Versions The Events Calendar plugin for WordPress versions through 6.15.9 Description The Events Calendar plugin for WordPress has an information disclosure issue. The sysinfo REST endpoint performs a weak comparison between the provided key and the...