Lucene search
K

10 matches found

NVD
NVD
added 5 days ago5 views

CVE-2026-7874

IBM Langflow OSS 1.0.0 through 1.10.0 Langflow could allow disclosure of all stored credentials due to the use of a weak and reversible key derivation mechanism for encryption at rest...

9.1CVSS0.00164EPSS
Exploits0References1
EUVD
EUVD
added 5 days ago6 views

EUVD-2026-40380

IBM Langflow OSS 1.0.0 through 1.10.0 Langflow could allow disclosure of all stored credentials due to the use of a weak and reversible key derivation mechanism for encryption at rest...

9.1CVSS5.8AI score0.00164EPSS
Exploits0References1
Cvelist
Cvelist
added 5 days ago35 views

CVE-2026-7874 Weak Cryptographic Key Derivation Exposed All Stored Credentials

IBM Langflow OSS 1.0.0 through 1.10.0 Langflow could allow disclosure of all stored credentials due to the use of a weak and reversible key derivation mechanism for encryption at rest...

9.1CVSS0.00164EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 5 days ago7 views

PT-2026-53950

Name of the Vulnerable Software and Affected Versions IBM Langflow OSS versions 1.0.0 through 1.10.0 Description Langflow uses a weak and reversible key derivation mechanism for encryption at rest, which could lead to the disclosure of all stored credentials. Recommendations At the moment, there ...

9.1CVSS5.9AI score0.00164EPSS
Exploits0References5
IBM Security Bulletins
IBM Security Bulletins
added 6 days ago4 views

Security Bulletin: Weak Cryptographic Key Derivation Exposed All Stored Credentials

Summary A critical vulnerability in the credential encryption system allowed attackers to decrypt all stored API keys, database passwords, and OAuth tokens. The system used Python's non-cryptographic Mersenne Twister PRNG seeded with the SECRETKEY to derive Fernet encryption keys for credentials...

9.1CVSS5.8AI score0.00164EPSS
Exploits0Affected Software1
GithubExploit
GithubExploit
added 2026/03/23 3:22 p.m.149 views

Exploit for CVE-2024-51346

CVE-2024-51346: Cryptographic Bypass and Media Decryption in E...

5.8AI score0.00123EPSS
Exploits1
CNNVD
CNNVD
added 2026/01/13 12:0 a.m.4 views

Jervis 加密问题漏洞

Jervis is an automation tool from the individual developer Sam Gleske. A cryptographic issue vulnerability exists in versions prior to Jervis 2.2 that stems from the SHA-256 and derived salt values from a passphrase, resulting in the same key being generated for the same passphrase...

8.7CVSS5.8AI score0.00116EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/10/24 12:0 a.m.4 views

PT-2023-29866 · Cryptoes · Cryptoes

Name of the Vulnerable Software and Affected Versions: CryptoES versions prior to 2.1.0 Description: The CryptoES PBKDF2 is weaker than originally specified and current industry standards due to defaulting to SHA1 and a single iteration. This weakness can lead to high-impact issues if used for...

9.1CVSS9.3AI score0.00446EPSS
Exploits1References8
Snyk
Snyk
added 2020/01/22 8:33 a.m.1 views

Insecure Encryption

Overview parsel is a library that allows you to encrypt and decrypt data with a given key. Affected versions of this package are vulnerable to Insecure Encryption. It contains a weak key derivation function, in which a key of arbitrary length is run through one round of SHA256 to gain key materia...

7CVSS7.1AI score
Exploits0References4
Snyk
Snyk
added 2020/01/22 8:33 a.m.2 views

Insecure Encryption

Overview parsel is a gem to encrypt and decrypt data with a given key. Affected versions of this package are vulnerable to Insecure Encryption. It contains a weak key derivation function, in which a key of arbitrary length is run through one round of SHA256 to gain key material of the correct...

7CVSS7AI score
Exploits0References4
Rows per page
Query Builder