Lucene search
K

1653 matches found

Nuclei
Nuclei
added yesterday26 views

DotNetNuke 9.2 - 9.2.2 - Weak Encryption & Cookie Deserialization

DNN DotNetNuke versions 9.2 through 9.2.2 use a weak encryption algorithm to protect input parameters because of an incomplete fix for CVE-2018-15811. This cryptographic weakness enables attackers to craft malicious DNNPersonalization cookies that can be deserialized, leading to remote code...

7.5CVSS7.3AI score0.74048EPSS
Exploits5References5
Nuclei
Nuclei
added yesterday24 views

DotNetNuke 9.2 - 9.2.1 - Weak Encryption & Cookie Deserialization

DNN DotNetNuke versions 9.2 through 9.2.1 use a weak encryption algorithm to protect input parameters. This cryptographic weakness enables attackers to craft malicious DNNPersonalization cookies that can be deserialized, leading to remote code execution. id: CVE-2018-15811 info: name: DotNetNuke...

7.5CVSS7.3AI score0.74048EPSS
Exploits4References4
NVD
NVD
added yesterday4 views

CVE-2026-14868

The encryption algorithm used to protect the configuration of user accounts, stored in the built-in user directory of PcVue projects, all versions prior to 17.0.0, is not strong enough for the level of protection required. A local attacker could alter the existing configuration and ultimately gai...

8.4CVSS0.00063EPSS
Exploits0References1
CVE
CVE
added yesterday10 views

CVE-2026-14868

The issue involves PcVue projects where the encryption protecting user account configurations in the built‑in user directory is too weak for prior versions (

8.4CVSS5.9AI score0.00063EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added yesterday3 views

CVE-2026-14868

The encryption algorithm used to protect the configuration of user accounts, stored in the built-in user directory of PcVue projects, all versions prior to 17.0.0, is not strong enough for the level of protection required. A local attacker could alter the existing configuration and ultimately gai...

8.4CVSS5.9AI score0.00063EPSS
Exploits0References2
Cvelist
Cvelist
added yesterday17 views

CVE-2026-14868 Weak encryption mechanism for User directory

The encryption algorithm used to protect the configuration of user accounts, stored in the built-in user directory of PcVue projects, all versions prior to 17.0.0, is not strong enough for the level of protection required. A local attacker could alter the existing configuration and ultimately gai...

8.4CVSS0.00063EPSS
Exploits0References1
CVE
CVE
added 2026/06/30 7:11 p.m.23 views

CVE-2026-7874

CVE-2026-7874 affects IBM Langflow OSS 1.0.0–1.10.0. The root cause is a weak and reversible key derivation mechanism used for at-rest encryption, which could allow an attacker to disclose all stored credentials (API keys, database passwords, OAuth tokens) if the encryption keys are compromised o...

9.1CVSS5.8AI score0.00164EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/06/05 11:16 a.m.11 views

CVE-2026-11347

The linqi application contains hardcoded cryptographic keys. Additionally, the application uses a weak algorithm with a limited ASCII charset to dynamically generate Initialization Vectors IVs for AES/CBC encryption, making known-plaintext attacks feasible. An attacker with local access can...

8.5CVSS0.00073EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/05 12:0 a.m.14 views

PT-2026-46913

The linqi application contains hardcoded cryptographic keys. Additionally, the application uses a weak algorithm with a limited ASCII charset to dynamically generate Initialization Vectors IVs for AES/CBC encryption, making known-plaintext attacks feasible. An attacker with local access can...

8.5CVSS5.5AI score0.00073EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/03 12:0 a.m.14 views

PT-2026-46052

Name of the Vulnerable Software and Affected Versions Securly Chrome Extension version 3.0.7 Description The software uses the EVP BytesToKey key derivation function with MD5 and a single iteration for AES encryption. MD5 is a cryptographic hash function that is no longer secure, and the use of a...

5.8AI score0.00163EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/05/28 8:12 a.m.14 views

CVE-2026-49000

An insecure password scheme refers to vulnerabilities arising from improper selection of encryption algorithms, inadequate key management, or flawed code implementation, which may lead to data leakage or tampering, such as hard-coded keys or the use of weak encryption algorithms...

7CVSS5.9AI score0.00121EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/27 3:38 a.m.15 views

EUVD-2026-32049

An insecure password scheme refers to vulnerabilities arising from improper selection of encryption algorithms, inadequate key management, or flawed code implementation, which may lead to data leakage or tampering, such as hard-coded keys or the use of weak encryption algorithms...

7CVSS5.9AI score0.00121EPSS
Exploits0References1
CVE
CVE
added 2026/05/27 3:38 a.m.25 views

CVE-2026-49000

Technical details (affected products, components, versions, exploit info) are not publicly available in the provided documents. Monitor for updates from NVD, the CVE List, and vendors.

7CVSS5.9AI score0.00121EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/27 3:38 a.m.13 views

CVE-2026-49000 Cryptography Implementation Flaw vulnerability in ZTE ZXUniPOS NDS-LTE product

An insecure password scheme refers to vulnerabilities arising from improper selection of encryption algorithms, inadequate key management, or flawed code implementation, which may lead to data leakage or tampering, such as hard-coded keys or the use of weak encryption algorithms...

7CVSS5.9AI score0.00121EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/27 3:38 a.m.10 views

CVE-2026-49000

An insecure password scheme refers to vulnerabilities arising from improper selection of encryption algorithms, inadequate key management, or flawed code implementation, which may lead to data leakage or tampering, such as hard-coded keys or the use of weak encryption algorithms...

7CVSS5.9AI score0.00121EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.16 views

PT-2026-43492

An insecure password scheme refers to vulnerabilities arising from improper selection of encryption algorithms, inadequate key management, or flawed code implementation, which may lead to data leakage or tampering, such as hard-coded keys or the use of weak encryption algorithms...

5.3CVSS5.9AI score0.00121EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.11 views

ZTE ZXUniPOS NDS-LTE 安全漏洞

ZTE ZXUniPOS NDS-LTE is an operator network positioning platform developed by ZTE Corporation. ZTE ZXUniPOS NDS-LTE has security vulnerabilities, which stem from unsafe password schemes. These include improper selection of encryption algorithms, inadequate key management, or defects in code...

7CVSS5.9AI score0.00121EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/10 8:20 p.m.13 views

CVE-2026-7807

SmarterTools SmarterMail builds prior to 9560 contain a local file inclusion vulnerability in the /api/v1/report/summary/type API endpoint that allows authenticated users to read arbitrary .json files on the system. Attackers can exploit this vulnerability combined with weak encryption algorithms...

8.8CVSS5.9AI score0.00296EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/08 7:54 p.m.17 views

CVE-2026-7807 SmarterTools SmarterMail < Build 9560 Server Local File Inclusion via the /api/v1/report/summary/{type} API

SmarterTools SmarterMail builds prior to 9560 contain a local file inclusion vulnerability in the /api/v1/report/summary/type API endpoint that allows authenticated users to read arbitrary .json files on the system. Attackers can exploit this vulnerability combined with weak encryption algorithms...

8.7CVSS5.9AI score0.00296EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.13 views

PT-2026-39193

Name of the Vulnerable Software and Affected Versions SmarterTools SmarterMail versions prior to 9560 Description An issue in the '/api/v1/report/summary/type' API endpoint allows authenticated users to perform local file inclusion, enabling the reading of arbitrary .json files on the system. Thi...

8.8CVSS5.9AI score0.00296EPSS
Exploits0References6
Rows per page
Query Builder