CVE-2026-33361

Affected software: Meari IoT SDK image handling (libmrplayer.so) as used in CloudEdge 5.5.0 (build 220), Arenti 1.8.1 (build 220), and related white-label apps (≤ 1.8.x). Vulnerability detail: baby monitor ".jpgx3" files use reversible XOR over only the first 1024 bytes with a predictable key der...

CVE-2026-33361 Meari weak XOR obfuscation

In Meari IoT SDK image handling libmrplayer.so as observed in CloudEdge 5.5.0 build 220, Arenti 1.8.1 build 220, and related white-label apps = 1.8.x, baby monitor ".jpgx3" files use reversible XOR over only the first 1024 bytes with a predictable key derivation model...

CVE-2026-39411 LobeHub has an unauthenticated authentication bypass on `webapi` routes via forgeable `X-lobe-chat-auth` header

LobeHub is a work-and-lifestyle space to find, build, and collaborate with agent teammates that grow with you. Prior to 2.1.48, the webapi authentication layer trusts a client-controlled X-lobe-chat-auth header that is only XOR-obfuscated, not signed or otherwise authenticated. Because the XOR ke...

Multi‑Layer Encrypted Python Payload Loader AES‑GCM + XOR + Zlib

This Python script acts as a loader that decrypts and executes a protected Python payload using multiple cryptographic and obfuscation layers. The program first requests a password from the user and derives a 256‑bit encryption key using PBKDF2 with a fixed salt salt123. The encrypted payload is...

CVE-2022-3217

When logging in to a VBASE runtime project via Web-Remote, the product uses XOR with a static initial key to obfuscate login messages. An unauthenticated remote attacker with the ability to capture a login session can obtain the login credentials...

CVE-2022-3217

When logging in to a VBASE runtime project via Web-Remote, the product uses XOR with a static initial key to obfuscate login messages. An unauthenticated remote attacker with the ability to capture a login session can obtain the login credentials...

CVE-2021-27141

An issue was discovered on FiberHome HG6245D devices through RP2613. Credentials in /fhconf/umconfig.txt are obfuscated via XOR with the hardcoded j7aLyZ98sSd5HfSgGjMj8;Ss;d&^@$a2s0i3g key. The webs binary has details on how XOR is used...

[Azazel] Userland Anti-debugging & Anti-detection Rootkit

Azazel is a userland rootkit based off of the original LDPRELOAD technique from Jynx rootkit. It is more robust and has additional features, and focuses heavily around anti-debugging and anti-detection. Features Anti-debugging Avoids unhide, lsof, ps, ldd detection Hides files and directories Hid...