24h | 7d | 30d

Overview

  • Pending

14 Mar 2022
Published
07 Oct 2024
Updated

CVSS
Pending
EPSS
0.52%

KEV

Description

The Rambus SafeZone Basic Crypto Module before 10.4.0, as used in certain Fujifilm (formerly Fuji Xerox) devices before 2022-03-01, Canon imagePROGRAF and imageRUNNER devices through 2022-03-14, and potentially many other devices, generates RSA keys that can be broken with Fermat's factorization method. This allows efficient calculation of private RSA keys from the public key of a TLS certificate.

Statistics

  • 1 Post

Last activity: 1 hour ago

Fediverse

Profile picture

요즘 스레드에 RSA-2048을 해독했다는 양반이 있어서 글을 처음부터 끝까지 정독했다.

그리고 코드 없이 개념적으로 가능한지 따져봄. 이 사람의 주장은 너무 중구난방이라 깔끔하게 한줄로 요약하면 이렇다.

"d = | q - p | 의 d(거리)가 0에 수렴할수록 RSA가 깨질 가능성이 높아진다."

그리고 이건 얼추 사실은 맞음.

거리가 가까워질수록 Fermat's Factorization를 이용한 공격이 가능해지고, 이와 관련된 공식 취약점 CVE (예: CVE-2022-26320)도 존재한다.

참고로 어려운게 아니라 고등과정 곱셈 공식 중 하나다.

RSA-2048에서는 사실상 불가능하고, RSA-256 수준에선 가능할 수 있다. (RSA-2048은 특정 조건 만족시 가능)

RSA-2048을 풀었다고 주장하시는 분이 올린 코드를 봤을 때, 그냥 q를 저장해놓고 n mod q 먹여서 0이 되는지 확인하고 p를 유도하는 것임.

그냥 답지가지고 장난치는거라 생각하면 된다.

  • 0
  • 0
  • 0
  • 1h ago

Overview

  • UTT
  • 进取 520W

11 Jan 2026
Published
11 Jan 2026
Updated

CVSS v4.0
HIGH (8.7)
EPSS
0.04%

KEV

Description

A security vulnerability has been detected in UTT 进取 520W 1.7.7-180627. Affected by this vulnerability is the function strcpy of the file /goform/formConfigNoticeConfig. The manipulation of the argument timestart leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Statistics

  • 1 Post

Last activity: 9 hours ago

Fediverse

Profile picture

🟠 CVE-2026-0840 - High (8.8)

A security vulnerability has been detected in UTT 进取 520W 1.7.7-180627. Affected by this vulnerability is the function strcpy of the file /goform/formConfigNoticeConfig. The manipulation of the argument timestart leads to buffer overflow. It i...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 9h ago

Overview

  • UTT
  • 进取 520W

11 Jan 2026
Published
11 Jan 2026
Updated

CVSS v4.0
HIGH (8.7)
EPSS
0.04%

KEV

Description

A vulnerability was detected in UTT 进取 520W 1.7.7-180627. Affected by this issue is the function strcpy of the file /goform/formPictureUrl. The manipulation of the argument importpictureurl results in buffer overflow. It is possible to launch the attack remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Statistics

  • 1 Post

Last activity: 7 hours ago

Fediverse

Profile picture

🟠 CVE-2026-0841 - High (8.8)

A vulnerability was detected in UTT 进取 520W 1.7.7-180627. Affected by this issue is the function strcpy of the file /goform/formPictureUrl. The manipulation of the argument importpictureurl results in buffer overflow. It is possible to launch ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 7h ago

Overview

  • libsodium
  • libsodium

31 Dec 2025
Published
07 Jan 2026
Updated

CVSS v3.1
MEDIUM (4.5)
EPSS
0.02%

KEV

Description

libsodium before ad3004e, in atypical use cases involving certain custom cryptography or untrusted data to crypto_core_ed25519_is_valid_point, mishandles checks for whether an elliptic curve point is valid because it sometimes allows points that aren't in the main cryptographic group.

Statistics

  • 2 Posts

Last activity: 4 hours ago

Bluesky

Profile picture
🚨 CVE-2025-69277 Alert: Critical flaw in libsodium crypto library (MAGEIA-2026-0004). Memory corruption issue affecting Mageia Linux. Patch to v1.0.20-2 immediately. Read more: 👉 tinyurl.com/y9ndyvea #Mageia #Security
  • 0
  • 0
  • 0
  • 20h ago
Profile picture
🚨 CVE-2025-69277: Critical libsodium validation flaw impacts #Fedora42. Affects Ed25519 sig verification. Data integrity & disclosure risk. Read more: 👉 tinyurl.com/3nypjx8s #Security
  • 0
  • 0
  • 0
  • 4h ago

Overview

  • pdfminer
  • pdfminer.six

10 Nov 2025
Published
08 Jan 2026
Updated

CVSS v3.1
HIGH (8.6)
EPSS
0.04%

KEV

Description

Pdfminer.six is a community maintained fork of the original PDFMiner, a tool for extracting information from PDF documents. Prior to version 20251107, pdfminer.six will execute arbitrary code from a malicious pickle file if provided with a malicious PDF file. The `CMapDB._load_data()` function in pdfminer.six uses `pickle.loads()` to deserialize pickle files. These pickle files are supposed to be part of the pdfminer.six distribution stored in the `cmap/` directory, but a malicious PDF can specify an alternative directory and filename as long as the filename ends in `.pickle.gz`. A malicious, zipped pickle file can then contain code which will automatically execute when the PDF is processed. Version 20251107 fixes the issue.

Statistics

  • 1 Post

Last activity: 4 hours ago

Bluesky

Profile picture
URGENT: #Fedora 42 issues patch for critical CVE-2025-64512 in python-pdfminer. PDF parsing flaw allows arbitrary code execution. Read more: 👉 tinyurl.com/2z5amenv #Security
  • 0
  • 0
  • 0
  • 4h ago

Overview

  • curl
  • curl

08 Jan 2026
Published
08 Jan 2026
Updated

CVSS
Pending
EPSS
0.03%

KEV

Description

When doing TLS related transfers with reused easy or multi handles and altering the `CURLSSLOPT_NO_PARTIALCHAIN` option, libcurl could accidentally reuse a CA store cached in memory for which the partial chain option was reversed. Contrary to the user's wishes and expectations. This could make libcurl find and accept a trust chain that it otherwise would not.

Statistics

  • 1 Post

Last activity: 21 hours ago

Bluesky

Profile picture
🚨 CRITICAL: #Mageia 9 cURL security patches address 4 CVEs including OpenSSL bypass (CVE-2025-14819) and bearer token leaks. Read more: 👉 tinyurl.com/347psaa3 #Security
  • 0
  • 0
  • 0
  • 21h ago

Overview

  • UTT
  • 进取 520W

11 Jan 2026
Published
11 Jan 2026
Updated

CVSS v4.0
HIGH (8.7)
EPSS
0.04%

KEV

Description

A weakness has been identified in UTT 进取 520W 1.7.7-180627. Affected is the function strcpy of the file /goform/APSecurity. Executing a manipulation of the argument wepkey1 can lead to buffer overflow. The attack may be performed from remote. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

Statistics

  • 1 Post

Last activity: 10 hours ago

Fediverse

Profile picture

🟠 CVE-2026-0839 - High (8.8)

A weakness has been identified in UTT 进取 520W 1.7.7-180627. Affected is the function strcpy of the file /goform/APSecurity. Executing a manipulation of the argument wepkey1 can lead to buffer overflow. The attack may be performed from remote. ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 10h ago

Overview

  • expr-lang
  • expr

16 Dec 2025
Published
16 Dec 2025
Updated

CVSS v3.1
HIGH (7.5)
EPSS
0.07%

KEV

Description

Expr is an expression language and expression evaluation for Go. Prior to version 1.17.7, several builtin functions in Expr, including `flatten`, `min`, `max`, `mean`, and `median`, perform recursive traversal over user-provided data structures without enforcing a maximum recursion depth. If the evaluation environment contains deeply nested or cyclic data structures, these functions may recurse indefinitely until exceed the Go runtime stack limit. This results in a stack overflow panic, causing the host application to crash. While exploitability depends on whether an attacker can influence or inject cyclic or pathologically deep data into the evaluation environment, this behavior represents a denial-of-service (DoS) risk and affects overall library robustness. Instead of returning a recoverable evaluation error, the process may terminate unexpectedly. In affected versions, evaluation of expressions that invoke certain builtin functions on untrusted or insufficiently validated data structures can lead to a process-level crash due to stack exhaustion. This issue is most relevant in scenarios where Expr is used to evaluate expressions against externally supplied or dynamically constructed environments; cyclic references (directly or indirectly) can be introduced into arrays, maps, or structs; and there are no application-level safeguards preventing deeply nested input data. In typical use cases with controlled, acyclic data, the issue may not manifest. However, when present, the resulting panic can be used to reliably crash the application, constituting a denial of service. The issue has been fixed in the v1.17.7 versions of Expr. The patch introduces a maximum recursion depth limit for affected builtin functions. When this limit is exceeded, evaluation aborts gracefully and returns a descriptive error instead of panicking. Additionally, the maximum depth can be customized by users via `builtin.MaxDepth`, allowing applications with legitimate deep structures to raise the limit in a controlled manner. Users are strongly encouraged to upgrade to the patched release, which includes both the recursion guard and comprehensive test coverage to prevent regressions. For users who cannot immediately upgrade, some mitigations are recommended. Ensure that evaluation environments cannot contain cyclic references, validate or sanitize externally supplied data structures before passing them to Expr, and/or wrap expression evaluation with panic recovery to prevent a full process crash (as a last-resort defensive measure). These workarounds reduce risk but do not fully eliminate the issue without the patch.

Statistics

  • 1 Post

Last activity: 19 hours ago

Bluesky

Profile picture
🚨 Security Advisory: openSUSE Tumbleweed has released a patch for CoreDNS (CVE-2025-68156). Rated MODERATE. Read more: 👉 tinyurl.com/3vmrajpr #Security #OpenSUSE
  • 0
  • 0
  • 0
  • 19h ago

Overview

  • UTT
  • 进取 520W

11 Jan 2026
Published
11 Jan 2026
Updated

CVSS v4.0
HIGH (8.7)
EPSS
0.04%

KEV

Description

A security flaw has been discovered in UTT 进取 520W 1.7.7-180627. This impacts the function strcpy of the file /goform/ConfigWirelessBase. Performing a manipulation of the argument ssid results in buffer overflow. The attack is possible to be carried out remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

Statistics

  • 1 Post

Last activity: 10 hours ago

Fediverse

Profile picture

🟠 CVE-2026-0838 - High (8.8)

A security flaw has been discovered in UTT 进取 520W 1.7.7-180627. This impacts the function strcpy of the file /goform/ConfigWirelessBase. Performing a manipulation of the argument ssid results in buffer overflow. The attack is possible to be c...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 10h ago

Overview

  • aio-libs
  • aiohttp

05 Jan 2026
Published
06 Jan 2026
Updated

CVSS v3.1
HIGH (7.5)
EPSS
0.05%

KEV

Description

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below allow a zip bomb to be used to execute a DoS against the AIOHTTP server. An attacker may be able to send a compressed request that when decompressed by AIOHTTP could exhaust the host's memory. This issue is fixed in version 3.13.3.

Statistics

  • 1 Post

Last activity: 5 hours ago

Bluesky

Profile picture
URGENT: #openSUSE Tumbleweed advisory patches 8 CVEs in python311-aiohttp (CVE-2025-69223 to 69230). Read more: 👉 tinyurl.com/4usce7hw #Security
  • 0
  • 0
  • 0
  • 5h ago
Showing 11 to 20 of 27 CVEs