CVE-2026-8878

Same vendor

• CVE-2026-8889 — Version 3.0.7 of the Securly Chrome Extension uses deprecated SHA-1 hashing for IWF CSAM URL matching (25,020 hashes) and CIPA blocklist ... (7.5 HIGH)
• CVE-2026-8888 — Version 3.0.7 of the Securly Chrome Extension downloads config.json over HTTP and compiles server-provided patterns as JavaScript regular... (7.5 HIGH)
• CVE-2026-8881 — Version 3.0.7 of the Securly Chrome Extension uses EVP_BytesToKey key derivation with MD5 and a single iteration for AES encryption (7.5 HIGH)
• CVE-2026-8879 — Version 3.0.7 of the Securly Chrome Extension dynamically registers content13.min.js as a content script via chrome.scripting.registerCon... (7.5 HIGH)
• CVE-2026-8876 — Version 3.0.7 of the Securly Chrome Extension contains hardcoded, plaintext AES passphrases in securly.min.js (7.3 HIGH)

Same CWE

• CVE-2026-41860 — CWE-326 in BOSH allows a local attacker to steal Basic-auth credentials or redirect UAA token requests via MITM (8.8 HIGH)
• CVE-2026-45787 — electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client (9.1 CRITICAL)
• CVE-2026-5363 — Inadequate Encryption Strength vulnerability in TP-Link Archer C7 v5 and v5.8 (uhttpd modules) allows Password Recovery Exploitation (8.8 HIGH)
• CVE-2024-28755 — An issue was discovered in Mbed TLS 3.5.x before 3.6.0 (6.5 MEDIUM)
• CVE-2020-7565 — A CWE-326: Inadequate Encryption Strength vulnerability exists in Modicon M221 (all references, all versions) that could allow the attack... (7.3 HIGH)