Lucene search
K

210 matches found

Snyk
Snyk
added 2026/05/21 9:49 p.m.13 views

Insecure Randomness

Overview Magick.NET-Q16-HDRI-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

6.3CVSS5.8AI score0.00229EPSS
Exploits0References3
OSV
OSV
added 2026/05/21 9:49 p.m.6 views

GHSA-QV2Q-C278-PCH5 ImageMagick: Information Disclosure in PasskeyEncipherImage via AES-CTR nonce reuse

The PasskeyEncipherImage method is vulnerable to information disclosure via AES-CTR nonce reuse. ImageMagick has update the documentation on its website to make it more clear that this is happening: https://imagemagick.org/cipher/...

3.7CVSS5.8AI score
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/05/14 9:16 p.m.13 views

CVE-2026-44662

rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.10.0 to before 0.10.79, CipherCtxRef::cipherupdate, CipherCtxRef::cipherupdatevec, and symm::Crypter::update incorrectly sized output buffers when used with AES key-wrap-with-padding ciphers EVPaes128,192,256wrappad...

5.1CVSS5.8AI score0.00172EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/07 10:33 p.m.10 views

rust-openssl vulnerable to heap buffer overflow when encrypting with AES key-wrap-with-padding

CipherCtxRef::cipherupdate, CipherCtxRef::cipherupdatevec, and symm::Crypter::update incorrectly sized output buffers when used with AES key-wrap-with-padding ciphers EVPaes128,192,256wrappad. For a non-multiple-of-8 input, OpenSSL writes up to 7 bytes past the end of the caller's buffer or Vec,...

5.1CVSS5.9AI score0.00172EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.11 views

PT-2026-38626

Name of the Vulnerable Software and Affected Versions rust-openssl versions 0.10.0 through 0.10.78 Description Incorrect output buffer sizing occurs when using AES key-wrap-with-padding ciphers EVP aes 128,192,256 wrap pad. For inputs that are not a multiple of 8, OpenSSL may write up to 7 bytes...

5.1CVSS5.8AI score0.00172EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/04/22 9:17 p.m.12 views

rust-openssl has incorrect bounds assertion in aes key wrap

Summary aes::unwrapkey has an incorrect bounds assertion on the out buffer size, which can lead to out-of-bounds write. Details aes::unwrapkey contains an incorrect assertion: it checks that out.len + 8 = in.len - 8, ensuring the output buffer is large enough. Because of the inverted check, the...

9.8CVSS6AI score0.00294EPSS
Exploits0References6Affected Software1
Filippo.io
Filippo.io
added 2026/04/20 3:21 p.m.9 views

Quantum Computers Are Not a Threat to 128-bit Symmetric Keys

The advancing threat of cryptographically-relevant quantum computers has made it urgent to replace currently-deployed asymmetric cryptography primitives—key exchange ECDH and digital signatures RSA, ECDSA, EdDSA—which are vulnerable to Shor’s quantum algorithm. It does not, however, impact existi...

6AI score
Exploits0
OSV
OSV
added 2026/04/14 1:10 p.m.7 views

JLSEC-2026-108 Deno's AES GCM authentication tags are not verified

Summary This affects AES-256-GCM and AES-128-GCM in Deno, introduced by commit 0d1beed. Specifically, the authentication tag is not being validated. This means tampered ciphertexts or incorrect keys might not be detected, which breaks the guarantees expected from AES-GCM. Older versions of Deno...

8.7CVSS5.7AI score0.0024EPSS
Exploits1References7
EUVD
EUVD
added 2026/04/08 12:30 a.m.4 views

EUVD-2026-19958

Issue summary: Applications using AES-CFB128 encryption or decryption on systems with AVX-512 and VAES support can trigger an out-of-bounds read of up to 15 bytes when processing partial cipher blocks. Impact summary: This out-of-bounds read may trigger a crash which leads to Denial of Service fo...

6AI score0.00313EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/04/07 11:27 p.m.3 views

SUSE CVE-2026-28386

Issue summary: Applications using AES-CFB128 encryption or decryption on systems with AVX-512 and VAES support can trigger an out-of-bounds read of up to 15 bytes when processing partial cipher blocks. Impact summary: This out-of-bounds read may trigger a crash which leads to Denial of Service fo...

9.1CVSS6AI score0.00313EPSS
Exploits0References3
Snyk
Snyk
added 2026/04/07 11:9 p.m.3 views

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read in the AES-CFB-128 process on x86-64 systems with AVX-512 and VAES support when processing partial cipher blocks. An attacker can cause a crash and application termination by providing input buffers that end at a memo...

9.1CVSS6AI score0.00313EPSS
Exploits0References2
CVE
CVE
added 2026/04/07 6:22 p.m.10 views

CVE-2026-39349

CVE-2026-39349 affects OrangeHRM Open Source versions 5.0 through 5.8, where certain sensitive fields were encrypted with AES in ECB mode, preserving block patterns and enabling potential pattern disclosure in stored data. The issue is fixed in 5.8.1. Details confirmed by the provided description...

2.7CVSS5.9AI score0.00112EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/07 12:0 a.m.7 views

PT-2026-30972

OrangeHRM is a comprehensive human resource management HRM system. From 5.0 to 5.8, OrangeHRM Open Source encrypts certain sensitive fields with AES in ECB mode, which preserves block-aligned plaintext patterns in ciphertext and enables pattern disclosure against stored data. This vulnerability i...

2.1CVSS5.9AI score0.00112EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/07 12:0 a.m.9 views

OrangeHRM 加密问题漏洞

OrangeHRM is a human resources management system developed by the American company OrangeHRM. This system supports functions such as personnel information management, leave management, attendance management, and recruitment management. Versions of OrangeHRM prior to 5.8 contained a security...

2.7CVSS5.8AI score0.00112EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/28 12:31 a.m.4 views

EUVD-2019-20041

Ubiquiti UniFi Network Controller prior to 5.10.12 excluding 5.6.42, UAP FW prior to 4.0.6, UAP-AC, UAP-AC v2, and UAP-AC Outdoor FW prior to 3.8.17, USW FW prior to 4.0.6, USG FW prior to 4.4.34 uses AES-CBC encryption for device-to-controller communication, which contains cryptographic weakness...

9CVSS5.8AI score0.0008EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/03/26 3:19 p.m.2 views

CVE-2025-67112

Use of a hard-coded AES-256-CBC key in the configuration backup/restore implementation of Small Cell Sercomm SCE4255W FreedomFi Englewood firmware before DG3934v3@2308041842 allows remote authenticated users to decrypt, modify, and re-encrypt device configurations, enabling credential manipulatio...

9.8CVSS5.8AI score0.00401EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/20 3:56 p.m.4 views

CVE-2026-32935

A flaw was found in phpseclib, a PHP secure communications library. When using Advanced Encryption Standard AES in Cipher Block Chaining CBC mode, a remote attacker can exploit a padding oracle timing attack. This vulnerability may allow the attacker to decrypt sensitive information by observing...

8.2CVSS5.8AI score0.00374EPSS
Exploits0References2
OSV
OSV
added 2026/03/20 3:16 a.m.2 views

UBUNTU-CVE-2026-32935

phpseclib is a PHP secure communications library. Projects using versions 0.1.1 through 1.0.26, 2.0.0 through 2.0.51, and 3.0.0 through 3.0.49 are vulnerable to a to padding oracle timing attack when using AES in CBC mode. This issue has been fixed in versions 1.0.27, 2.0.52 and 3.0.50...

8.2CVSS5.7AI score0.00374EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/03/20 2:48 a.m.10 views

CVE-2026-32935

phpseclib is a PHP secure communications library. Projects using versions 0.1.1 through 1.0.26, 2.0.0 through 2.0.51, and 3.0.0 through 3.0.49 are vulnerable to a to padding oracle timing attack when using AES in CBC mode. This issue has been fixed in versions 1.0.27, 2.0.52 and 3.0.50...

8.2CVSS5.7AI score0.00374EPSS
Exploits0References3Affected Software1
Debian CVE
Debian CVE
added 2026/03/20 2:48 a.m.5 views

CVE-2026-32935

phpseclib is a PHP secure communications library. Projects using versions 0.1.1 through 1.0.26, 2.0.0 through 2.0.51, and 3.0.0 through 3.0.49 are vulnerable to a to padding oracle timing attack when using AES in CBC mode. This issue has been fixed in versions 1.0.27, 2.0.52 and 3.0.50...

8.2CVSS5.7AI score0.00374EPSS
Exploits0
Rows per page
Query Builder