Lucene search
+L

121 matches found

Cvelist
Cvelist
added 2026/03/13 7:58 p.m.33 views

CVE-2026-32600 xml-security is Missing AES-GCM Authentication Tag Validation on Encrypted Nodes Allows for Unauthorized Decryption

xml-security is a library that implements XML signatures and encryption. Prior to versions 2.3.1 and 1.13.9, XML nodes encrypted with either aes-128-gcm, aes-192-gcm, or aes-256-gcm lack validation of the authentication tag length. An attacker can use this to brute-force an authentication tag,...

8.2CVSS0.00148EPSS
Exploits1References3
OSV
OSV
added 2026/03/13 7:58 p.m.8 views

CVE-2026-32600 xml-security is Missing AES-GCM Authentication Tag Validation on Encrypted Nodes Allows for Unauthorized Decryption

xml-security is a library that implements XML signatures and encryption. Prior to versions 2.3.1 and 1.13.9, XML nodes encrypted with either aes-128-gcm, aes-192-gcm, or aes-256-gcm lack validation of the authentication tag length. An attacker can use this to brute-force an authentication tag,...

8.2CVSS6AI score0.00148EPSS
Exploits1References5
CVE
CVE
added 2026/03/13 7:58 p.m.32 views

CVE-2026-32600

XML-Security library (xml-security) is affected in versions prior to 2.3.1 and 1.13.9 where AES-GCM encrypted XML nodes do not validate the authentication tag length. This can allow an attacker to brute-force the authentication tag, recover the GHASH key, decrypt encrypted nodes, and forge cipher...

8.2CVSS5.9AI score0.00148EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/13 7:50 p.m.3 views

CVE-2026-32313 xmlseclibs is Missing AES-GCM Authentication Tag Validation on Encrypted Nodes Allows for Unauthorized Decryption

xmlseclibs is a library written in PHP for working with XML Encryption and Signatures. Prior to 3.1.5, XML nodes encrypted with either aes-128-gcm, aes-192-gcm, or aes-256-gcm lack validation of the authentication tag length. An attacker can use this to brute-force an authentication tag, recover...

8.2CVSS5.9AI score0.00152EPSS
Exploits1References3
CVE
CVE
added 2026/03/13 7:50 p.m.22 views

CVE-2026-32313

CVE-2026-32313 affects the PHP library xmlseclibs (XML Encryption/Signatures). Prior to version 3.1.5, nodes encrypted with AES-128/192/256-GCM lack validation of the authentication tag length, enabling an attacker to brute-force the tag, recover the GHASH key, and decrypt encrypted nodes. The vu...

8.2CVSS5.9AI score0.00152EPSS
Exploits1References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/13 7:50 p.m.2 views

CVE-2026-32313

xmlseclibs is a library written in PHP for working with XML Encryption and Signatures. Prior to 3.1.5, XML nodes encrypted with either aes-128-gcm, aes-192-gcm, or aes-256-gcm lack validation of the authentication tag length. An attacker can use this to brute-force an authentication tag, recover...

8.2CVSS5.9AI score0.00152EPSS
Exploits1References4Affected Software1
CNNVD
CNNVD
added 2026/03/13 12:0 a.m.10 views

xml-security 安全漏洞

xml-security is an open-source library developed by SimpleSAMLphp. Versions prior to 2.3.1 and 1.13.9 of xml-security had security vulnerabilities. These vulnerabilities stemmed from the lack of authentication tag length validation for XML nodes encrypted using aes-128-gcm, aes-192-gcm, or...

8.2CVSS5.9AI score0.00148EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/02/19 8:0 p.m.3 views

CVE-2026-2738

Buffer overflow in ovpn‑dco‑win version 2.8.0 allows local attackers to cause a system crash by sending too large packets to the remote peer when the AEAD tag appears at the end of the encrypted packet...

6.8CVSS5.6AI score0.00115EPSS
Exploits0References1
OSV
OSV
added 2026/01/27 4:1 p.m.9 views

CVE-2025-69418 Unauthenticated/unencrypted trailing bytes with low-level OCB function calls

Issue summary: When using the low-level OCB API directly with AES-NI orother hardware-accelerated code paths, inputs whose length is not a multipleof 16 bytes can leave the final partial block unencrypted and unauthenticated.Impact summary: The trailing 1-15 bytes of a message may be exposed...

4CVSS6.2AI score0.00115EPSS
Exploits1References9
OSV
OSV
added 2026/01/12 3:12 a.m.4 views

MAL-2026-230 Malicious code in passport-google-auth-token (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 50e78391289ff7e26ec937eb7519688992d2497e503ba4ca396d2c2a23b71235 The package passport-google-auth-token was found to contain malicious code. Source: ghsa-malware...

6.8AI score
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-29958

Malicious code in bioql PyPI...

3.7CVSS5AI score0.00362EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-41362

Malicious code in bioql PyPI...

8.6CVSS7.8AI score0.0071EPSS
Exploits1References9
Tenable Nessus
Tenable Nessus
added 2025/08/25 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2018-1000539

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Nov json-jwt version = 0.5.0 && = 0.5.0 && 1.9.4 contains a CWE-347: Improper Verification of Cryptographic Signature vulnerability in Decryption of AES-GCM...

5.3CVSS5.6AI score0.00777EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/18 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2023-37464

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenIDC/cjose is a C library implementing the Javascript Object Signing and Encryption JOSE. The AES GCM decryption routine incorrectly uses the Tag length from...

8.6CVSS7.1AI score0.0071EPSS
Exploits1References2
GithubExploit
GithubExploit
added 2025/08/12 3:22 p.m.99 views

Exploit for CVE-2025-54887

PoCCVE-2025-54887 This repository contains Proof-of-Concept...

9.1CVSS6.7AI score0.00244EPSS
Exploits1
SUSE CVE
SUSE CVE
added 2025/08/08 11:22 p.m.5 views

SUSE CVE-2025-54887

jwe is a Ruby implementation of the RFC 7516 JSON Web Encryption JWE standard. In versions 1.1.0 and below, authentication tags of encrypted JWEs can be brute forced, which may result in loss of confidentiality for those JWEs and provide ways to craft arbitrary JWEs. This puts users at risk becau...

9.1CVSS7.1AI score0.00244EPSS
Exploits1References3
OSV
OSV
added 2025/08/08 12:6 a.m.20 views

CVE-2025-54887 jwe: Missing AES-GCM authentication tag validation in encrypted JWEs

jwe is a Ruby implementation of the RFC 7516 JSON Web Encryption JWE standard. In versions 1.1.0 and below, authentication tags of encrypted JWEs can be brute forced, which may result in loss of confidentiality for those JWEs and provide ways to craft arbitrary JWEs. This puts users at risk becau...

9.1CVSS6.8AI score0.00244EPSS
Exploits1References4
Cvelist
Cvelist
added 2025/08/08 12:6 a.m.14 views

CVE-2025-54887 jwe: Missing AES-GCM authentication tag validation in encrypted JWEs

jwe is a Ruby implementation of the RFC 7516 JSON Web Encryption JWE standard. In versions 1.1.0 and below, authentication tags of encrypted JWEs can be brute forced, which may result in loss of confidentiality for those JWEs and provide ways to craft arbitrary JWEs. This puts users at risk becau...

9.1CVSS0.00244EPSS
Exploits1References2
CNNVD
CNNVD
added 2025/08/08 12:0 a.m.8 views

JWE 安全漏洞

JWE is a Ruby-based JSON Web encryption library from JSON Web Token open source. A security vulnerability exists in JWE 1.1.0 and earlier versions, which stems from the fact that the authentication tag that encrypts JWE can be brute-force broken, potentially resulting in a loss of confidentiality...

9.1CVSS6.7AI score0.00244EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2025/08/07 8:55 p.m.11 views

JWE is missing AES-GCM authentication tag validation in encrypted JWE

Overview The authentication tag of encrypted JWEs can be brute forced, which may result in loss of confidentiality for those JWEs and provide ways to craft arbitrary JWEs. Impact - JWEs can be modified to decrypt to an arbitrary value - JWEs can be decrypted by observing parsing differences - The...

9.1CVSS6.8AI score0.00244EPSS
Exploits1References5Affected Software1
Rows per page
Query Builder