bouncycastle: BC-JAVA: GOSTCTR implementation unable to process more than 255 blocks correctly

A flaw was found in Legion of the Bouncy Castle Inc. BC-JAVA bcprov. The GOSTCTR implementation is unable to securely process more than 255 blocks of data due to keystream reuse. This issue allows an attacker to break the fundamental confidentiality of any data protected by the G3413CTRBlockCiphe...

CVE-2026-27898 Vaultwarden: Unauthorized Access via Partial Update API on Another User’s Cipher

Vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwardenrs. Prior to version 1.35.4, an authenticated regular user can specify another user’s cipherid and call "PUT /api/ciphers/id/partial" Even though the standard retrieval API correctly denies access...

PT-2021-4543 · Unknown +4 · Imagemagick +4

Name of the Vulnerable Software and Affected Versions: ImageMagick versions prior to 7.0.11 Description: A flaw was found in the TransformSignature function of ImageMagick, which could lead to a potential cipher leak when calculating signatures. This issue is related to the disclosure of...