CVE-2026-5363

Inadequate Encryption Strength vulnerability in TP-Link Archer C7 v5 and v5.8 uhttpd modules allows Password Recovery Exploitation. The web interface encrypts the admin password client-side using RSA-1024 before sending it to the router during login. An adjacent attacker with the ability to...

CVE-2026-5363

Inadequate Encryption Strength vulnerability in TP-Link Archer C7 v5 and v5.8 uhttpd modules allows Password Recovery Exploitation. The web interface encrypts the admin password client-side using RSA-1024 before sending it to the router during login. An adjacent attacker with the ability to...

CVE-2026-32318

Cryptomator for IOS offers multi-platform transparent client-side encryption for files in the cloud. Prior to version 2.8.3, an integrity check vulnerability allows an attacker tamper with the vault configuration file leading to a man-in-the-middle vulnerability in Hub key loading mechanism. Befo...

On Implementing Hybrid Post-Quantum End-To-End Encryption

The emergence of quantum computing poses a fundamental threat to current public key cryptographic systems. This threat is necessitating a transition to quantum resistant cryptographic alternatives in all the applications. In this work, we present the implementation of a practical hybrid end-to-en...

EUVD-2025-203939

Amazon S3 Encryption Client for .NET has a Key Commitment Issue...

CVE-2025-14761

The CVE-2025-14761 issue affects the AWS SDK for PHP S3 Encryption Client. When the encrypted data key (EDK) is stored in an Instruction File rather than S3 metadata, a lack of key commitment can allow a rogue EDK to decrypt the same ciphertext to different plaintext. Affected behavior is describ...

EUVD-2025-203941

Missing cryptographic key commitment in the AWS SDK for C++ may allow a user with write access to the S3 bucket to introduce a new EDK that decrypts to different plaintext when the encrypted data key is stored in an "instruction file" instead of S3's metadata record. To mitigate this issue, upgra...

Amazon S3 Encryption Client 安全漏洞

Amazon S3 Encryption Client is a client-side encryption library open-sourced by Amazon Web Services. A security vulnerability exists in Amazon S3 Encryption Client that stems from a lack of encryption key promises, which could cause a user with write access to an S3 storage bucket to introduce a...

EUVD-2002-2281

Malware in sbrugna...

EUVD-2022-5169

Malicious code in bioql PyPI...

CVE-2024-43382

Snowflake JDBC driver versions = 3.2.6 and = 3.19.1 have an Incorrect Security Setting that can result in data being uploaded to an encrypted stage without the additional layer of protection provided by client side encryption...

CVE-2025-46329

libsnowflakeclient is the Snowflake Connector for C/C++. Versions starting from 0.5.0 to before 2.2.0, are vulnerable to local logging of sensitive information. When the logging level was set to DEBUG, the Connector would log locally the client-side encryption master key of the target stage durin...

CVE-2025-46329 Snowflake Connector for C/C++ inserts client-side encryption key in DEBUG logs

libsnowflakeclient is the Snowflake Connector for C/C++. Versions starting from 0.5.0 to before 2.2.0, are vulnerable to local logging of sensitive information. When the logging level was set to DEBUG, the Connector would log locally the client-side encryption master key of the target stage durin...

CVE-2025-46329 Snowflake Connector for C/C++ inserts client-side encryption key in DEBUG logs

libsnowflakeclient is the Snowflake Connector for C/C++. Versions starting from 0.5.0 to before 2.2.0, are vulnerable to local logging of sensitive information. When the logging level was set to DEBUG, the Connector would log locally the client-side encryption master key of the target stage durin...

CVE-2025-46329

The CVE-2025-46329 issue affects libsnowflakeclient (Snowflake Connector for C/C++). Versions 0.5.0 through before 2.2.0 log locally the client-side encryption master key of the target stage when the logging level is DEBUG during GET/PUT operations. This could expose sensitive information in loca...

Enterprise Gmail Users Can Now Send End-to-End Encrypted Emails to Any Platform

On the 21st birthday of Gmail, Google has announced a major update that allows enterprise users to send end-to-end encrypted E2EE to any user in any email inbox in a few clicks. The feature is rolling out starting today in beta, allowing users to send E2EE emails to Gmail users within an...

Information Disclosure

net.snowflake, snowflake-jdbc is vulnerable to Information Disclosure. The vulnerability is due to improper logging practices due to the Driver logging the client-side encryption master key locally when the logging level is set to DEBUG during GET/PUT commands, allowing an attacker to retrieve th...

CVE-2025-27496 Snowflake JDBC Driver client-side encryption key in DEBUG logs

Snowflake, a platform for using artificial intelligence in the context of cloud computing, has a vulnerability in the Snowflake JDBC driver "Driver" in versions 3.0.13 through 3.23.0 of the driver. When the logging level was set to DEBUG, the Driver would log locally the client-side encryption...

CVE-2025-27496

Summary: CVE-2025-27496 affects Snowflake JDBC Driver versions 3.0.13–3.23.0. When logging level is DEBUG, the driver locally logs the client-side encryption master key of the target stage during GET/PUT, exposing a sensitive key through logs. The issue is not logged server-side and does not by i...

CVE-2025-27496 Snowflake JDBC Driver client-side encryption key in DEBUG logs

Snowflake, a platform for using artificial intelligence in the context of cloud computing, has a vulnerability in the Snowflake JDBC driver "Driver" in versions 3.0.13 through 3.23.0 of the driver. When the logging level was set to DEBUG, the Driver would log locally the client-side encryption...