Lucene search
K

1127 matches found

Cvelist
Cvelist
added 2025/12/22 3:27 a.m.24 views

CVE-2025-15016 Ragic|Enterprise Cloud Database - Hard-coded Cryptographic Key

Enterprise Cloud Database developed by Ragic has a Hard-coded Cryptographic Key vulnerability, allowing unauthenticated remote attackers to exploit the fixed key to generate verification information and log into the system as any user...

9.8CVSS0.0045EPSS
Exploits0References2
EUVD
EUVD
added 2025/12/22 3:27 a.m.4 views

EUVD-2025-204688

Enterprise Cloud Database developed by Ragic has a Hard-coded Cryptographic Key vulnerability, allowing unauthenticated remote attackers to exploit the fixed key to generate verification information and log into the system as any user...

9.8CVSS6.4AI score0.0045EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/12/22 12:32 a.m.31 views

CVE-2025-15005 CouchCMS reCAPTCHA config.example.php hard-coded key

A security flaw has been discovered in CouchCMS up to 2.4. Affected is an unknown function of the file couch/config.example.php of the component reCAPTCHA Handler. The manipulation of the argument KRECAPTCHASITEKEY/KRECAPTCHASECRETKEY results in use of hard-coded cryptographic key . It is possibl...

6.3CVSS0.00397EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2025/12/22 12:32 a.m.4 views

CVE-2025-15005 CouchCMS reCAPTCHA config.example.php hard-coded key

A security flaw has been discovered in CouchCMS up to 2.4. Affected is an unknown function of the file couch/config.example.php of the component reCAPTCHA Handler. The manipulation of the argument KRECAPTCHASITEKEY/KRECAPTCHASECRETKEY results in use of hard-coded cryptographic key . It is possibl...

6.3CVSS4.2AI score0.00397EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2025/12/22 12:0 a.m.7 views

PT-2025-52618

Name of the Vulnerable Software and Affected Versions CouchCMS versions up to 2.4 Description A security issue exists in CouchCMS related to the reCAPTCHA Handler component. The issue resides in an unknown function within the couch/config.example.php file. Manipulation of the arguments K RECAPTCH...

6.3CVSS6AI score0.00397EPSS
Exploits1References12
RedhatCVE
RedhatCVE
added 2025/12/18 8:37 p.m.8 views

CVE-2025-14759

Missing cryptographic key commitment in the Amazon S3 Encryption Client for .NET may allow a user with write access to the S3 bucket to introduce a new EDK that decrypts to different plaintext when the encrypted data key is stored in an "instruction file" instead of S3's metadata record. To...

6CVSS6.7AI score0.00094EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/18 8:37 p.m.4 views

CVE-2025-14760

Missing cryptographic key commitment in the AWS SDK for C++ may allow a user with write access to the S3 bucket to introduce a new EDK that decrypts to different plaintext when the encrypted data key is stored in an "instruction file" instead of S3's metadata record. To mitigate this issue, upgra...

6CVSS6.7AI score0.00141EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/18 3:47 p.m.7 views

EUVD-2025-203944

Amazon S3 Encryption Client for Java has a Key Commitment Issue...

6CVSS6.4AI score0.00103EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/12/18 3:22 p.m.5 views

CVE-2025-14762

A flaw was found in the AWS SDK for Ruby, an open-source client-side encryption library. A user with write access to an S3 Simple Storage Service bucket can exploit a missing cryptographic key commitment. This allows the introduction of a new Encrypted Data Key EDK that decrypts to different...

6CVSS6.3AI score0.00185EPSS
Exploits0References6
NVD
NVD
added 2025/12/17 9:15 p.m.5 views

CVE-2025-14764

Missing cryptographic key commitment in the Amazon S3 Encryption Client for Go may allow a user with write access to the S3 bucket to introduce a new EDK that decrypts to different plaintext when the encrypted data key is stored in an "instruction file" instead of S3's metadata record. To mitigat...

6CVSS0.00094EPSS
Exploits0References3
NVD
NVD
added 2025/12/17 9:15 p.m.13 views

CVE-2025-14762

Missing cryptographic key commitment in the AWS SDK for Ruby may allow a user with write access to the S3 bucket to introduce a new EDK that decrypts to different plaintext when the encrypted data key is stored in an "instruction file" instead of S3's metadata record. To mitigate this issue,...

6CVSS0.00185EPSS
Exploits0References3
OSV
OSV
added 2025/12/17 9:15 p.m.6 views

CVE-2025-14761

Missing cryptographic key commitment in the AWS SDK for PHP may allow a user with write access to the S3 bucket to introduce a new EDK that decrypts to different plaintext when the encrypted data key is stored in an "instruction file" instead of S3's metadata record. To mitigate this issue, upgra...

6CVSS6.7AI score
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/12/17 8:20 p.m.3 views

CVE-2025-14764

Missing cryptographic key commitment in the Amazon S3 Encryption Client for Go may allow a user with write access to the S3 bucket to introduce a new EDK that decrypts to different plaintext when the encrypted data key is stored in an "instruction file" instead of S3's metadata record. To mitigat...

6CVSS6.4AI score0.00094EPSS
Exploits0References3
CVE
CVE
added 2025/12/17 8:18 p.m.11 views

CVE-2025-14763

CVE-2025-14763 concerns the Amazon S3 Encryption Client for Java lacking key commitment when the encrypted data key (EDK) is stored in an Instruction File. This could let a user with write access to an S3 bucket introduce a rogue EDK and decrypt to different plaintext. The vulnerability is tied t...

6CVSS6.4AI score0.00103EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/12/17 8:15 p.m.1 views

CVE-2025-14762

Missing cryptographic key commitment in the AWS SDK for Ruby may allow a user with write access to the S3 bucket to introduce a new EDK that decrypts to different plaintext when the encrypted data key is stored in an "instruction file" instead of S3's metadata record. To mitigate this issue,...

6CVSS6.3AI score0.00185EPSS
Exploits0References3
CVE
CVE
added 2025/12/17 8:15 p.m.17 views

CVE-2025-14762

CVE-2025-14762 describes a missing cryptographic key commitment in the AWS SDK for Ruby that can allow a user with write access to an S3 bucket to introduce a new EDK and decrypt data to different plaintext when the encrypted data key is stored in an instruction file rather than in S3 metadata. T...

6CVSS6.3AI score0.00185EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/12/17 8:11 p.m.3 views

CVE-2025-14760

Missing cryptographic key commitment in the AWS SDK for C++ may allow a user with write access to the S3 bucket to introduce a new EDK that decrypts to different plaintext when the encrypted data key is stored in an "instruction file" instead of S3's metadata record. To mitigate this issue, upgra...

6CVSS6.4AI score0.00141EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/12/17 8:7 p.m.2 views

CVE-2025-14759

Missing cryptographic key commitment in the Amazon S3 Encryption Client for .NET may allow a user with write access to the S3 bucket to introduce a new EDK that decrypts to different plaintext when the encrypted data key is stored in an "instruction file" instead of S3's metadata record. To...

6CVSS6.4AI score0.00094EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/12/17 12:0 a.m.5 views

Amazon AWS SDK for PHP 安全漏洞

Amazon AWS SDK for PHP is a software development kit for Amazon Web Services based on the PHP platform from Amazon.com, USA. A security vulnerability exists in Amazon AWS SDK for PHP that stems from a lack of cryptographic key commitment, which could cause a user with write access to the S3 stora...

6CVSS6.5AI score0.00176EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/12/17 12:0 a.m.5 views

PT-2025-51884

Name of the Vulnerable Software and Affected Versions Amazon S3 Encryption Client for Java versions prior to 4.0.0 Description A missing cryptographic key commitment in the Amazon S3 Encryption Client for Java could allow a user with write access to an S3 bucket to introduce a new Encryption Data...

6CVSS6.3AI score0.00103EPSS
Exploits0References5
Rows per page
Query Builder