CVE-2026-39324

CVE-2026-39324 affects Rack::Session::Cookie. From 2.0.0 up to 2.1.1, decryption failures under secrets: allow cookies to be decoded by a default coder instead of being rejected, enabling an unauthenticated attacker to forge session data and potentially gain unauthorized access. Affected componen...

CVE-2026-39324 Rack::Session::Cookie secrets: decrypt failure fallback enables secretless session forgery and Marshal deserialization

Rack::Session is a session management implementation for Rack. From 2.0.0 to before 2.1.2, Rack::Session::Cookie incorrectly handles decryption failures when configured with secrets:. If cookie decryption fails, the implementation falls back to a default decoder instead of rejecting the cookie...

kernel: tls: wait for pending async decryptions if tls_strp_msg_hold fails

A vulnerability was found in tlsdecryptsg in net/tls/tlssw.c in networking subsystem in the Linux Kernel.In this flaw, If it fails to clone of the input skb to hold the reference to the memory it uses may lead a use-after-free...

EUVD-2013-1766

Malware in sbrugna...

EUVD-2025-19758

Malicious code in bioql PyPI...

EUVD-2023-2411

Malicious code in bioql PyPI...

EUVD-2023-59117

Malicious code in bioql PyPI...

CVE-2025-34091

Rejected reason: Neither filed by Chrome nor a valid security vulnerability...

CVE-2024-28864

SecureProps is a PHP library designed to simplify the encryption and decryption of property data in objects. A vulnerability in SecureProps version 1.2.0 and 1.2.1 involves a regex failing to detect tags during decryption of encrypted data. This occurs when the encrypted data has been encoded wit...

GHSA-R38M-44FW-H886 AEADs/ascon-aead: Plaintext exposed in decrypt_in_place_detached even on tag verification failure

Summary In decryptinplacedetached, the decrypted ciphertext which is the correct ciphertext is exposed even if the tag is incorrect. Details This is because in decryptinplace in asconcore.rs, tag verification causes an error to be returned with the plaintext contents still in buffer. The root cau...

CVE-2024-36913

Technical details about CVE-2024-36913 are not publicly provided in the supplied documents. Monitor for updates from vendors (Linux kernel, Debian, Amazon Linux, MSRC) for affected versions, impact, and fixes.

Decryption Failure

illuminate/encryption is vulnerable to a Decryption Failure. The vulnerability is due to improper handling of encrypted payloads in the Laravel Encrypter component, allowing attackers to craft an encrypted payload, which upon decryption returns false, possibly resulting in unintended behavior in ...

PT-2024-40153 · Laravel · Laravel Encrypter

Name of the Vulnerable Software and Affected Versions: Laravel Encrypter affected versions not specified Description: The issue affects the Laravel Encrypter component, potentially causing decryption failure and returning false. An attacker can exploit this by manipulating the encrypted payload...

PT-2024-40136 · Laravel · Laravel

Name of the Vulnerable Software and Affected Versions: Laravel affected versions not specified Description: The issue concerns a potential exploit of the Laravel Encrypter component. This exploit may cause the Encrypter to fail during decryption and unexpectedly return false. To exploit this, an...

Decryption Failure

ilicmiljan/secure-props is vulnerable to Decryption Failure. The vulnerability due to a regex which fails to detect tags during the decryption of encrypted data encoded with the NullEncoder and contains special characters such as \n. When this encrypted data is passed to the TagAwareCipher, the...

OESA-2024-1042 libssh security update

The ssh library was designed to be used by programmers needing a working SSH implementation by the mean of a library. The complete control of the client is made by the programmer. With libssh, you can remotely execute programs, transfer files, use a secure and transparent tunnel for your remote...

DEBIAN-CVE-2023-6918

A flaw was found in the libssh implements abstract layer for message digest MD operations implemented by different supported crypto backends. The return values from these were not properly checked, which could cause low-memory situations failures, NULL dereferences, crashes, or usage of the...

CVE-2023-6918 Libssh: missing checks for return values for digests

A flaw was found in the libssh implements abstract layer for message digest MD operations implemented by different supported crypto backends. The return values from these were not properly checked, which could cause low-memory situations failures, NULL dereferences, crashes, or usage of the...

SUSE CVE-2023-42811

aes-gcm is a pure Rust implementation of the AES-GCM. Starting in version 0.10.0 and prior to version 0.10.3, in the AES GCM implementation of decryptinplacedetached, the decrypted ciphertext i.e. the correct plaintext is exposed even if tag verification fails. If a program using the aes-gcm...

SUSE CVE-2013-1739

Mozilla Network Security Services NSS before 3.15.2 does not ensure that data structures are initialized before read operations, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a decryption failure...