CVE-2026-34986

CVE-2026-34986 affects the Go JOSE library. Prior to versions 4.1.4 and 3.0.5, decrypting a JWE object can cause a panic when the alg field indicates a key-wrapping algorithm (any ending with KW, except A128GCMKW/A192GCMKW/A256GCMKW) and encrypted_key is empty. The panic occurs in cipher.KeyUnwra...

Go JOSE 安全漏洞

Go JOSE is an implementation of the JOSE standard in Go, open sourced under the Go JOSE project. Versions prior to Go JOSE 4.1.4 and 3.0.5 contained security vulnerabilities. These vulnerabilities occurred when decrypting JSON Web Encryption objects. If the alg field indicated the key wrapping...

GHSA-78H2-9FRX-2JM8 Go JOSE Panics in JWE decryption

Impact Decrypting a JSON Web Encryption JWE object will panic if the alg field indicates a key wrapping algorithm one ending in KW, with the exception of A128GCMKW, A192GCMKW, and A256GCMKW and the encryptedkey field is empty. The panic happens when cipher.KeyUnwrap in keywrap.go attempts to...

Uncaught Exception

Overview Affected versions of this package are vulnerable to Uncaught Exception in the cipher.KeyUnwrap function when decrypting a JSON Web Encryption JWE object with a key wrapping algorithm ending in 'KW', except for 'A128GCMKW', 'A192GCMKW', and 'A256GCMKW' and the encryptedkey field is empty...

Go JOSE Panics in JWE decryption

Impact Decrypting a JSON Web Encryption JWE object will panic if the alg field indicates a key wrapping algorithm one ending in KW, with the exception of A128GCMKW, A192GCMKW, and A256GCMKW and the encryptedkey field is empty. The panic happens when cipher.KeyUnwrap in keywrap.go attempts to...

Linux Distros Unpatched Vulnerability : CVE-2026-23414

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - tls: Purge asynchold in tlsdecryptasyncwait The asynchold queue pins encrypted input skbs while the AEAD engine references their scatterlist data. Once...

Stackfield Desktop App 安全漏洞

The Stackfield Desktop App is a project management tool developed by the German company Stackfield. Versions of the Stackfield Desktop App prior to 1.10.2 contained security vulnerabilities. These vulnerabilities stemmed from specific decryption functions that allowed path traversal when handling...

CVE-2026-28373

The Stackfield Desktop App before 1.10.2 for macOS and Windows contains a path traversal vulnerability in certain decryption functionality when processing the filePath property. A malicious export can write arbitrary content to any path on the victim's filesystem...

ROS-20260403-73-0018

A vulnerability in the tlsdodecryption function net/tls/tlssw.c of the Linux kernel is related to the use of memory after it has been freed. Exploitation of the vulnerability allows an attacker acting remotely to increase his privileges...

CVE-2026-28373

CVE-2026-28373 affects Stackfield Desktop App for macOS and Windows prior to 1.10.2. The vulnerability is a path traversal in decryption processing of the filePath property, enabling a malicious export to write arbitrary content to any location on the victim’s filesystem. Impact is high (arbitrar...

CVE-2026-23414

In the Linux kernel, the following vulnerability has been resolved: tls: Purge asynchold in tlsdecryptasyncwait The asynchold queue pins encrypted input skbs while the AEAD engine references their scatterlist data. Once tlsdecryptasyncwait returns, every AEAD operation has completed and the engin...

CVE-2026-29143 S/MIME Decryption Impersonation

SEPPmail Secure Email Gateway before version 15.0.3 does not properly authenticate the inner message of S/MIME-encrypted MIME entities, allowing an attacker to control trusted headers...

CVE-2026-29138 PGP Decryption Sender LDAP Injection

SEPPmail Secure Email Gateway before version 15.0.3 allows attackers with a specially crafted email address to claim another user's PGP signature as their own...

CVE-2026-29131

SEPPmail Secure Email Gateway is affected for versions before 15.0.3. CVE-2026-29131 describes an issue where an attacker, by sending a specially crafted email address, can read the contents of emails encrypted for other users. This vulnerability impacts confidentiality. The available documents d...

CVE-2025-66442

A flaw was found in Mbed TLS and TF-PSA-Crypto. This vulnerability is a compiler-induced timing side channel that occurs when the LLVM compiler's select-optimize feature is enabled. A remote attacker could potentially exploit this timing difference during RSA and CBC/ECB decryption operations to...

EUVD-2025-209172

IBM Aspera Shares 1.9.9 through 1.11.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information...

EUVD-2025-209171

In Mbed TLS through 4.0.0, there is a compiler-induced timing side channel in RSA and CBC/ECB decryption that only occurs with LLVM's select-optimize feature. TF-PSA-Crypto through 1.0.0 is also affected...

CVE-2025-13916

IBM Aspera Shares 1.9.9 through 1.11.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information...

CVE-2025-13916 Multiple vulnerabilities have been addressed in IBM Aspera Shares

IBM Aspera Shares 1.9.9 through 1.11.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information...

CVE-2025-13916

IBM Aspera Shares is affected by CVE-2025-13916, where weaker-than-expected cryptographic algorithms could allow an attacker to decrypt highly sensitive information. The IBM security bulletin for version 1.11.1 notes this vulnerability (CVE-2025-13916) and lists the affected product as IBM Aspera...