PT-2026-29124

Name of the Vulnerable Software and Affected Versions Botan versions 2.3.0 through 3.10.9 Description Botan is a C++ cryptography library. During SM2 decryption, the code that checks the authentication code value C3 does not verify the encoded value's length before comparison. This can lead to a...

NewStart CGSL MAIN 7.02 : tongsuo Vulnerability (NS-SA-2026-0039)

The remote NewStart CGSL host, running version MAIN 7.02, has tongsuo packages installed that are affected by a vulnerability: - Issue summary: An application trying to decrypt CMS messages encrypted using password based encryption can trigger an out-of-bounds read and write. Impact summary: This...

NewStart CGSL MAIN 7.02 : openssl Vulnerability (NS-SA-2026-0038)

The remote NewStart CGSL host, running version MAIN 7.02, has openssl packages installed that are affected by a vulnerability: - Issue summary: An application trying to decrypt CMS messages encrypted using password based encryption can trigger an out-of-bounds read and write. Impact summary: This...

CVE-2021-27328

Yeastar NeoGate TG400 91.3.0.3 devices are affected by Directory Traversal. An authenticated user can decrypt firmware and can read sensitive information, such as a password or decryption key...

PT-2026-36450

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the authencesn component of the crypto subsystem during out-of-place decryption where source and destination are different. The system unnecessarily saves high-order...

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS : CryptX vulnerabilities (USN-8128-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8128-1 advisory. It was discovered that CryptX did not verify authentication tags while performing GCM and ChaCha20-Poly1305 decryptio...

OpenClaw: Nostr inbound DMs could trigger unauthenticated crypto work before sender policy enforcement

Summary Nostr inbound DM handling could perform crypto and dispatch work before sender and pairing policy enforcement, enabling unauthorized pre-auth computation. Affected Packages / Versions - Package: openclaw npm - Affected: = 2026.3.22 - Latest released tag checked: v2026.3.23-2...

GHSA-65H8-27JH-Q8WV OpenClaw: Nostr inbound DMs could trigger unauthenticated crypto work before sender policy enforcement

Summary Nostr inbound DM handling could perform crypto and dispatch work before sender and pairing policy enforcement, enabling unauthorized pre-auth computation. Affected Packages / Versions - Package: openclaw npm - Affected: = 2026.3.22 - Latest released tag checked: v2026.3.23-2...

CVE-2026-32313

xmlseclibs is a library written in PHP for working with XML Encryption and Signatures. Prior to 3.1.5, XML nodes encrypted with either aes-128-gcm, aes-192-gcm, or aes-256-gcm lack validation of the authentication tag length. An attacker can use this to brute-force an authentication tag, recover...

CVE-2026-32614

Go ShangMi Commercial Cryptography Library GMSM is a cryptographic library that covers the Chinese commercial cryptographic public algorithms SM2/SM3/SM4/SM9/ZUC. Prior to 0.41.1, the current SM9 decryption implementation contains an infinity-point ciphertext forgery vulnerability. The root cause...

Inadequate Encryption Strength

github.com/cloudflare/gokey is vulnerable to Inadequate Encryption Strength. The vulnerability is due to flawed seed decryption logic that uses only limited entropy from the initialization vector and authentication tag, which allows an attacker with access to the seed file to derive generated...

CVE-2025-64647

IBM Concert 1.0.0 through 2.2.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information...

CVE-2025-64647 Multiple Vulnerabilities in IBM Concert Software

IBM Concert 1.0.0 through 2.2.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information...

CVE-2025-64647

IBM Concert 1.0.0 through 2.2.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information...

SUSE CVE-2026-32614

Go ShangMi Commercial Cryptography Library GMSM is a cryptographic library that covers the Chinese commercial cryptographic public algorithms SM2/SM3/SM4/SM9/ZUC. Prior to 0.41.1, the current SM9 decryption implementation contains an infinity-point ciphertext forgery vulnerability. The root cause...

PT-2026-28118

IBM Concert 1.0.0 through 2.2.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information...

Missing Cryptographic Key Commitment

github.com/aws/amazon-s3-encryption-client-go is vulnerable to missing cryptographic key commitment. The vulnerability is due to improper validation of encrypted data keys when stored in instruction files instead of metadata, which allows an attacker with write access to the S3 bucket to introduc...

EUVD-2025-208943

A hardcoded cryptographic key within the configuration mechanism on TP-Link Archer NX200, NX210, NX500 and NX600 enables decryption and re-encryption of device configuration data. An authenticated attacker may decrypt configuration files, modify them, and re-encrypt them, affecting the...

CVE-2026-33512

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the API plugin exposes a decryptString action without any authentication. Anyone can submit ciphertext and receive plaintext. Ciphertext is issued publicly e.g., view/url2Embed.json.php, so any user can recover...

CVE-2025-15605

A hardcoded cryptographic key within the configuration mechanism on TP-Link Archer NX200, NX210, NX500 and NX600 enables decryption and re-encryption of device configuration data. An authenticated attacker may decrypt configuration files, modify them, and re-encrypt them, affecting the...