PT-2025-51880

Name of the Vulnerable Software and Affected Versions Amazon S3 Encryption Client for .NET versions prior to 3.2.0 Description A flaw exists in the Amazon S3 Encryption Client for .NET where a missing cryptographic key commitment could allow a user with write access to an S3 bucket to introduce a...

CVE-2025-67168

RiteCMS v3.1.0 is affected by CVE-2025-67168 due to insecure password storage via weak encryption. Multiple sources (NVD, Red Hat, EUVD, CNVD, OSV, CNVD) describe the issue consistently; root cause is insecure password encryption, with impact limited to confidentiality (C: Low) and no integrity/a...

python-jose 安全漏洞

python-jose is a JOSE implementation in Python by the individual developer Michael Davis. A security vulnerability exists in python-jose version 3.3.0, which stems from an attacker being able to construct malicious JSON Web Encryption tokens with extremely high compression rates, potentially...

Amazon S3 Encryption Client 安全漏洞

Amazon S3 Encryption Client is a client-side encryption library open-sourced by Amazon Web Services. A security vulnerability exists in Amazon S3 Encryption Client that stems from a lack of encryption key promises, which could cause a user with write access to an S3 storage bucket to introduce a...

CVE-2024-29371

In jose4j before 0.9.6, an attacker can cause a Denial-of-Service DoS condition by crafting a malicious JSON Web Encryption JWE token with an exceptionally high compression ratio. When this token is processed by the server, it results in significant memory allocation and processing time during...

CVE-2025-67168

RiteCMS v3.1.0 was discovered to use insecure encryption to store passwords...

AWS SDK for Ruby 安全漏洞

AWS SDK for Ruby is an open source developer toolkit for Ruby from Amazon Web Services. A security vulnerability exists in AWS SDK for Ruby that stems from a lack of cryptographic key promises, which could cause a user with write access to an S3 storage bucket to introduce a new EDK that decrypts...

Amazon AWS SDK for PHP 安全漏洞

Amazon AWS SDK for PHP is a software development kit for Amazon Web Services based on the PHP platform from Amazon.com, USA. A security vulnerability exists in Amazon AWS SDK for PHP that stems from a lack of cryptographic key commitment, which could cause a user with write access to the S3 stora...

Amazon S3 Encryption Client 安全漏洞

Amazon S3 Encryption Client is a client-side encryption library open-sourced by Amazon Web Services. A security vulnerability exists in Amazon S3 Encryption Client that stems from a lack of encryption key promises, which could cause a user with write access to an S3 storage bucket to introduce a...

CVE-2025-67168

RiteCMS v3.1.0 was discovered to use insecure encryption to store passwords...

PT-2025-51881

Name of the Vulnerable Software and Affected Versions AWS SDK for C++ versions prior to 1.11.712 Description A missing cryptographic key commitment in the AWS SDK for C++ could allow a user with write access to an S3 bucket to introduce a new encryption data key EDK that decrypts to different...

PT-2025-51885

Name of the Vulnerable Software and Affected Versions Amazon S3 Encryption Client for Go versions prior to 4.0 Description A missing cryptographic key commitment in the Amazon S3 Encryption Client for Go could allow a user with write access to an S3 bucket to introduce a new EDK Encrypted Data Ke...

RiteCMS 安全漏洞

RiteCMS is an open source content management system based on php and sqlite. An unspecified vulnerability exists in RiteCMS that stems from the use of insecure encryption to store passwords. No detailed vulnerability details are provided at this time...

Amazon S3 Encryption Client for .NET 安全漏洞

Amazon S3 Encryption Client for .NET is a client-side encryption library open-sourced by Amazon Web Services. A security vulnerability exists in Amazon S3 Encryption Client for .NET that stems from a lack of encryption key promises, which could cause a user with write access to an S3 storage buck...

PT-2025-51884

Name of the Vulnerable Software and Affected Versions Amazon S3 Encryption Client for Java versions prior to 4.0.0 Description A missing cryptographic key commitment in the Amazon S3 Encryption Client for Java could allow a user with write access to an S3 bucket to introduce a new Encryption Data...

PT-2025-51863

RiteCMS v3.1.0 was discovered to use insecure encryption to store passwords...

Security Bulletin: Multiple vulnerabilities in IBM watsonx Orchestrate Cartridge for IBM Cloud Pak for Data

Summary Multiple vulnerabilities were addressed in IBM watsonx Orchestrate Cartridge for IBM Cloud Pak for Data version 5.2.2 Vulnerability Details CVEID:CVE-2025-45767 DESCRIPTION: jose v6.0.10 was discovered to contain weak encryption. NOTE: this is disputed by a third party because the claim o...

ROS-20251216-7366

A vulnerability in the App-Bound Encryption component of Google Chrome and Microsoft Edge browsers is related to flaws in the implementation of security checks for standard elements. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to confidential informati...

CVE-2025-36751

Encryption is missing on the configuration interface for Growatt ShineLan-X and MIC 3300TL-X. This allows an attacker with access to the network to intercept and potentially manipulate communication requests between the inverter and its cloud endpoint...

SUSE SLES15 Security Update : openssl-3 (SUSE-SU-2025:03439-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:03439-1 advisory. - CVE-2025-9230: incorrect check of key size can lead to out-of-bounds read and write in RFC 3211 KEK unwrap bsc1250232. Tenable has...