25112 matches found
GHSA-69R9-QGR7-G2WJ Apache Tomcat Missing Encryption of Sensitive Data vulnerability
Missing Encryption of Sensitive Data vulnerability in Apache Tomcat due to the fix for CVE-2026-29146 allowing the bypass of the EncryptInterceptor. This issue affects Apache Tomcat: 11.0.20, 10.1.53, 9.0.116. Users are recommended to upgrade to version 11.0.21, 10.1.54 or 9.0.117, which fix the...
Apache Tomcat Missing Encryption of Sensitive Data vulnerability
Missing Encryption of Sensitive Data vulnerability in Apache Tomcat due to the fix for CVE-2026-29146 allowing the bypass of the EncryptInterceptor. This issue affects Apache Tomcat: 11.0.20, 10.1.53, 9.0.116. Users are recommended to upgrade to version 11.0.21, 10.1.54 or 9.0.117, which fix the...
UBUNTU-CVE-2026-5446
In wolfSSL, ARIA-GCM cipher suites used in TLS 1.2 and DTLS 1.2 reuse an identical 12-byte GCM nonce for every application-data record. Because wcAriaEncrypt is stateless and passes the caller-supplied IV verbatim to the MagicCrypto SDK with no internal counter, and because the explicit IV is...
CVE-2026-34486
Missing Encryption of Sensitive Data vulnerability in Apache Tomcat due to the fix for CVE-2026-29146 allowing the bypass of the EncryptInterceptor. This issue affects Apache Tomcat: 11.0.20, 10.1.53, 9.0.116. Users are recommended to upgrade to version 11.0.21, 10.1.54 or 9.0.117, which fix the...
UBUNTU-CVE-2026-34486
Missing Encryption of Sensitive Data vulnerability in Apache Tomcat due to the fix for CVE-2026-29146 allowing the bypass of the EncryptInterceptor. This issue affects Apache Tomcat: 11.0.20, 10.1.53, 9.0.116. Users are recommended to upgrade to version 11.0.21, 10.1.54 or 9.0.117, which fix the...
CVE-2026-34486
CVE-2026-34486 is a Tomcat Tribes EncryptInterceptor regression: when decryption fails, the code path previously moved super.messageReceived(msg) outside the try block, causing raw serialized bytes to bypass encryption and reach deserialization, enabling unauthenticated RCE via Java deserializati...
CVE-2026-34486
Missing Encryption of Sensitive Data vulnerability in Apache Tomcat due to the fix for CVE-2026-29146 allowing the bypass of the EncryptInterceptor. This issue affects Apache Tomcat: 11.0.20, 10.1.53, 9.0.116. Users are recommended to upgrade to version 11.0.21, 10.1.54 or 9.0.117, which fix the...
CVE-2026-34486 Apache Tomcat: Fix for CVE-2026-29146 allowed bypass of EncryptInterceptor
Missing Encryption of Sensitive Data vulnerability in Apache Tomcat due to the fix for CVE-2026-29146 allowing the bypass of the EncryptInterceptor. This issue affects Apache Tomcat: 11.0.20, 10.1.53, 9.0.116. Users are recommended to upgrade to version 11.0.21, 10.1.54 or 9.0.117, which fix the...
CVE-2026-34486
Missing Encryption of Sensitive Data vulnerability in Apache Tomcat due to the fix for CVE-2026-29146 allowing the bypass of the EncryptInterceptor. This issue affects Apache Tomcat: 11.0.20, 10.1.53, 9.0.116. Users are recommended to upgrade to version 11.0.21, 10.1.54 or 9.0.117, which fix the...
Use of Hard-coded Cryptographic Key
Overview Affected versions of this package are vulnerable to Use of Hard-coded Cryptographic Key in the remember-me cookie encryption key and salt. An attacker can obtain full user credentials by stealing a cookie from a logged-in user if the default encryption key has not been changed. Remediati...
EUVD-2026-20936
Use of Hard-coded Cryptographic Key vulnerability in Apache OpenMeetings. The remember-me cookie encryption key is set to default value in openmeetings.properties and not being auto-rotated. In case OM admin hasn't changed the default encryption key, an attacker who has stolen a cookie from a...
CVE-2026-33266
Use of Hard-coded Cryptographic Key vulnerability in Apache OpenMeetings. The remember-me cookie encryption key is set to default value in openmeetings.properties and not being auto-rotated. In case OM admin hasn't changed the default encryption key, an attacker who has stolen a cookie from a...
CVE-2026-33266 Apache OpenMeetings: Hardcoded Remember-Me Cookie Encryption Key and Salt
Use of Hard-coded Cryptographic Key vulnerability in Apache OpenMeetings. The remember-me cookie encryption key is set to default value in openmeetings.properties and not being auto-rotated. In case OM admin hasn't changed the default encryption key, an attacker who has stolen a cookie from a...
CVE-2026-33266
CVE-2026-33266 : Apache OpenMeetings is affected by a hard-coded remember-me cookie encryption key in openmeetings.properties, not auto-rotated. If an admin does not change the default key, a cookie stolen from a logged-in user can expose full user credentials. Affected versions: 6.1.0 up to 9.0....
CVE-2026-33266 Apache OpenMeetings: Hardcoded Remember-Me Cookie Encryption Key and Salt
Use of Hard-coded Cryptographic Key vulnerability in Apache OpenMeetings. The remember-me cookie encryption key is set to default value in openmeetings.properties and not being auto-rotated. In case OM admin hasn't changed the default encryption key, an attacker who has stolen a cookie from a...
12 Best Practices for Securing AWS Cloud in 2026
Key Takeaways Securing AWS cloud in 2026 depends on continuous, risk-based governance rather than isolated tools or one-time checks. Most cloud security incidents stem from customer-side issues such as identity misuse, misconfigurations, and exposed workloads. Effective security for AWS cloud...
CLEANSTART-2026-TN07413 Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption (JWE), JSON Web Signature (JWS), and JSON Web To...
Multiple security vulnerabilities affect the terragrunt-fips package. Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption JWE, JSON Web Signature JWS, and JSON Web Token JWT standards. See references...
Apache Tomcat 安全漏洞
Apache Tomcat is a lightweight web application server developed by the Apache Foundation in the United States. It supports Servlet and JavaServer Page JSP technologies. Versions 11.0.20, 10.1.53, and 9.0.116 of Apache Tomcat contain security vulnerabilities. These vulnerabilities stem from the la...
Apache OpenMeetings 安全漏洞
Apache OpenMeetings is a multilingual, customizable video conferencing and collaboration system developed by the Apache Foundation in the United States. This product supports audio and video capabilities, and allows users to view the desktops of each participant. Prior to Apache OpenMeetings 9.0....
PT-2026-31813
Integer underflow in wolfSSL packet sniffer = 5.9.0 allows an attacker to cause a program crash in the AEAD decryption path by injecting a TLS record shorter than the explicit IV plus authentication tag into traffic inspected by ssl DecodePacket. The underflow wraps a 16-bit length to a large val...