Exploit for Incorrect Resource Transfer Between Spheres in Linux Linux_Kernel

copy-fail CVE-2026-31431 Copy Fail – a C language PoC,...

Debian dla-4518 : php-seclib - security update

The remote Debian 11 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-4518 advisory. - ----------------------------------------------------------------------- Debian LTS Advisory DLA-4518-1 [email protected]...

[SECURITY] [DSA 6187-1] php-phpseclib3 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6187-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff March 29, 2026 https://www.debian.org/security/faq -...

[SECURITY] [DSA 6186-1] php-phpseclib security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6186-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff March 29, 2026 https://www.debian.org/security/faq -...

[SECURITY] [DSA 6185-1] phpseclib security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6185-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff March 29, 2026 https://www.debian.org/security/faq -...

Debian dsa-6186 : php-phpseclib - security update

The remote Debian 12 / 13 host has a package installed that is affected by multiple vulnerabilities as referenced in the dsa-6186 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6186-1 [email protected]...

Debian dsa-6185 : php-seclib - security update

The remote Debian 12 / 13 host has a package installed that is affected by multiple vulnerabilities as referenced in the dsa-6185 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6185-1 [email protected]...

Debian dsa-6187 : php-phpseclib3 - security update

The remote Debian 12 / 13 host has a package installed that is affected by multiple vulnerabilities as referenced in the dsa-6187 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6187-1 [email protected]...

CVE-2019-25651 Ubiquiti UniFi Devices Use of AES-CBC Allows Key Recovery and Unauthorized Device Control

Ubiquiti UniFi Network Controller prior to 5.10.12 excluding 5.6.42, UAP FW prior to 4.0.6, UAP-AC, UAP-AC v2, and UAP-AC Outdoor FW prior to 3.8.17, USW FW prior to 4.0.6, USG FW prior to 4.4.34 uses AES-CBC encryption for device-to-controller communication, which contains cryptographic weakness...

Timing Attack

Overview phpseclib/phpseclib is a PHP Secure Communications Library - Pure-PHP implementations of RSA, AES, SSH2, SFTP, X.509 etc. Affected versions of this package are vulnerable to Timing Attack via the AES algorithm in CBC mode. An attacker can recover sensitive information by exploiting timin...

UBUNTU-CVE-2026-32935

phpseclib is a PHP secure communications library. Projects using versions 0.1.1 through 1.0.26, 2.0.0 through 2.0.51, and 3.0.0 through 3.0.49 are vulnerable to a to padding oracle timing attack when using AES in CBC mode. This issue has been fixed in versions 1.0.27, 2.0.52 and 3.0.50...

CVE-2026-32935 phpseclib's AES-CBC unpadding susceptible to padding oracle timing attack

phpseclib is a PHP secure communications library. Projects using versions 0.1.1 through 1.0.26, 2.0.0 through 2.0.51, and 3.0.0 through 3.0.49 are vulnerable to a to padding oracle timing attack when using AES in CBC mode. This issue has been fixed in versions 1.0.27, 2.0.52 and 3.0.50...

phpseclib 安全漏洞

phpseclib is an open-source PHP security communication library developed by phpseclib. Versions of phpseclib starting from 1.0.26, 2.0.0 to 2.0.51, and 3.0.0 to 3.0.49 contain security vulnerabilities. These vulnerabilities stem from a timing attack that occurs when using the AES CBC mode...

phpseclib's AES-CBC unpadding susceptible to padding oracle timing attack

Impact Those using AES in CBC mode may be susceptible to a padding oracle timing attack. Patches https://github.com/phpseclib/phpseclib/commit/ccc21aef71eb170e9bf819b167e67d1fd9e6e788 Workarounds Use AES in CTR, CFB or OFB modes References...

GHSA-94G3-G5V7-Q4JG phpseclib's AES-CBC unpadding susceptible to padding oracle timing attack

Impact Those using AES in CBC mode may be susceptible to a padding oracle timing attack. Patches https://github.com/phpseclib/phpseclib/commit/ccc21aef71eb170e9bf819b167e67d1fd9e6e788 Workarounds Use AES in CTR, CFB or OFB modes References...

PT-2026-26464

Name of the Vulnerable Software and Affected Versions phpseclib versions 1.0.26 and below phpseclib versions 2.0.0 through 2.0.51 phpseclib versions 3.0.0 through 3.0.49 Description phpseclib is a PHP secure communications library. Projects utilizing the affected versions are susceptible to a...

Improper Validation of Array Index

Overview Affected versions of this package are vulnerable to Improper Validation of Array Index via the DecryptBytes function. An attacker can cause the process or goroutine to crash by sending a crafted AES-CBC encrypted assertion with a plaintext of all zero bytes, which triggers a panic due to...

Improper Validation of Array Index

Overview Affected versions of this package are vulnerable to Improper Validation of Array Index via the DecryptBytes function. An attacker can cause the process or goroutine to crash by sending a crafted AES-CBC encrypted assertion with a plaintext of all zero bytes, which triggers a panic due to...

CVE-2025-68931

Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, AES/CBC/PKCS5Padding lacks authentication, making it vulnerable to padding oracle attacks and ciphertext manipulation. This vulnerability is fixed in 2.2...

CVE-2025-68931 Jervis has AES CBC Mode Without Authentication

Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, AES/CBC/PKCS5Padding lacks authentication, making it vulnerable to padding oracle attacks and ciphertext manipulation. This vulnerability is fixed in 2.2...