PT-2026-30317

Name of the Vulnerable Software and Affected Versions Widgets for Social Photo Feed plugin for WordPress versions up to and including 1.7.9 Description The Widgets for Social Photo Feed plugin for WordPress is susceptible to Stored Cross-Site Scripting through the feed data parameter keys due to...

Missing Cryptographic Key Commitment

aws-sdk-s3 is vulnerable to Missing Cryptographic Key Commitment. The vulnerability is due to improper validation of encrypted data keys when stored in instruction files instead of S3 metadata, which allows an attacker with write access to the S3 bucket to introduce a malicious EDK that decrypts ...

Missing Cryptographic Key Commitment

aws/aws-sdk-php is vulnerable to missing cryptographic key commitment. The vulnerability is due to improper handling of encrypted data keys when stored in instruction files instead of S3 metadata, which allows an attacker with write access to the S3 bucket to introduce a malicious EDK that decryp...

Missing Cryptographic Key Commitment

github.com/aws/amazon-s3-encryption-client-go is vulnerable to missing cryptographic key commitment. The vulnerability is due to improper validation of encrypted data keys when stored in instruction files instead of metadata, which allows an attacker with write access to the S3 bucket to introduc...

EUVD-2025-203939

Amazon S3 Encryption Client for .NET has a Key Commitment Issue...

Linux Distros Unpatched Vulnerability : CVE-2025-14761

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Missing cryptographic key commitment in the AWS SDK for PHP may allow a user with write access to the S3 bucket to introduce a new EDK that decrypts to differen...

Use of a Broken or Risky Cryptographic Algorithm

Overview Affected versions of this package are vulnerable to Use of a Broken or Risky Cryptographic Algorithm due to missing cryptographic key commitment when storing encrypted data keys in an instruction file. An attacker with write access to the S3 bucket can manipulate encrypted data keys to...

Use of a Broken or Risky Cryptographic Algorithm

Overview Affected versions of this package are vulnerable to Use of a Broken or Risky Cryptographic Algorithm due to missing cryptographic key commitment when storing encrypted data keys in an instruction file. An attacker with write access to the S3 bucket can manipulate encrypted data keys to...

Use of a Broken or Risky Cryptographic Algorithm

Overview Affected versions of this package are vulnerable to Use of a Broken or Risky Cryptographic Algorithm due to missing cryptographic key commitment when storing encrypted data keys in an instruction file. An attacker with write access to the S3 bucket can manipulate encrypted data keys to...

Use of a Broken or Risky Cryptographic Algorithm

Overview Affected versions of this package are vulnerable to Use of a Broken or Risky Cryptographic Algorithm when storing encrypted data keys in an instruction file. An attacker with write access to the S3 bucket can manipulate encrypted data keys to cause decryption to unintended plaintext by...

Use of a Broken or Risky Cryptographic Algorithm

Overview Affected versions of this package are vulnerable to Use of a Broken or Risky Cryptographic Algorithm when storing encrypted data keys in an instruction file. An attacker with write access to the S3 bucket can manipulate encrypted data keys to cause decryption to unintended plaintext by...

Use of a Broken or Risky Cryptographic Algorithm

Overview Affected versions of this package are vulnerable to Use of a Broken or Risky Cryptographic Algorithm due to missing cryptographic key commitment when storing encrypted data keys in an instruction file. An attacker with write access to the S3 bucket can manipulate encrypted data keys to...

CVE-2025-14760

Missing cryptographic key commitment in the AWS SDK for C++ may allow a user with write access to the S3 bucket to introduce a new EDK that decrypts to different plaintext when the encrypted data key is stored in an "instruction file" instead of S3's metadata record. To mitigate this issue, upgra...

Hacker Selling Alleged Samsung Medison Data Stolen In 3rd Party Breach

Hacker using the alias 888, claims to be selling Samsung Medison data taken through a third party breach, including internal files, keys and user info...

PT-2022-26043 · Unknown · Deep-Object-Diff

Name of the Vulnerable Software and Affected Versions: deep-object-diff versions 1.1.0 through 1.1.5 Description: The issue allows an external attacker to edit or add new properties to an object because the application does not properly validate incoming JSON keys, thus allowing the proto propert...

CVE-2022-32998

The cryptoasset-data-downloader package in PyPI v1.0.0 to v1.0.1 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges...

CVE-2022-32998

The cryptoasset-data-downloader package in PyPI v1.0.0 to v1.0.1 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges...

CVE-2022-34053

The DR-Web-Engine package in PyPI v0.2.0b0 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges...

GHSA-H45P-W933-JXH3 Improper Verification of Cryptographic Signature in aws-encryption-sdk-javascript

Impact This advisory addresses several LOW severity issues with streaming signed messages and restricting processing of certain types of invalid messages. This ESDK supports a streaming mode where callers may stream the plaintext of signed messages before the ECDSA signature is validated. In...

GHSA-89V2-G37M-G3FF Improper Verification of Cryptographic Signature in aws-encryption-sdk-cli

Impact This advisory addresses several LOW severity issues with streaming signed messages and restricting processing of certain types of invalid messages. This ESDK supports a streaming mode where callers may stream the plaintext of signed messages before the ECDSA signature is validated. In...