CVE-2026-2092

A flaw was found in Keycloak. Keycloak's Security Assertion Markup Language SAML broker endpoint does not properly validate encrypted assertions when the overall SAML response is not signed. An attacker with a valid signed SAML assertion can exploit this by crafting a malicious SAML response. Thi...

CVE-2026-2092 Keycloak-services: keycloak: unauthorized access via improper validation of encrypted saml assertions

A flaw was found in Keycloak. Keycloak's Security Assertion Markup Language SAML broker endpoint does not properly validate encrypted assertions when the overall SAML response is not signed. An attacker with a valid signed SAML assertion can exploit this by crafting a malicious SAML response. Thi...

CVE-2026-2092

Keycloak SAML broker endpoint vulnerability: encrypted SAML assertions are not properly validated when the overall SAML response is unsigned. An attacker with a valid signed SAML assertion can craft a malicious SAML response to inject an encrypted assertion for an arbitrary principal, leading to ...

Keycloak 安全漏洞

Keycloak is an open-source identity and access management solution developed by Keycloak. Keycloak has a security vulnerability, which stems from the SAML proxy endpoint failing to properly verify encrypted assertions. This vulnerability may lead to unauthorized access and information leakage...

PT-2026-25967

Name of the Vulnerable Software and Affected Versions Keycloak affected versions not specified Description A flaw exists in Keycloak’s Security Assertion Markup Language SAML broker endpoint. The endpoint does not properly validate encrypted assertions when the overall SAML response is not signed...

WordPress WPvivid 0.9.123 Payload Generator / Scanner

This Python script is a proof of concept tool designed to generate a crafted payload targeting the WPvivid Backup Migration plugin mechanism in WordPress. The script encrypts a JSON object containing file data using AES-CBC with a null key and IV, formats it according to the plugin's expected...

Oracle Linux 10 : nginx (ELSA-2026-4705)

The remote Oracle Linux 10 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-4705 advisory. 2:1.26.3-2.0.1 - Reference oracle-indexhtml within Requires Orabug: 33802044 2:1.26.3-2 - CVE-2026-1642 nginx: NGINX: Data injection via man-in-the-middle atta...

GHSA-WJ2J-QWCF-CFCC IncusOS has a LUKS encryption bypass due to insufficient TPM policy

The default configuration of systemd-cryptenroll as used by IncusOS through mkosi allows for an attacker with physical access to the machine to access the encrypted data without requiring any interaction by the system's owner or any tampering of Secure Boot state or kernel UKI boot image. That's...

CVE-2026-32600

xml-security is a library that implements XML signatures and encryption. Prior to versions 2.3.1 and 1.13.9, XML nodes encrypted with either aes-128-gcm, aes-192-gcm, or aes-256-gcm lack validation of the authentication tag length. An attacker can use this to brute-force an authentication tag,...

Embedded Malicious Code

Overview react-native-international-phone-number is an International mobile phone input component with mask for React Native Affected versions of this package are vulnerable to Embedded Malicious Code. The publishing pipeline of this package was compromised and a malicious version was released on...

PT-2026-25544

Name of the Vulnerable Software and Affected Versions Totolink A7100RU version 7.4cu.2313 b20191024 Description A weakness exists in the function setScheduleCfg of the file /cgi-bin/cstecgi.cgi. Manipulation of the mode argument can lead to operating system command injection. This attack can be...

Improper Validation of Integrity Check Value

Overview Affected versions of this package are vulnerable to Improper Validation of Integrity Check Value due to missing validation of the AES-GCM authentication tag on encrypted XML nodes. An attacker can decrypt sensitive data and forge arbitrary ciphertexts by brute-forcing the authentication...

simplesamlphp/xml-security: Missing AES-GCM Authentication Tag Validation on Encrypted Nodes Allows for Unauthorized Decryption

Summary XML nodes encrypted with either aes-128-gcm, aes-192-gcm, or aes-256-gcm lack validation of the authentication tag length. An attacker can use this to brute-force an authentication tag, recover the GHASH key, and decrypt the encrypted nodes. It also allows to forge arbitrary ciphertexts...

EUVD-2026-12094

xmlseclibs: Missing AES-GCM Authentication Tag Validation on Encrypted Nodes Allows for Unauthorized Decryption...

CVE-2026-32600 xml-security is Missing AES-GCM Authentication Tag Validation on Encrypted Nodes Allows for Unauthorized Decryption

xml-security is a library that implements XML signatures and encryption. Prior to versions 2.3.1 and 1.13.9, XML nodes encrypted with either aes-128-gcm, aes-192-gcm, or aes-256-gcm lack validation of the authentication tag length. An attacker can use this to brute-force an authentication tag,...

CVE-2026-32600 xml-security is Missing AES-GCM Authentication Tag Validation on Encrypted Nodes Allows for Unauthorized Decryption

xml-security is a library that implements XML signatures and encryption. Prior to versions 2.3.1 and 1.13.9, XML nodes encrypted with either aes-128-gcm, aes-192-gcm, or aes-256-gcm lack validation of the authentication tag length. An attacker can use this to brute-force an authentication tag,...

xml-security 安全漏洞

xml-security is an open-source library developed by SimpleSAMLphp. Versions prior to 2.3.1 and 1.13.9 of xml-security had security vulnerabilities. These vulnerabilities stemmed from the lack of authentication tag length validation for XML nodes encrypted using aes-128-gcm, aes-192-gcm, or...

EUVD-2019-19744

eWON Firmware versions 12.2 to 13.0 contain an authentication bypass vulnerability that allows attackers with minimal privileges to retrieve sensitive user data by exploiting the wsdReadForm endpoint. Attackers can send POST requests to /wrcgi.bin/wsdReadForm with base64-encoded partial credentia...

EUVD-2019-19738

Verypdf docPrint Pro 8.0 contains a structured exception handling buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized alphanumeric encoded payload in the User Password or Master Password fields. Attackers can craft a malicious payload with...

CVE-2019-25470

eWON Firmware versions 12.2 to 13.0 contain an authentication bypass vulnerability that allows attackers with minimal privileges to retrieve sensitive user data by exploiting the wsdReadForm endpoint. Attackers can send POST requests to /wrcgi.bin/wsdReadForm with base64-encoded partial credentia...