Lucene search
K

119 matches found

Debian CVE
Debian CVE
added 2026/04/06 4:22 p.m.5 views

CVE-2026-34986

Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption JWE, JSON Web Signature JWS, and JSON Web Token JWT standards. Prior to 4.1.4 and 3.0.5, decrypting a JSON Web Encryption JWE object will panic if t...

7.5CVSS6.2AI score0.00651EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2026/04/06 4:22 p.m.5 views

CVE-2026-34986

Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption JWE, JSON Web Signature JWS, and JSON Web Token JWT standards. Prior to 4.1.4 and 3.0.5, decrypting a JSON Web Encryption JWE object will panic if t...

7.5CVSS7.1AI score0.00651EPSS
Exploits0
Snyk
Snyk
added 2026/04/03 3:28 a.m.6 views

Uncaught Exception

Overview Affected versions of this package are vulnerable to Uncaught Exception in the cipher.KeyUnwrap function when decrypting a JSON Web Encryption JWE object with a key wrapping algorithm ending in 'KW', except for 'A128GCMKW', 'A192GCMKW', and 'A256GCMKW' and the encryptedkey field is empty...

8.7CVSS5.9AI score0.00651EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/03 3:28 a.m.3 views

Uncaught Exception

Overview Affected versions of this package are vulnerable to Uncaught Exception in the cipher.KeyUnwrap function when decrypting a JSON Web Encryption JWE object with a key wrapping algorithm ending in 'KW', except for 'A128GCMKW', 'A192GCMKW', and 'A256GCMKW' and the encryptedkey field is empty...

8.7CVSS5.9AI score0.00651EPSS
Exploits0References2
OSV
OSV
added 2026/04/03 3:28 a.m.2 views

GHSA-78H2-9FRX-2JM8 Go JOSE Panics in JWE decryption

Impact Decrypting a JSON Web Encryption JWE object will panic if the alg field indicates a key wrapping algorithm one ending in KW, with the exception of A128GCMKW, A192GCMKW, and A256GCMKW and the encryptedkey field is empty. The panic happens when cipher.KeyUnwrap in keywrap.go attempts to...

7.5CVSS6AI score0.00651EPSS
Exploits0References4
Snyk
Snyk
added 2026/04/03 3:28 a.m.3 views

Uncaught Exception

Overview Affected versions of this package are vulnerable to Uncaught Exception in the cipher.KeyUnwrap function when decrypting a JSON Web Encryption JWE object with a key wrapping algorithm ending in 'KW', except for 'A128GCMKW', 'A192GCMKW', and 'A256GCMKW' and the encryptedkey field is empty...

8.7CVSS5.9AI score0.00651EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/03 3:28 a.m.4 views

Uncaught Exception

Overview Affected versions of this package are vulnerable to Uncaught Exception in the cipher.KeyUnwrap function when decrypting a JSON Web Encryption JWE object with a key wrapping algorithm ending in 'KW', except for 'A128GCMKW', 'A192GCMKW', and 'A256GCMKW' and the encryptedkey field is empty...

8.7CVSS5.9AI score0.00651EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/03 3:28 a.m.1 views

Uncaught Exception

Overview Affected versions of this package are vulnerable to Uncaught Exception in the cipher.KeyUnwrap function when decrypting a JSON Web Encryption JWE object with a key wrapping algorithm ending in 'KW', except for 'A128GCMKW', 'A192GCMKW', and 'A256GCMKW' and the encryptedkey field is empty...

8.7CVSS5.9AI score0.00651EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/04/03 3:28 a.m.15 views

Go JOSE Panics in JWE decryption

Impact Decrypting a JSON Web Encryption JWE object will panic if the alg field indicates a key wrapping algorithm one ending in KW, with the exception of A128GCMKW, A192GCMKW, and A256GCMKW and the encryptedkey field is empty. The panic happens when cipher.KeyUnwrap in keywrap.go attempts to...

7.5CVSS6AI score0.00651EPSS
Exploits0References4Affected Software3
Snyk
Snyk
added 2026/04/03 3:28 a.m.3 views

Uncaught Exception

Overview Affected versions of this package are vulnerable to Uncaught Exception in the cipher.KeyUnwrap function when decrypting a JSON Web Encryption JWE object with a key wrapping algorithm ending in 'KW', except for 'A128GCMKW', 'A192GCMKW', and 'A256GCMKW' and the encryptedkey field is empty...

8.7CVSS5.9AI score0.00651EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/03 12:0 a.m.8 views

PT-2026-30011

Name of the Vulnerable Software and Affected Versions Go JOSE versions prior to 4.1.4 and versions prior to 3.0.5 Description Go JOSE, an implementation of the Javascript Object Signing and Encryption standards in Go, is susceptible to a denial of service. When decrypting a JSON Web Encryption JW...

9.8CVSS6.3AI score0.00651EPSS
Exploits0
OSV
OSV
added 2026/03/16 4:26 p.m.5 views

GHSA-WJ2J-QWCF-CFCC IncusOS has a LUKS encryption bypass due to insufficient TPM policy

The default configuration of systemd-cryptenroll as used by IncusOS through mkosi allows for an attacker with physical access to the machine to access the encrypted data without requiring any interaction by the system's owner or any tampering of Secure Boot state or kernel UKI boot image. That's...

7.6CVSS5.8AI score0.0014EPSS
Exploits0References7
CVE
CVE
added 2025/12/17 8:7 p.m.10 views

CVE-2025-14759

The CVE-2025-14759 issue affects the Amazon S3 Encryption Client for .NET. When the encrypted data key (EDK) is stored in an Instruction File instead of S3 metadata, missing cryptographic key commitment could allow a user with write access to the bucket to introduce a rogue EDK and decrypt to a d...

6CVSS6.4AI score0.00094EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2001-0378

Malware in sbrugna...

4.6CVSS6.4AI score0.00374EPSS
Exploits0References10
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-19096

Malware in sbrugna...

7.5CVSS7.6AI score0.00909EPSS
Exploits1References2
BDU FSTEC
BDU FSTEC
added 2025/05/12 12:0 a.m.7 views

The vulnerability of Ivanti Connect Secure and Ivanti Policy Secure, which control network access, stems from the use of a strictly encrypted cryptographic key. This allows attackers to gain unauthorized access to protected information.

The vulnerability of the Ivanti Connect Secure and Ivanti Policy Secure network access control tools lies in the use of a strictly encrypted cryptographic key. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected information...

6CVSS7.7AI score0.0031EPSS
Exploits0References3Affected Software2
BDU FSTEC
BDU FSTEC
added 2025/04/18 12:0 a.m.18 views

The vulnerability of the multi-platform SCADA system KROON-TM, related to the use of a rigidly encrypted cryptographic key for the SSL certificate, allows a intruder to gain unauthorized access to protected information.

The vulnerability of the multi-platform SCADA system KROON-TM is related to the use of a rigidly encrypted cryptographic key for the SSL certificate. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information...

10CVSS5.5AI score
Exploits0Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/04/10 12:0 a.m.5 views

The vulnerability of the Primo RPA Orchestrator module of the Primo RPA automation platform allows a intruder to gain unauthorized access to protected information.

The vulnerability of the Primo RPA Orchestrator module of the Primo RPA automation platform lies in the use of a strictly encrypted cryptographic key. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information...

6.8CVSS5.5AI score
Exploits0Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/03/15 12:0 a.m.5 views

The vulnerability of TP-Link Tapo C500 Wi-Fi cameras, which stems from the use of a rigidly encrypted cryptographic key, allows attackers to carry out “man-in-the-middle” attacks.

The vulnerability of TP-Link Tapo C500 Wi-Fi cameras lies in the use of a strictly encrypted cryptographic key. Exploiting this vulnerability could allow an attacker to carry out a “man-in-the-middle” attack...

7.2CVSS5.5AI score0.00247EPSS
Exploits0References4Affected Software2
BDU FSTEC
BDU FSTEC
added 2025/03/13 12:0 a.m.5 views

The command-line interface vulnerability of the FortiSandbox system allows a intruder to gain unauthorized access to protected information.

The vulnerability of the command-line interface of the FortiSandbox threat detection and removal system is related to the use of a strictly encrypted cryptographic key. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected information...

4.6CVSS5.5AI score0.00148EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder