119 matches found
CVE-2026-34986
Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption JWE, JSON Web Signature JWS, and JSON Web Token JWT standards. Prior to 4.1.4 and 3.0.5, decrypting a JSON Web Encryption JWE object will panic if t...
CVE-2026-34986
Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption JWE, JSON Web Signature JWS, and JSON Web Token JWT standards. Prior to 4.1.4 and 3.0.5, decrypting a JSON Web Encryption JWE object will panic if t...
Uncaught Exception
Overview Affected versions of this package are vulnerable to Uncaught Exception in the cipher.KeyUnwrap function when decrypting a JSON Web Encryption JWE object with a key wrapping algorithm ending in 'KW', except for 'A128GCMKW', 'A192GCMKW', and 'A256GCMKW' and the encryptedkey field is empty...
Uncaught Exception
Overview Affected versions of this package are vulnerable to Uncaught Exception in the cipher.KeyUnwrap function when decrypting a JSON Web Encryption JWE object with a key wrapping algorithm ending in 'KW', except for 'A128GCMKW', 'A192GCMKW', and 'A256GCMKW' and the encryptedkey field is empty...
GHSA-78H2-9FRX-2JM8 Go JOSE Panics in JWE decryption
Impact Decrypting a JSON Web Encryption JWE object will panic if the alg field indicates a key wrapping algorithm one ending in KW, with the exception of A128GCMKW, A192GCMKW, and A256GCMKW and the encryptedkey field is empty. The panic happens when cipher.KeyUnwrap in keywrap.go attempts to...
Uncaught Exception
Overview Affected versions of this package are vulnerable to Uncaught Exception in the cipher.KeyUnwrap function when decrypting a JSON Web Encryption JWE object with a key wrapping algorithm ending in 'KW', except for 'A128GCMKW', 'A192GCMKW', and 'A256GCMKW' and the encryptedkey field is empty...
Uncaught Exception
Overview Affected versions of this package are vulnerable to Uncaught Exception in the cipher.KeyUnwrap function when decrypting a JSON Web Encryption JWE object with a key wrapping algorithm ending in 'KW', except for 'A128GCMKW', 'A192GCMKW', and 'A256GCMKW' and the encryptedkey field is empty...
Uncaught Exception
Overview Affected versions of this package are vulnerable to Uncaught Exception in the cipher.KeyUnwrap function when decrypting a JSON Web Encryption JWE object with a key wrapping algorithm ending in 'KW', except for 'A128GCMKW', 'A192GCMKW', and 'A256GCMKW' and the encryptedkey field is empty...
Go JOSE Panics in JWE decryption
Impact Decrypting a JSON Web Encryption JWE object will panic if the alg field indicates a key wrapping algorithm one ending in KW, with the exception of A128GCMKW, A192GCMKW, and A256GCMKW and the encryptedkey field is empty. The panic happens when cipher.KeyUnwrap in keywrap.go attempts to...
Uncaught Exception
Overview Affected versions of this package are vulnerable to Uncaught Exception in the cipher.KeyUnwrap function when decrypting a JSON Web Encryption JWE object with a key wrapping algorithm ending in 'KW', except for 'A128GCMKW', 'A192GCMKW', and 'A256GCMKW' and the encryptedkey field is empty...
PT-2026-30011
Name of the Vulnerable Software and Affected Versions Go JOSE versions prior to 4.1.4 and versions prior to 3.0.5 Description Go JOSE, an implementation of the Javascript Object Signing and Encryption standards in Go, is susceptible to a denial of service. When decrypting a JSON Web Encryption JW...
GHSA-WJ2J-QWCF-CFCC IncusOS has a LUKS encryption bypass due to insufficient TPM policy
The default configuration of systemd-cryptenroll as used by IncusOS through mkosi allows for an attacker with physical access to the machine to access the encrypted data without requiring any interaction by the system's owner or any tampering of Secure Boot state or kernel UKI boot image. That's...
CVE-2025-14759
The CVE-2025-14759 issue affects the Amazon S3 Encryption Client for .NET. When the encrypted data key (EDK) is stored in an Instruction File instead of S3 metadata, missing cryptographic key commitment could allow a user with write access to the bucket to introduce a rogue EDK and decrypt to a d...
EUVD-2001-0378
Malware in sbrugna...
EUVD-2020-19096
Malware in sbrugna...
The vulnerability of Ivanti Connect Secure and Ivanti Policy Secure, which control network access, stems from the use of a strictly encrypted cryptographic key. This allows attackers to gain unauthorized access to protected information.
The vulnerability of the Ivanti Connect Secure and Ivanti Policy Secure network access control tools lies in the use of a strictly encrypted cryptographic key. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected information...
The vulnerability of the multi-platform SCADA system KROON-TM, related to the use of a rigidly encrypted cryptographic key for the SSL certificate, allows a intruder to gain unauthorized access to protected information.
The vulnerability of the multi-platform SCADA system KROON-TM is related to the use of a rigidly encrypted cryptographic key for the SSL certificate. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information...
The vulnerability of the Primo RPA Orchestrator module of the Primo RPA automation platform allows a intruder to gain unauthorized access to protected information.
The vulnerability of the Primo RPA Orchestrator module of the Primo RPA automation platform lies in the use of a strictly encrypted cryptographic key. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information...
The vulnerability of TP-Link Tapo C500 Wi-Fi cameras, which stems from the use of a rigidly encrypted cryptographic key, allows attackers to carry out “man-in-the-middle” attacks.
The vulnerability of TP-Link Tapo C500 Wi-Fi cameras lies in the use of a strictly encrypted cryptographic key. Exploiting this vulnerability could allow an attacker to carry out a “man-in-the-middle” attack...
The command-line interface vulnerability of the FortiSandbox system allows a intruder to gain unauthorized access to protected information.
The vulnerability of the command-line interface of the FortiSandbox threat detection and removal system is related to the use of a strictly encrypted cryptographic key. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected information...