5453 matches found
CVE-2025-14858 Semtech LR11xx Encrypted Firmware Disclosure
The Semtech LR11xx LoRa transceivers running early versions of firmware contains an information disclosure vulnerability in its firmware validation functionality. When a host issues a firmware validity check command via the SPI interface, the device decrypts the provided encrypted firmware packag...
CVE-2025-14858
The CVE targets Semtech LR11xx LoRa transceivers with early firmware versions. During a firmware validity check over SPI, the device decrypts an encrypted firmware package block-by-block; the last decrypted block remains uncleared in memory after validation, enabling an attacker with SPI access t...
K000160641: pac4j vulnerability CVE-2026-29000
Security Advisory Description pac4j-jwt versions prior to 4.5.9, 5.7.9, and 6.3.3 contain an authentication bypass vulnerability in JwtAuthenticator when processing encrypted JWTs that allows remote attackers to forge authentication tokens. Attackers who possess the server's RSA public key can...
CVE-2026-34986
A flaw was found in Go JOSE, a library for handling JSON Web Encryption JWE objects. A remote attacker could exploit this vulnerability by providing a specially crafted JWE object. When decrypting such an object, if a key wrapping algorithm is specified but the encrypted key field is empty, the...
Google Chrome 安全漏洞
Google Chrome is a web browser developed by the American company Google. Versions of Google Chrome prior to 147.0.7727.55 contained a security vulnerability caused by a cryptographic flaw in PDFium. This vulnerability could allow attackers to extract sensitive information from encrypted PDF files...
QuickDrop 跨站脚本漏洞
QuickDrop is a self-hosted anonymous file sharing application developed by Rostislav. It supports multipart uploads and encrypted storage. Versions of QuickDrop prior to 1.5.3 had a cross-site scripting vulnerability. This vulnerability stemmed from a storage-related cross-site scripting flaw in...
PT-2026-30995
The Semtech LR11xx LoRa transceivers running early versions of firmware contains an information disclosure vulnerability in its firmware validation functionality. When a host issues a firmware validity check command via the SPI interface, the device decrypts the provided encrypted firmware packag...
SUSE CVE-2026-33026
Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.4, the nginx-ui backup restore mechanism allows attackers to tamper with encrypted backup archives and inject malicious configuration during restoration. This issue has been patched in version 2.3.4...
CVE-2026-34986
Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption JWE, JSON Web Signature JWS, and JSON Web Token JWT standards. Prior to 4.1.4 and 3.0.5, decrypting a JSON Web Encryption JWE object will panic if t...
DEBIAN-CVE-2026-34986
Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption JWE, JSON Web Signature JWS, and JSON Web Token JWT standards. Prior to 4.1.4 and 3.0.5, decrypting a JSON Web Encryption JWE object will panic if t...
CVE-2026-34986
Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption JWE, JSON Web Signature JWS, and JSON Web Token JWT standards. Prior to 4.1.4 and 3.0.5, decrypting a JSON Web Encryption JWE object will panic if t...
CVE-2026-34986 Go JOSE affect by a panic in JWE decryption
Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption JWE, JSON Web Signature JWS, and JSON Web Token JWT standards. Prior to 4.1.4 and 3.0.5, decrypting a JSON Web Encryption JWE object will panic if t...
CVE-2026-34986
Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption JWE, JSON Web Signature JWS, and JSON Web Token JWT standards. Prior to 4.1.4 and 3.0.5, decrypting a JSON Web Encryption JWE object will panic if t...
CVE-2026-34986
CVE-2026-34986 affects the Go JOSE library. Prior to versions 4.1.4 and 3.0.5, decrypting a JWE object can cause a panic when the alg field indicates a key-wrapping algorithm (any ending with KW, except A128GCMKW/A192GCMKW/A256GCMKW) and encrypted_key is empty. The panic occurs in cipher.KeyUnwra...
CVE-2026-34986
Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption JWE, JSON Web Signature JWS, and JSON Web Token JWT standards. Prior to 4.1.4 and 3.0.5, decrypting a JSON Web Encryption JWE object will panic if t...
CVE-2015-10148
CVE-2015-10148 concerns Hirschmann HiLCOS devices: OpenBAT, WLC, BAT300, BAT54 prior to 8.80 and OpenBAT prior to 9.10 are shipped with identical default SSH and SSL keys that cannot be changed. This enables unauthenticated remote attackers to decrypt or intercept encrypted management communicati...
CVE-2026-29142
SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to forge a GINA-encrypted email...
CVE-2026-29131
SEPPmail Secure Email Gateway before version 15.0.3 allows attackers with a specially crafted email address to read the contents of emails encrypted for other users...
Uncaught Exception
Overview Affected versions of this package are vulnerable to Uncaught Exception in the cipher.KeyUnwrap function when decrypting a JSON Web Encryption JWE object with a key wrapping algorithm ending in 'KW', except for 'A128GCMKW', 'A192GCMKW', and 'A256GCMKW' and the encryptedkey field is empty...
Uncaught Exception
Overview Affected versions of this package are vulnerable to Uncaught Exception in the cipher.KeyUnwrap function when decrypting a JSON Web Encryption JWE object with a key wrapping algorithm ending in 'KW', except for 'A128GCMKW', 'A192GCMKW', and 'A256GCMKW' and the encryptedkey field is empty...