5455 matches found
CVE-2026-32600
xml-security is a library that implements XML signatures and encryption. Prior to versions 2.3.1 and 1.13.9, XML nodes encrypted with either aes-128-gcm, aes-192-gcm, or aes-256-gcm lack validation of the authentication tag length. An attacker can use this to brute-force an authentication tag,...
Embedded Malicious Code
Overview react-native-international-phone-number is an International mobile phone input component with mask for React Native Affected versions of this package are vulnerable to Embedded Malicious Code. The publishing pipeline of this package was compromised and a malicious version was released on...
PT-2026-25544
Name of the Vulnerable Software and Affected Versions Totolink A7100RU version 7.4cu.2313 b20191024 Description A weakness exists in the function setScheduleCfg of the file /cgi-bin/cstecgi.cgi. Manipulation of the mode argument can lead to operating system command injection. This attack can be...
Improper Validation of Integrity Check Value
Overview Affected versions of this package are vulnerable to Improper Validation of Integrity Check Value due to missing validation of the AES-GCM authentication tag on encrypted XML nodes. An attacker can decrypt sensitive data and forge arbitrary ciphertexts by brute-forcing the authentication...
simplesamlphp/xml-security: Missing AES-GCM Authentication Tag Validation on Encrypted Nodes Allows for Unauthorized Decryption
Summary XML nodes encrypted with either aes-128-gcm, aes-192-gcm, or aes-256-gcm lack validation of the authentication tag length. An attacker can use this to brute-force an authentication tag, recover the GHASH key, and decrypt the encrypted nodes. It also allows to forge arbitrary ciphertexts...
EUVD-2026-12094
xmlseclibs: Missing AES-GCM Authentication Tag Validation on Encrypted Nodes Allows for Unauthorized Decryption...
CVE-2026-32600 xml-security is Missing AES-GCM Authentication Tag Validation on Encrypted Nodes Allows for Unauthorized Decryption
xml-security is a library that implements XML signatures and encryption. Prior to versions 2.3.1 and 1.13.9, XML nodes encrypted with either aes-128-gcm, aes-192-gcm, or aes-256-gcm lack validation of the authentication tag length. An attacker can use this to brute-force an authentication tag,...
CVE-2026-32600 xml-security is Missing AES-GCM Authentication Tag Validation on Encrypted Nodes Allows for Unauthorized Decryption
xml-security is a library that implements XML signatures and encryption. Prior to versions 2.3.1 and 1.13.9, XML nodes encrypted with either aes-128-gcm, aes-192-gcm, or aes-256-gcm lack validation of the authentication tag length. An attacker can use this to brute-force an authentication tag,...
xml-security 安全漏洞
xml-security is an open-source library developed by SimpleSAMLphp. Versions prior to 2.3.1 and 1.13.9 of xml-security had security vulnerabilities. These vulnerabilities stemmed from the lack of authentication tag length validation for XML nodes encrypted using aes-128-gcm, aes-192-gcm, or...
EUVD-2019-19744
eWON Firmware versions 12.2 to 13.0 contain an authentication bypass vulnerability that allows attackers with minimal privileges to retrieve sensitive user data by exploiting the wsdReadForm endpoint. Attackers can send POST requests to /wrcgi.bin/wsdReadForm with base64-encoded partial credentia...
EUVD-2019-19738
Verypdf docPrint Pro 8.0 contains a structured exception handling buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized alphanumeric encoded payload in the User Password or Master Password fields. Attackers can craft a malicious payload with...
CVE-2019-25470
eWON Firmware versions 12.2 to 13.0 contain an authentication bypass vulnerability that allows attackers with minimal privileges to retrieve sensitive user data by exploiting the wsdReadForm endpoint. Attackers can send POST requests to /wrcgi.bin/wsdReadForm with base64-encoded partial credentia...
CVE-2019-25470 eWON Firmware 12.2-13.0 Authentication Bypass via wsdReadForm
eWON Firmware versions 12.2 to 13.0 contain an authentication bypass vulnerability that allows attackers with minimal privileges to retrieve sensitive user data by exploiting the wsdReadForm endpoint. Attackers can send POST requests to /wrcgi.bin/wsdReadForm with base64-encoded partial credentia...
CVE-2019-25470 eWON Firmware 12.2-13.0 Authentication Bypass via wsdReadForm
eWON Firmware versions 12.2 to 13.0 contain an authentication bypass vulnerability that allows attackers with minimal privileges to retrieve sensitive user data by exploiting the wsdReadForm endpoint. Attackers can send POST requests to /wrcgi.bin/wsdReadForm with base64-encoded partial credentia...
CVE-2019-25470
eWON Firmware versions 12.2 to 13.0 contain an authentication bypass vulnerability that allows attackers with minimal privileges to retrieve sensitive user data by exploiting the wsdReadForm endpoint. Attackers can send POST requests to /wrcgi.bin/wsdReadForm with base64-encoded partial credentia...
CVE-2019-25470
CVE-2019-25470 affects eWON firmware versions 12.2–13.0 and describes an authentication bypass via the wsdReadForm endpoint. An attacker with minimal privileges can issue a POST to /wrcgi.bin/wsdReadForm with base64-encoded partial credentials and a crafted wsdList parameter to retrieve encrypted...
Malicious code in hxq-misc-utils-0379 (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: oracle-using-macaron 1e22088fbe314143f0c3eb971a645a125a9a32753184ceb5abd533ac7e60da69 This package includes an encrypted payload file that appears to be used to deliver code or resources to other packages. The payload changes betwe...
MAL-2026-1453 Malicious code in hxq-misc-utils-0379 (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: oracle-using-macaron 1e22088fbe314143f0c3eb971a645a125a9a32753184ceb5abd533ac7e60da69 This package includes an encrypted payload file that appears to be used to deliver code or resources to other packages. The payload changes betwe...
Linux RC4 Encrypted Payload Generator
This evasion module packs Linux payloads using RC4 encryption and executes them from memory using memfdcreate for fileless execution. Linux kernel version support: 3.17+ Module Options msf use evasion/linux/x64/rc4packer msf evasionrc4packer show actions ...actions... msf evasionrc4packer set...
CVE-2026-3664
A vulnerability was determined in xlnt-community xlnt up to 1.6.1. Impacted is the function xlnt::detail::compounddocument::readdirectory of the file source/detail/cryptography/compounddocument.cpp of the component Encrypted XLSX File Parser. Executing a manipulation can lead to out-of-bounds rea...