VulnCheck KEV: CVE-2026-1357

The Migration, Backup, Staging – WPvivid Backup & Migration plugin for WordPress is vulnerable to Unauthenticated Arbitrary File Upload in versions up to and including 0.9.123. This is due to improper error handling in the RSA decryption process combined with a lack of path sanitization when...

Panic in `libcrux-psq` on decryption of malformed AES-GCM ciphertext

The latest releases of the libcrux-psq crate contains the following bug-fix: 1319: Propagate AEADError instead of panicking The issue fixed in 1319 was first reported by Nadim Kobeissi...

EUVD-2025-205832

A divide-by-zero in the encryption/decryption routines of GNU Recutils v1.9 allows attackers to cause a Denial of Service DoS via inputting an empty value as a password...

EUVD-1999-0837

Malware in sbrugna...

CVE-2025-26696

Certain crafted MIME email messages that claimed to contain an encrypted OpenPGP message, which instead contained an OpenPGP signed message, were wrongly shown as being encrypted. This vulnerability was fixed in Thunderbird 136 and Thunderbird 128.8...

PT-2025-54210

Name of the Vulnerable Software and Affected Versions GNU Recutils versions prior to 1.9 Description A flaw exists in the encryption and decryption processes of GNU Recutils that can lead to a Denial of Service DoS. This occurs when an empty value is provided as a password. Recommendations Update...

UBUNTU-CVE-2024-36911

In the Linux kernel, the following vulnerability has been resolved: hvnetvsc: Don't free decrypted memory In CoCo VMs it is possible for the untrusted host to cause setmemoryencrypted or setmemorydecrypted to fail such that an error is returned and the resulting memory is shared. Callers need to...

CVE-2024-3729

The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to improper missing encryption exception handling on the 'feaencrypt' function in all versions up to, and including, 3.19.4. This makes it possible for unauthenticated attackers to manipulate the user processing forms, which can ...

GHSA-RJMV-52MP-GJRR vantage6 may create unencrypted tasks in encrypted collaboration

Impact There are no checks on whether the input is encrypted if a task is created in an encrypted collaboration. Therefore, a user may accidentally create a task with sensitive input data that will then be stored unencrypted in a database. Workarounds This is not an issue with the normal workflow...

The vulnerability of Zoom’s video conferencing software, related to data encryption errors, allows attackers to disclose sensitive information that is protected by encryption.

The vulnerability of Zoom video conferencing software is related to data encryption errors. Exploiting this vulnerability can allow a remote attacker to disclose sensitive information that is protected by encryption...

PT-2023-17228 · Checkmk · Checkmk

Name of the Vulnerable Software and Affected Versions: Checkmk versions 1.6.0 and earlier Checkmk versions 2.0.0 through 2.0.0p34 Checkmk versions 2.1.0 through 2.1.0p25 Checkmk versions 2.2.0b3 and earlier Description: Inappropriate error handling in Checkmk causes the symmetric encryption of...

The vulnerability of the Node.js software platform, related to data encryption errors, allows a hacker to trigger a service failure.

The vulnerability of the Node.js software platform is related to data encryption errors. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...

SUSE CVE-2020-13777

GnuTLS 3.6.x before 3.6.14 uses incorrect cryptography for encrypting a session ticket a loss of confidentiality in TLS 1.2, and an authentication bypass in TLS 1.3. The earliest affected version is 3.6.4 2018-09-24 because of an error in a 2018-09-18 commit. Until the first key rotation, the TLS...

The vulnerability of the SSH library (x/crypto/ssh) in the Go programming language, which allows a hacker to execute a “man-in-the-middle” attack.

The vulnerability of the SSH library x/crypto/ssh in the Go programming language is related to data encryption errors. Exploiting this vulnerability can allow a remote attacker to execute a “man-in-the-middle” attack...

The vulnerability of the IBM CICS TX Standard application server, related to data encryption errors, allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the IBM CICS TX Standard application server is related to data encryption errors. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information remotely...

Boston Scientific ZOOM LATITUDE Programmer/Recorder/Monitor (PRM) Model 3120 Encryption Error Vulnerability

The Boston Scientific ZOOM LATITUDE Programmer/Recorder/Monitor PRM Model 3120 is a portable cardiac rhythm management Crm programming system from Boston Scientific, Inc. The Boston Scientific ZOOM LATITUDE Programmer/Recorder/Monitor PRM Model 3120 is vulnerable to an encryption error that could...

The vulnerability of the FortiMai email security system, related to encryption errors, allows attackers to bypass cryptographic security measures and enhance their privileges.

The vulnerability of the FortiMail email security system is related to errors in encryption algorithms. Exploiting this vulnerability can allow an attacker to bypass the cryptographic mechanisms used for encryption and enhance their privileges...

CVE-2012-2130

A Security Bypass vulnerability exists in PolarSSL 0.99pre4 through 1.1.1 due to a weak encryption error when generating Diffie-Hellman values and RSA keys...

CVE-2012-2130

A Security Bypass vulnerability exists in PolarSSL 0.99pre4 through 1.1.1 due to a weak encryption error when generating Diffie-Hellman values and RSA keys...

One year later: The VPNFilter catastrophe that wasn't

Cisco Talos first disclosed the existence of VPNFilter on May 23, 2018. The malware made headlines across the globe, as it was a sophisticated piece of malware developed by a nation state, infecting half a million devices, and poised to cause havoc. Yet the attack was averted. The attacker’s...