CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Snyk•added 2026/04/20 8:12 p.m.•6 views

Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')

Overview aws-encryption-sdk is an AWS Encryption SDK implementation for Python Affected versions of this package are vulnerable to Selection of Less-Secure Algorithm During Negotiation 'Algorithm Downgrade' via the shared key cache. An attacker can bypass key commitment policy enforcement by...

vulnersOsv•added 2026/04/20 8:12 p.m.•4 views

Exploits0References2

core-aws (>=1.1.0 <=1.3.0), mind-castle (=0.4.7) potentially affected by CVE-2026-6550 via aws-encryption-sdk (>=4.0.0 <=4.0.3)

aws-encryption-sdk PYPI version =4.0.0, =1.1.0, =1.3.0 - mind-castle =0.4.7 Source cves: CVE-2026-6550 Source advisory: SNYK:PYTHON-AWSENCRYPTIONSDK-16115497...

5.7CVSS5.8AI score0.00005EPSS

Exploits0

vulnersOsv•added 2026/04/20 8:12 p.m.•1 views

cloudformation-cli-python-lib (>=2.1.12 <=2.1.16), core-aws (>=1.0.0 <=1.0.4) +3 more potentially affected by CVE-2026-6550 via aws-encryption-sdk (>=3.1.0 <=3.3.0)

aws-encryption-sdk PYPI version =3.1.0, =2.1.12, =1.0.0, =1.0.1, =0.4.8, =25.11.0, =25.14.1 Source cves: CVE-2026-6550 Source advisory: SNYK:PYTHON-AWSENCRYPTIONSDK-16115497...

5.7CVSS5.4AI score0.00005EPSS

Exploits0

ATTACKERKB•added 2026/04/20 7:20 p.m.•2 views

CVE-2026-6550

Exploits0References5Affected Software1

CVE•added 2026/04/20 7:20 p.m.•6 views

CVE-2026-6550

The vulnerability CVE-2026-6550 affects the AWS Encryption SDK for Python in its caching layer. A cryptographic downgrade in the key cache could allow an authenticated local actor to bypass key commitment policy enforcement, enabling ciphertext to be decrypted into multiple possible plaintexts. A...

Vulnrichment•added 2026/04/20 7:20 p.m.•2 views

CVE-2026-6550 Key commitment policy bypass via shared key cache in AWS Encryption SDK for Python

Cvelist•added 2026/04/20 7:20 p.m.•27 views

CVE-2026-6550 Key commitment policy bypass via shared key cache in AWS Encryption SDK for Python

5.7CVSS0.00005EPSS

NVD•added 2026/04/20 4:16 p.m.•2 views

CVE-2026-6066

ConnectWise has released a security update for ConnectWise Automate™ that addresses a behavior in the ConnectWise Automate Solution Center where certain client-to-server communications could occur without transport-layer encryption. This could allow network‑based interception of Solution Center...

7.1CVSS0.0001EPSS

ATTACKERKB•added 2026/04/20 3:26 p.m.•0 views

CVE-2026-6066

7.1CVSS5.7AI score0.0001EPSS

Exploits0References2

Vulnrichment•added 2026/04/20 3:26 p.m.•2 views

CVE-2026-6066 Unencrypted Client‑Server Communication in ConnectWise Automate™ Solution Center

7.1CVSS5.7AI score0.0001EPSS

Filippo.io•added 2026/04/20 3:21 p.m.•5 views

Quantum Computers Are Not a Threat to 128-bit Symmetric Keys

The advancing threat of cryptographically-relevant quantum computers has made it urgent to replace currently-deployed asymmetric cryptography primitives—key exchange ECDH and digital signatures RSA, ECDSA, EdDSA—which are vulnerable to Shor’s quantum algorithm. It does not, however, impact existi...

6AI score

Exploits0

EUVD•added 2026/04/20 6:31 a.m.•3 views

EUVD-2026-23760

A security vulnerability has been detected in langflow-ai langflow up to 1.8.3. The affected element is the function createproject/encryptauthsettings of the file src/backend/base/Langflow/api/v1/projects.py of the component Project Creation Endpoint. Such manipulation of the argument authsetting...

5.3CVSS5.3AI score0.00014EPSS

Exploits0References5

OSV•added 2026/04/20 6:31 a.m.•4 views

GHSA-9JPJ-CPH8-W449 Langflow: Cleartext Storage of Authentication Settings in Project Creation Endpoint

5.3CVSS5.4AI score0.00014EPSS

Exploits0References7

Positive Technologies•added 2026/04/20 12:0 a.m.•2 views

PT-2026-33829

Name of the Vulnerable Software and Affected Versions Amazon AWS Encryption SDK for Python versions prior to 3.3.1 Amazon AWS Encryption SDK for Python versions prior to 4.0.5 Description A cryptographic algorithm downgrade in the caching layer may allow an authenticated local threat actor to...

CNNVD•added 2026/04/20 12:0 a.m.•7 views

Exploits0References11

Amazon AWS Encryption SDK 安全漏洞

Amazon AWS Encryption SDK is a development toolkit used by Amazon, Inc., for encryption purposes. Versions of the AWS Encryption SDK prior to 3.3.1 and 4.0.5 contained security vulnerabilities. These vulnerabilities were due to issues with the encryption algorithm, which could allow authenticated...

5.7CVSS5.8AI score0.00005EPSS

CNNVD•added 2026/04/20 12:0 a.m.•7 views

Silex SD-330AC和Silex AMC Manager 安全漏洞

Silex SD-330AC and Silex AMC Manager are both products of the Japanese company Silex. Silex SD-330AC is a device server that provides wireless network connectivity and the ability to share with USB devices. Silex AMC Manager is a management software used for centralized management of device serve...

8.2CVSS7.1AI score0.00015EPSS