Insufficiently Protected Credentials

Overview Affected versions of this package are vulnerable to Insufficiently Protected Credentials due to insufficient policy enforcement in the Trusted Platform Module TPM during the disk decryption process. An attacker can gain unauthorized access to encrypted data by physically replacing the ro...

IncusOS has a LUKS encryption bypass due to insufficient TPM policy

The default configuration of systemd-cryptenroll as used by IncusOS through mkosi allows for an attacker with physical access to the machine to access the encrypted data without requiring any interaction by the system's owner or any tampering of Secure Boot state or kernel UKI boot image. That's...

EUVD-2026-12480

Authlib Vulnerable to JWE RSA15 Bleichenbacher Padding Oracle...

GHSA-7432-952R-CW78 Authlib Vulnerable to JWE RSA1_5 Bleichenbacher Padding Oracle

Executive Summary A cryptographic padding oracle vulnerability was identified in the Authlib Python library concerning the implementation of the JSON Web Encryption JWE RSA15 key management algorithm. Authlib registers RSA15 in its default algorithm registry without requiring explicit opt-in,...

Authlib Vulnerable to JWE RSA1_5 Bleichenbacher Padding Oracle

Executive Summary A cryptographic padding oracle vulnerability was identified in the Authlib Python library concerning the implementation of the JSON Web Encryption JWE RSA15 key management algorithm. Authlib registers RSA15 in its default algorithm registry without requiring explicit opt-in,...

CVE-2026-32600

xml-security is a library that implements XML signatures and encryption. Prior to versions 2.3.1 and 1.13.9, XML nodes encrypted with either aes-128-gcm, aes-192-gcm, or aes-256-gcm lack validation of the authentication tag length. An attacker can use this to brute-force an authentication tag,...

CVE-2026-32313

xmlseclibs is a library written in PHP for working with XML Encryption and Signatures. Prior to 3.1.5, XML nodes encrypted with either aes-128-gcm, aes-192-gcm, or aes-256-gcm lack validation of the authentication tag length. An attacker can use this to brute-force an authentication tag, recover...

SAMSUNG Smart Switch 安全漏洞

Samsung Smart Switch is a data migration tool developed by South Korea’s Samsung Corporation. Versions of Samsung Smart Switch prior to 3.7.69.15 contained security vulnerabilities. These vulnerabilities stemmed from improper encryption signature verification, which could allow remote attackers t...

Xmlseclibs 安全漏洞

Xmlseclibs is a library developed by robrichards, written in PHP, for handling XML encryption and signing. Versions of Xmlseclibs prior to 3.1.5 contained security vulnerabilities. These vulnerabilities stemmed from the lack of authentication tag length validation for XML nodes encrypted using...

Botan C++ Crypto Algorithms Library 3.11.0

Botan is a C++ library of cryptographic algorithms, including AES, DES, SHA-1, RSA, DSA, Diffie-Hellman, and many others. It also supports X.509 certificates and CRLs, and PKCS 10 certificate requests, and has a high level filter/pipe message processing system. The library is easily portable to...

SAMSUNG Smart Switch 安全漏洞

SAMSUNG Smart Switch is a data migration tool developed by South Korea’s Samsung Corporation. Versions of SAMSUNG Smart Switch prior to 3.7.69.15 contained security vulnerabilities. These vulnerabilities stemmed from the use of defective or insecure encryption algorithms, which could allow remote...

Authlib 加密问题漏洞

Authlib is an open-source library developed by Authlib, designed as a ultimate Python library for building OAuth and OpenID Connect servers. Versions of Authlib prior to 1.6.9 contained a security vulnerability related to encryption. This vulnerability stemmed from a cryptographic padding mechani...

SAMSUNG Galaxy Store 安全漏洞

SAMSUNG Galaxy Store is an application store owned by South Korean company Samsung. Versions of SAMSUNG Galaxy Store prior to version 4.6.03.8 contained security vulnerabilities. These vulnerabilities stemmed from improper encryption signature verification, which could allow local attackers to...

S3 SSE-C Encryption Key Exposed in Plaintext via Config Endpoint

A vulnerability in Grafana Tempo exposes the S3 SSE-C encryption key in plaintext through the /status/config endpoint, potentially allowing unauthorized users to obtain the key used to encrypt trace data stored in S3. Thanks to williamgoodfellow for reporting this vulnerability...

How to Manually Update GPG key on Veeam Appliances

Article Applicability This article is specifically regarding the Veeam Appliances used in conjunction with Veeam Backup & Replication 13. Including the Veeam Software Appliance, Veeam Infrastructure Appliance, and Veeam Hardened Repository deployed from the Veeam Infrastructure Appliance. For...

Advisory ROSA-SA-2026-3206

software: nginx 1.28.2 OS: ROSA-CHROME unaffected versions = nginx-1.28.2-1 affected versions nginx-1.28.2-1 CVE-ID: CVE-2026-1642 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in NGINX OSS and NGINX Plus when proxying to upstream TLS servers allows an attacker in a man-in-the-middle...

SUSE CVE-2017-18909

An issue was discovered in Mattermost Server before 3.9.0 when SAML is used. Encryption and signature verification are not mandatory...

czeview-meari-firmware

CZeView / Meari Camera — Root & Firmware Research Reverse eng...

Exploit for Improper Input Validation in Typo3

TYPO3 CVE-2020-15099 — Unauthenticated RCE PHP Object Injecti...

Exploit for Missing Encryption of Sensitive Data in Nginxui Nginx_Ui

CVE-2026-27944 PoC Description CVE-2026-27944 is an identi...