Amazon AWS Encryption SDK 安全漏洞

Amazon AWS Encryption SDK is a development toolkit used by Amazon, Inc., for encryption purposes. Versions of the AWS Encryption SDK prior to 3.3.1 and 4.0.5 contained security vulnerabilities. These vulnerabilities were due to issues with the encryption algorithm, which could allow authenticated...

PT-2026-33829

Name of the Vulnerable Software and Affected Versions Amazon AWS Encryption SDK for Python versions prior to 3.3.1 Amazon AWS Encryption SDK for Python versions prior to 4.0.5 Description A cryptographic algorithm downgrade in the caching layer may allow an authenticated local threat actor to...

Silex SD-330AC和Silex AMC Manager 安全漏洞

Silex SD-330AC and Silex AMC Manager are both products of the Japanese company Silex. Silex SD-330AC is a device server that provides wireless network connectivity and the ability to share with USB devices. Silex AMC Manager is a management software used for centralized management of device serve...

ConnectWise Automate 安全漏洞

ConnectWise Automate is a cloud-based local IT automation solution provided by the American company ConnectWise. This product supports functions such as content management, file sharing, and IT asset tracking and management. There is a security vulnerability in ConnectWise Automate, which stems...

[20260518] - Core - Transport encryption downgrade for password and username reset links

The password and username reset features created plain http links for https connections if the "Force SSL" flag wasn't explicitly set...

Silex SD-330AC和Silex AMC Manager 安全漏洞

Both the Silex SD-330AC and the Silex AMC Manager are products of the Japanese company Silex. The Silex SD-330AC is a device server that provides wireless network connectivity and the ability to share with USB devices. The Silex AMC Manager is a management software used for centralized management...

ROS-20260420-73-0011

A vulnerability in the crypto/modes/ocb128.c component of the OpenSSL TLS and SSL protocols toolkit is related to the lack of a required encryption step. Exploitation of the vulnerability could allow an attacker to gain access to confidential data and compromise its integrity...

ROS-20260420-73-0010

A vulnerability in the crypto/modes/ocb128.c component of the OpenSSL TLS and SSL protocols toolkit is related to the lack of a required encryption step. Exploitation of the vulnerability could allow an attacker to gain access to confidential data and compromise its integrity...

EUVD-2026-23508

Anviz CrossChex Standard is vulnerable when an attacker manipulates the TDS7 PreLogin to disable encryption, causing database credentials to be sent in plaintext and enabling unauthorized database access...

CVE-2026-32105

A flaw was found in xrdp, an open-source Remote Desktop Protocol RDP server. When using the "Classic RDP Security" layer, xrdp fails to verify the Message Authentication Code MAC signature of encrypted RDP packets. This oversight allows an unauthenticated attacker with man-in-the-middle MITM...

CVE-2026-32650

Anviz CrossChex Standard is vulnerable when an attacker manipulates the TDS7 PreLogin to disable encryption, causing database credentials to be sent in plaintext and enabling unauthorized database access...

CVE-2026-32650 Anviz CrossChex Standard Algorithm Downgrade

Anviz CrossChex Standard is vulnerable when an attacker manipulates the TDS7 PreLogin to disable encryption, causing database credentials to be sent in plaintext and enabling unauthorized database access...

CVE-2026-32650

Anviz CrossChex Standard is vulnerable when an attacker manipulates the TDS7 PreLogin to disable encryption, causing database credentials to be sent in plaintext and enabling unauthorized database access...

CVE-2026-32650 Anviz CrossChex Standard Algorithm Downgrade

Anviz CrossChex Standard is vulnerable when an attacker manipulates the TDS7 PreLogin to disable encryption, causing database credentials to be sent in plaintext and enabling unauthorized database access...

CVE-2026-32650

The CVE-2026-32650 entry applies to Anviz CrossChex Standard. The description states that an attacker can manipulate the TDS7 PreLogin to disable encryption, causing database credentials to be sent in plaintext and enabling unauthorized database access. This highlights a credential exposure risk ...

Bouncy Castle Uncontrolled Resource Consumption vulnerability

Allocation of resources without limits or throttling vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcpg on all pg modules. This issue affects BC-JAVA before 1.84. Unbounded PGP AEAD chunk size leads to pre-auth resource exhaustion...

OESA-2026-1926 python-jwcrypto security update

Implements JWK, JWS, JWE specifications with python-cryptography Security Fixes: JWCrypto implements JWK, JWS, and JWE specifications using python-cryptography. Prior to 1.5.7, an unauthenticated attacker can exhaust server memory by sending crafted JWE tokens with ZIP compression. The existing...

OESA-2026-1925 python-jwcrypto security update

Implements JWK, JWS, JWE specifications with python-cryptography Security Fixes: JWCrypto implements JWK, JWS, and JWE specifications using python-cryptography. Prior to 1.5.7, an unauthenticated attacker can exhaust server memory by sending crafted JWE tokens with ZIP compression. The existing...

OESA-2026-1924 python-jwcrypto security update

Implements JWK, JWS, JWE specifications with python-cryptography Security Fixes: JWCrypto implements JWK, JWS, and JWE specifications using python-cryptography. Prior to 1.5.7, an unauthenticated attacker can exhaust server memory by sending crafted JWE tokens with ZIP compression. The existing...

OESA-2026-1923 python-jwcrypto security update

Implements JWK, JWS, JWE specifications with python-cryptography Security Fixes: JWCrypto implements JWK, JWS, and JWE specifications using python-cryptography. Prior to 1.5.7, an unauthenticated attacker can exhaust server memory by sending crafted JWE tokens with ZIP compression. The existing...