CVE-2026-32313 xmlseclibs is Missing AES-GCM Authentication Tag Validation on Encrypted Nodes Allows for Unauthorized Decryption

xmlseclibs is a library written in PHP for working with XML Encryption and Signatures. Prior to 3.1.5, XML nodes encrypted with either aes-128-gcm, aes-192-gcm, or aes-256-gcm lack validation of the authentication tag length. An attacker can use this to brute-force an authentication tag, recover...

Improper Verification of Cryptographic Signature

Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature in the UnwrapKey logic of the SM9 decryption implementation. An attacker can cause unauthorized message decryption and integrity bypass by crafting a ciphertext with the elliptic-curve...

xml-security 安全漏洞

xml-security is an open-source library developed by SimpleSAMLphp. Versions prior to 2.3.1 and 1.13.9 of xml-security had security vulnerabilities. These vulnerabilities stemmed from the lack of authentication tag length validation for XML nodes encrypted using aes-128-gcm, aes-192-gcm, or...

PT-2024-40389 · Openssl · Openssl

Name of the Vulnerable Software and Affected Versions: OpenSSL versions prior to 0.6.2 Description: The issue allows an attacker to learn parts of the secret key when they can time decapsulation and forge cipher texts on certain platforms. This does not affect ephemeral usage, such as regular use...