CVE-2026-22026

CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures SDLS-EP to secure communications between a spacecraft running the core Flight System cFS and a ground station. Prior to version 1.4.3, the libcurl writecallback function in the KMC...

EUVD-2026-1890

CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures SDLS-EP to secure communications between a spacecraft running the core Flight System cFS and a ground station. Prior to version 1.4.3, the libcurl writecallback function in the KMC...

CVE-2026-22025 CryptoLib Memory Leak on HTTP Error Response in KMC Client

CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures SDLS-EP to secure communications between a spacecraft running the core Flight System cFS and a ground station. Prior to version 1.4.3, when the KMC server returns a non-200 HTTP...

CVE-2026-22025

CryptoLib’s memory-leak vulnerability affects the KMC client: when a non-200 HTTP response is returned, cryptography_encrypt() and cryptography_decrypt() fail to free previously allocated buffers, leaking ~467 bytes per failed request and risking memory exhaustion with repeated failures. This occ...

CVE-2026-21900 CryptoLib Has Out-of-Bounds Read in KMC Encrypt Metadata Parsing via Flawed strtok Pattern

CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures SDLS-EP to secure communications between a spacecraft running the core Flight System cFS and a ground station. Prior to version 1.4.3, an out-of-bounds heap read vulnerability in...

CVE-2026-21900 CryptoLib Has Out-of-Bounds Read in KMC Encrypt Metadata Parsing via Flawed strtok Pattern

CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures SDLS-EP to secure communications between a spacecraft running the core Flight System cFS and a ground station. Prior to version 1.4.3, an out-of-bounds heap read vulnerability in...

CryptoLib 安全漏洞

CryptoLib is a NASA open source application. It is used to provide a software-only solution using the CCSDS space data link security protocol. A security vulnerability exists in CryptoLib versions prior to 1.4.3 that originates in the libcurl writecallback function of the KMC Cryptographic Servic...

PT-2026-2133

Name of the Vulnerable Software and Affected Versions CryptoLib versions prior to 1.4.3 Description CryptoLib is a software solution utilizing the CCSDS Space Data Link Security Protocol - Extended Procedures SDLS-EP to secure communications between a spacecraft and a ground station. Before versi...

CVE-2022-35298

SAP NetWeaver Enterprise Portal KMC - version 7.50, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting vulnerability. KMC servlet is vulnerable to XSS attack. The execution of script content by a victim registered on the portal could compromise the...

EUVD-2016-5482

Malware in sbrugna...

EUVD-2016-5481

Malware in sbrugna...

EUVD-2024-42538

Malicious code in bioql PyPI...

CVE-2024-47594

SAP NetWeaver Enterprise Portal KMC does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting vulnerability in KMC servlet. An attacker could craft a script and trick the user into clicking it. When a victim who is registered on the portal clicks on such link,...

SAP KMC WPC Information Disclosure Vulnerability

SAP KMC WPC is a combination of enterprise content management and web publishing components from SAP. An information disclosure vulnerability exists in SAP KMC WPC, which can be exploited by an attacker to retrieve a user name via a simple parameter query, resulting in the disclosure of sensitive...

CVE-2025-26657

SAP KMC WPC allows an unauthenticated attacker to remotely retrieve usernames by a simple parameter query which could expose sensitive information causing low impact on confidentiality of the application. This has no effect on integrity and availability...

CVE-2025-26657

SAP KMC WPC allows an unauthenticated attacker to remotely retrieve usernames by a simple parameter query which could expose sensitive information causing low impact on confidentiality of the application. This has no effect on integrity and availability...

CVE-2025-26657 Information Disclosure vulnerability in SAP KMC WPC

SAP KMC WPC allows an unauthenticated attacker to remotely retrieve usernames by a simple parameter query which could expose sensitive information causing low impact on confidentiality of the application. This has no effect on integrity and availability...

CVE-2025-26657 Information Disclosure vulnerability in SAP KMC WPC

SAP KMC WPC allows an unauthenticated attacker to remotely retrieve usernames by a simple parameter query which could expose sensitive information causing low impact on confidentiality of the application. This has no effect on integrity and availability...

CVE-2025-26657

CVE-2025-26657 is an information-disclosure vulnerability in SAP KMC WPC. An unauthenticated attacker can remotely retrieve usernames via a simple parameter query, exposing sensitive information and causing low confidentiality impact. The root cause is an information-disclosure flaw in the WPC co...

PT-2025-15366 · Sap · Sap Kmc Wpc

Name of the Vulnerable Software and Affected Versions: SAP KMC WPC affected versions not specified Description: The issue allows an unauthenticated attacker to remotely retrieve usernames by a simple parameter query, potentially exposing sensitive information and causing low impact on the...