Lucene search
+L

113 matches found

vulnersOsv
vulnersOsv
added 2026/03/03 8:9 p.m.3 views

jsonwebtoken-aws-lc (=9.3.0), jwts (>=0.5.0 <=0.5.1) +2 more potentially affected by CVE-2026-3337 via aws-lc-sys (>=0.14.1 <=0.21.0)

aws-lc-sys CARGO version =0.14.1, =0.5.0, =0.102.2, =0.20.0, =0.31.0 Source cves: CVE-2026-3337 Source advisory: OSV:GHSA-65P9-R9H6-22VJ...

8.2CVSS7.4AI score0.01079EPSS
Exploits0
OSV
OSV
added 2026/03/03 8:9 p.m.9 views

GHSA-65P9-R9H6-22VJ AWS-LC has Timing Side-Channel in AES-CCM Tag Verification

Summary AWS-LC is an open-source, general-purpose cryptographic library. Impact Observable timing discrepancy in AES-CCM decryption in AWS-LC allows an unauthenticated user to potentially determine authentication tag validity via timing analysis. The impacted implementations are through the EVP...

8.2CVSS6AI score0.01079EPSS
Exploits0References7
NVD
NVD
added 2026/03/02 10:16 p.m.9 views

CVE-2026-3336

Improper certificate validation in PKCS7verify in AWS-LC allows an unauthenticated user to bypass certificate chain verification when processing PKCS7 objects with multiple signers, except the final signer. Customers of AWS services do not need to take action. Applications using AWS-LC should...

8.7CVSS0.00771EPSS
Exploits0References7
CVE
CVE
added 2026/03/02 9:22 p.m.20 views

CVE-2026-3338

The vulnerability CVE-2026-3338 arises from improper signature validation in PKCS7_verify() within the AWS-LC library, allowing an unauthenticated user to bypass signature verification when processing PKCS7 objects with Authenticated Attributes. Affected component: AWS-LC. Root cause: flawed sign...

8.7CVSS5.9AI score0.00779EPSS
Exploits0References7Affected Software2
Vulnrichment
Vulnrichment
added 2026/03/02 9:22 p.m.3 views

CVE-2026-3338 PKCS7_verify Signature Validation Bypass in AWS-LC

Improper signature validation in PKCS7verify in AWS-LC allows an unauthenticated user to bypass signature verification when processing PKCS7 objects with Authenticated Attributes. Customers of AWS services do not need to take action. Applications using AWS-LC should upgrade to AWS-LC version 1.69...

8.7CVSS5.9AI score0.00779EPSS
Exploits0References3
CVE
CVE
added 2026/03/02 9:20 p.m.21 views

CVE-2026-3337

CVE-2026-3337 documents a timing side-channel in AES-CCM decryption within AWS-LC affecting EVP_aes_128_ccm, EVP_aes_192_ccm, and EVP_aes_256_ccm. An unauthenticated user could potentially determine authentication tag validity via timing analysis. The impact and remediation are described by the a...

8.2CVSS5.9AI score0.01079EPSS
Exploits0References3Affected Software3
OSV
OSV
added 2026/03/02 9:20 p.m.7 views

CVE-2026-3337 Timing Side-Channel in AES-CCM Tag Verification in AWS-LC

Observable timing discrepancy in AES-CCM decryption in AWS-LC allows an unauthenticated user to potentially determine authentication tag validity via timing analysis. The impacted implementations are through the EVP CIPHER API: EVPaes128ccm, EVPaes192ccm, and EVPaes256ccm. Customers of AWS servic...

8.2CVSS7.3AI score0.01079EPSS
Exploits0References5
vulnersOsv
vulnersOsv
added 2026/03/02 12:0 p.m.3 views

jsonwebtoken-aws-lc (=9.3.0), jwts (>=0.5.0 <=0.5.1) +2 more potentially affected by CVE-2026-3337 via aws-lc-sys (>=0.14.1 <=0.21.0)

aws-lc-sys CARGO version =0.14.1, =0.5.0, =0.102.2, =0.20.0, =0.31.0 Source cves: CVE-2026-3337 Source advisory: OSV:RUSTSEC-2026-0045...

8.2CVSS7.4AI score0.01079EPSS
Exploits0
OSV
OSV
added 2026/03/02 12:0 p.m.3 views

RUSTSEC-2026-0046 PKCS7_verify Certificate Chain Validation Bypass in AWS-LC

Improper certificate validation in PKCS7verify in AWS-LC allows an unauthenticated user to bypass certificate chain verification when processing PKCS7 objects with multiple signers, except the final signer. Customers of AWS services do not need to take action. aws-lc-sys contains code from AWS-LC...

7.5CVSS7.5AI score0.00771EPSS
Exploits0References4
OSV
OSV
added 2026/03/02 12:0 p.m.5 views

RUSTSEC-2026-0043 Timing Side-Channel in AES-CCM Tag Verification in AWS-LC

Observable timing discrepancy in AES-CCM decryption in AWS-LC allows an unauthenticated user to potentially determine authentication tag validity via timing analysis. The impacted implementations are through the EVP CIPHER API: EVPaes128ccm, EVPaes192ccm, and EVPaes256ccm. Customers of AWS servic...

5.9CVSS5.9AI score0.01079EPSS
Exploits0References4
OSV
OSV
added 2026/03/02 12:0 p.m.7 views

RUSTSEC-2026-0045 Timing Side-Channel in AES-CCM Tag Verification in AWS-LC

Observable timing discrepancy in AES-CCM decryption in AWS-LC allows an unauthenticated user to potentially determine authentication tag validity via timing analysis. The impacted implementations are through the EVP CIPHER API: EVPaes128ccm, EVPaes192ccm, and EVPaes256ccm. Customers of AWS servic...

5.9CVSS5.8AI score0.01079EPSS
Exploits0References4
RustSec
RustSec
added 2026/03/02 12:0 p.m.4 views

PKCS7_verify Certificate Chain Validation Bypass in AWS-LC

Improper certificate validation in PKCS7verify in AWS-LC allows an unauthenticated user to bypass certificate chain verification when processing PKCS7 objects with multiple signers, except the final signer. Customers of AWS services do not need to take action. aws-lc-sys contains code from AWS-LC...

8.7CVSS5.8AI score0.00771EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2026/02/21 7:30 p.m.4 views

CVE-2025-68026

Missing Authorization vulnerability in Niaj Morshed LC Wizard ghl-wizard allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LC Wizard: from n/a through = 2.1.1...

6.5CVSS5.5AI score0.00245EPSS
Exploits0References1
NVD
NVD
added 2026/02/20 4:22 p.m.4 views

CVE-2025-68026

Missing Authorization vulnerability in Niaj Morshed LC Wizard ghl-wizard allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LC Wizard: from n/a through = 2.1.1...

6.5CVSS0.00245EPSS
Exploits0References1
CVE
CVE
added 2026/02/20 3:46 p.m.9 views

CVE-2025-68026

CVE-2025-68026 affects the WordPress LC Wizard (GHL Wizard/Connector Wizard) plugin, with affected versions listed as 2.1.1 and earlier. The vulnerability is described as a Missing Authorization issue that allows unauthenticated setting updates due to incorrectly configured access control. Public...

6.5CVSS5.5AI score0.00245EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/20 3:46 p.m.23 views

CVE-2025-68026 WordPress LC Wizard plugin <= 2.1.1 - Settings Change vulnerability

Missing Authorization vulnerability in Niaj Morshed LC Wizard ghl-wizard allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LC Wizard: from n/a through = 2.1.1...

6.5CVSS0.00245EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/02/20 12:0 a.m.12 views

WordPress plugin LC Wizard 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

6.5CVSS5.8AI score0.00245EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/02/20 12:0 a.m.5 views

PT-2026-21075

Name of the Vulnerable Software and Affected Versions LC Wizard versions through 2.1.1 Description An authorization issue exists in LC Wizard that allows exploiting incorrectly configured access control security levels. Recommendations Update to a version later than 2.1.1...

5.3AI score0.00245EPSS
Exploits0References3
Patchstack
Patchstack
added 2026/02/05 7:38 a.m.7 views

WordPress LC Wizard plugin <= 2.1.1 - Settings Change vulnerability

Settings Change vulnerability discovered by Legion Hunter in WordPress Plugin LC Wizard versions = 2.1.1...

6.5CVSS5.3AI score0.00245EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2025/12/26 5:41 a.m.9 views

CVE-2025-68664

A flaw was found in LangChain, a framework for building agents and LLM-powered applications. A remote attacker can exploit a serialization injection vulnerability in LangChain's dumps and dumpd functions. This occurs because the functions do not properly escape dictionaries containing the interna...

9.3CVSS7.5AI score0.1383EPSS
Exploits5References10
Rows per page
Query Builder