113 matches found
jsonwebtoken-aws-lc (=9.3.0), jwts (>=0.5.0 <=0.5.1) +2 more potentially affected by CVE-2026-3337 via aws-lc-sys (>=0.14.1 <=0.21.0)
aws-lc-sys CARGO version =0.14.1, =0.5.0, =0.102.2, =0.20.0, =0.31.0 Source cves: CVE-2026-3337 Source advisory: OSV:GHSA-65P9-R9H6-22VJ...
GHSA-65P9-R9H6-22VJ AWS-LC has Timing Side-Channel in AES-CCM Tag Verification
Summary AWS-LC is an open-source, general-purpose cryptographic library. Impact Observable timing discrepancy in AES-CCM decryption in AWS-LC allows an unauthenticated user to potentially determine authentication tag validity via timing analysis. The impacted implementations are through the EVP...
CVE-2026-3336
Improper certificate validation in PKCS7verify in AWS-LC allows an unauthenticated user to bypass certificate chain verification when processing PKCS7 objects with multiple signers, except the final signer. Customers of AWS services do not need to take action. Applications using AWS-LC should...
CVE-2026-3338
The vulnerability CVE-2026-3338 arises from improper signature validation in PKCS7_verify() within the AWS-LC library, allowing an unauthenticated user to bypass signature verification when processing PKCS7 objects with Authenticated Attributes. Affected component: AWS-LC. Root cause: flawed sign...
CVE-2026-3338 PKCS7_verify Signature Validation Bypass in AWS-LC
Improper signature validation in PKCS7verify in AWS-LC allows an unauthenticated user to bypass signature verification when processing PKCS7 objects with Authenticated Attributes. Customers of AWS services do not need to take action. Applications using AWS-LC should upgrade to AWS-LC version 1.69...
CVE-2026-3337
CVE-2026-3337 documents a timing side-channel in AES-CCM decryption within AWS-LC affecting EVP_aes_128_ccm, EVP_aes_192_ccm, and EVP_aes_256_ccm. An unauthenticated user could potentially determine authentication tag validity via timing analysis. The impact and remediation are described by the a...
CVE-2026-3337 Timing Side-Channel in AES-CCM Tag Verification in AWS-LC
Observable timing discrepancy in AES-CCM decryption in AWS-LC allows an unauthenticated user to potentially determine authentication tag validity via timing analysis. The impacted implementations are through the EVP CIPHER API: EVPaes128ccm, EVPaes192ccm, and EVPaes256ccm. Customers of AWS servic...
jsonwebtoken-aws-lc (=9.3.0), jwts (>=0.5.0 <=0.5.1) +2 more potentially affected by CVE-2026-3337 via aws-lc-sys (>=0.14.1 <=0.21.0)
aws-lc-sys CARGO version =0.14.1, =0.5.0, =0.102.2, =0.20.0, =0.31.0 Source cves: CVE-2026-3337 Source advisory: OSV:RUSTSEC-2026-0045...
RUSTSEC-2026-0046 PKCS7_verify Certificate Chain Validation Bypass in AWS-LC
Improper certificate validation in PKCS7verify in AWS-LC allows an unauthenticated user to bypass certificate chain verification when processing PKCS7 objects with multiple signers, except the final signer. Customers of AWS services do not need to take action. aws-lc-sys contains code from AWS-LC...
RUSTSEC-2026-0043 Timing Side-Channel in AES-CCM Tag Verification in AWS-LC
Observable timing discrepancy in AES-CCM decryption in AWS-LC allows an unauthenticated user to potentially determine authentication tag validity via timing analysis. The impacted implementations are through the EVP CIPHER API: EVPaes128ccm, EVPaes192ccm, and EVPaes256ccm. Customers of AWS servic...
RUSTSEC-2026-0045 Timing Side-Channel in AES-CCM Tag Verification in AWS-LC
Observable timing discrepancy in AES-CCM decryption in AWS-LC allows an unauthenticated user to potentially determine authentication tag validity via timing analysis. The impacted implementations are through the EVP CIPHER API: EVPaes128ccm, EVPaes192ccm, and EVPaes256ccm. Customers of AWS servic...
PKCS7_verify Certificate Chain Validation Bypass in AWS-LC
Improper certificate validation in PKCS7verify in AWS-LC allows an unauthenticated user to bypass certificate chain verification when processing PKCS7 objects with multiple signers, except the final signer. Customers of AWS services do not need to take action. aws-lc-sys contains code from AWS-LC...
CVE-2025-68026
Missing Authorization vulnerability in Niaj Morshed LC Wizard ghl-wizard allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LC Wizard: from n/a through = 2.1.1...
CVE-2025-68026
Missing Authorization vulnerability in Niaj Morshed LC Wizard ghl-wizard allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LC Wizard: from n/a through = 2.1.1...
CVE-2025-68026
CVE-2025-68026 affects the WordPress LC Wizard (GHL Wizard/Connector Wizard) plugin, with affected versions listed as 2.1.1 and earlier. The vulnerability is described as a Missing Authorization issue that allows unauthenticated setting updates due to incorrectly configured access control. Public...
CVE-2025-68026 WordPress LC Wizard plugin <= 2.1.1 - Settings Change vulnerability
Missing Authorization vulnerability in Niaj Morshed LC Wizard ghl-wizard allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LC Wizard: from n/a through = 2.1.1...
WordPress plugin LC Wizard 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...
PT-2026-21075
Name of the Vulnerable Software and Affected Versions LC Wizard versions through 2.1.1 Description An authorization issue exists in LC Wizard that allows exploiting incorrectly configured access control security levels. Recommendations Update to a version later than 2.1.1...
WordPress LC Wizard plugin <= 2.1.1 - Settings Change vulnerability
Settings Change vulnerability discovered by Legion Hunter in WordPress Plugin LC Wizard versions = 2.1.1...
CVE-2025-68664
A flaw was found in LangChain, a framework for building agents and LLM-powered applications. A remote attacker can exploit a serialization injection vulnerability in LangChain's dumps and dumpd functions. This occurs because the functions do not properly escape dictionaries containing the interna...