Lucene search
K

247 matches found

Vulnrichment
Vulnrichment
added 2026/03/20 2:48 a.m.3 views

CVE-2026-32935 phpseclib's AES-CBC unpadding susceptible to padding oracle timing attack

phpseclib is a PHP secure communications library. Projects using versions 0.1.1 through 1.0.26, 2.0.0 through 2.0.51, and 3.0.0 through 3.0.49 are vulnerable to a to padding oracle timing attack when using AES in CBC mode. This issue has been fixed in versions 1.0.27, 2.0.52 and 3.0.50...

8.2CVSS5.7AI score0.00374EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/20 2:48 a.m.10 views

CVE-2026-32935

phpseclib is a PHP secure communications library. Projects using versions 0.1.1 through 1.0.26, 2.0.0 through 2.0.51, and 3.0.0 through 3.0.49 are vulnerable to a to padding oracle timing attack when using AES in CBC mode. This issue has been fixed in versions 1.0.27, 2.0.52 and 3.0.50...

8.2CVSS5.7AI score0.00374EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/03/20 2:48 a.m.27 views

CVE-2026-32935

CVE-2026-32935 affects phpseclib with AES-CBC padding oracle timing vulnerability. Affected versions: 1.0.26 and below; 2.0.0–2.0.51; 3.0.0–3.0.49. Root cause: short-circuiting in the unpadding function enables timing leakage. Impact per sources: potential confidentiality impact (C) with high lik...

8.2CVSS5.7AI score0.00374EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/03/20 2:48 a.m.3 views

CVE-2026-32935 phpseclib's AES-CBC unpadding susceptible to padding oracle timing attack

phpseclib is a PHP secure communications library. Projects using versions 1.0.26 and below, 2.0.0 through 2.0.51, and 3.0.0 through 3.0.49 are vulnerable to a to padding oracle timing attack when using AES in CBC mode. This issue has been fixed in versions 1.0.27, 2.0.52 and 3.0.50...

8.2CVSS5.7AI score0.00374EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/03/20 12:0 a.m.18 views

phpseclib 安全漏洞

phpseclib is an open-source PHP security communication library developed by phpseclib. Versions of phpseclib starting from 1.0.26, 2.0.0 to 2.0.51, and 3.0.0 to 3.0.49 contain security vulnerabilities. These vulnerabilities stem from a timing attack that occurs when using the AES CBC mode...

8.2CVSS5.8AI score0.00374EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/03/20 12:0 a.m.5 views

CVE-2026-32935

phpseclib is a PHP secure communications library. Projects using versions 0.1.1 through 1.0.26, 2.0.0 through 2.0.51, and 3.0.0 through 3.0.49 are vulnerable to a to padding oracle timing attack when using AES in CBC mode. This issue has been fixed in versions 1.0.27, 2.0.52 and 3.0.50...

8.2CVSS5.7AI score0.00374EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/03/19 4:42 p.m.10 views

phpseclib's AES-CBC unpadding susceptible to padding oracle timing attack

Impact Those using AES in CBC mode may be susceptible to a padding oracle timing attack. Patches https://github.com/phpseclib/phpseclib/commit/ccc21aef71eb170e9bf819b167e67d1fd9e6e788 Workarounds Use AES in CTR, CFB or OFB modes References...

8.2CVSS5.7AI score0.00374EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/03/19 4:42 p.m.4 views

GHSA-94G3-G5V7-Q4JG phpseclib's AES-CBC unpadding susceptible to padding oracle timing attack

Impact Those using AES in CBC mode may be susceptible to a padding oracle timing attack. Patches https://github.com/phpseclib/phpseclib/commit/ccc21aef71eb170e9bf819b167e67d1fd9e6e788 Workarounds Use AES in CTR, CFB or OFB modes References...

8.2CVSS5.7AI score0.00374EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/03/19 12:0 a.m.7 views

PT-2026-26464

Name of the Vulnerable Software and Affected Versions phpseclib versions 1.0.26 and below phpseclib versions 2.0.0 through 2.0.51 phpseclib versions 3.0.0 through 3.0.49 Description phpseclib is a PHP secure communications library. Projects utilizing the affected versions are susceptible to a...

8.2CVSS5.7AI score0.00374EPSS
Exploits0References16
RedhatCVE
RedhatCVE
added 2026/01/09 12:36 p.m.10 views

CVE-2023-49316

In Math/BinaryField.php in phpseclib 3 before 3.0.34, excessively large degrees can lead to a denial of service...

7.5CVSS6.7AI score0.00762EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2021-0879

Malware in sbrugna...

7.5CVSS7.4AI score0.01085EPSS
Exploits0References8
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-1036

Malicious code in bioql PyPI...

7.5CVSS7.4AI score0.00815EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2025/08/30 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2024-27354

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in phpseclib 1.x before 1.0.23, 2.x before 2.0.47, and 3.x before 3.0.36. An attacker can construct a malformed certificate containing a...

7.5CVSS7.2AI score0.00815EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/30 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2023-27560

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Math/PrimeField.php in phpseclib 3.x before 3.0.19 has an infinite loop with composite primefields. CVE-2023-27560 Note that Nessus relies on the presence of th...

7.5CVSS7.2AI score0.00815EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/30 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2023-49316

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Math/BinaryField.php in phpseclib 3 before 3.0.34, excessively large degrees can lead to a denial of service. CVE-2023-49316 Note that Nessus relies on the...

7.5CVSS7.2AI score0.00762EPSS
Exploits0References2
Redos
Redos
added 2025/08/18 12:0 a.m.5 views

ROS-20250818-03

Vulnerability of phpseclib cryptographic protocol library is related to incorrect processing of RSA PKCS1 signature verification. of RSA PKCS1 signatures. Exploitation of the vulnerability could allow an attacker acting remotely, to compromise the target system. A vulnerability in the phpseclib...

7.5CVSS7.3AI score0.01085EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/08/18 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2024-27355

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in phpseclib 1.x before 1.0.23, 2.x before 2.0.47, and 3.x before 3.0.36. When processing the ASN.1 object identifier of a certificate, ...

7.5CVSS7.4AI score0.00569EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/10 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2016-2042

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - phpMyAdmin 4.4.x before 4.4.15.3 and 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request to 1...

5.3CVSS6.2AI score0.02383EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2025/05/26 12:0 a.m.8 views

Fedora: Security Advisory (FEDORA-2025-91d6e174d9)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.1AI score0.00601EPSS
Exploits1References3
BDU FSTEC
BDU FSTEC
added 2025/05/02 12:0 a.m.8 views

The vulnerability of the phpseclib cryptographic protocol library, related to incorrect input validation, allows attackers to trigger a service failure.

The vulnerability of the phpseclib cryptographic protocol library is related to insufficient checks on the data entered by users. Exploiting this vulnerability could allow a malicious actor to cause service failures...

7.8CVSS7.2AI score0.00569EPSS
Exploits0References5Affected Software2
Rows per page
Query Builder