CVE-2026-8367

aria2c accepts a server certificate with incorrect Extended Key Usage EKU. If the attackers compromise a certificate with the associated private key issued for a different purpose, they may be able to reuse it for TLS server authentication...

CVE-2026-1858

wget2 accepts a server certificate with incorrect Key Usage KU or Extended Key Usage EKU. If the attackers compromise a certificate with the associated private key issued for a different purpose, they may be able to reuse it for TLS server authentication...

CVE-2026-1858

wget2 accepts a server certificate with incorrect Key Usage KU or Extended Key Usage EKU. If the attackers compromise a certificate with the associated private key issued for a different purpose, they may be able to reuse it for TLS server authentication...

PT-2026-36003

Name of the Vulnerable Software and Affected Versions wget2 affected versions not specified Description An issue exists where the software accepts server certificates with incorrect Key Usage KU or Extended Key Usage EKU. This could allow an attacker who has compromised a certificate and its...

Panic in Standalone MAC Operations

An incorrect constant for the key length in libcrux-poly1305 caused the standalone MAC function libcruxpoly1305::mac to always panic with an out-of-bounds memory access. Impact Applications wishing to use libcrux-poly1305 as a standalone MAC would experience panics. The use of libcrux-poly1305 in...

Enhancing Deep Learning-Based Rotational-XOR Attacks on Lightweight Block Ciphers Simon32/64 and Simeck32/64

At CRYPTO 2019, Gohr pioneered neural cryptanalysis by introducing differential-based neural distinguishers to attack Speck32/64, establishing a novel paradigm combining deep learning with differential cryptanalysis.Since then, constructing neural distinguishers has become a significant approach ...

Biscuit 安全漏洞

Biscuit is a delegated, decentralized, capability-based authorization token from biscuit-auth open source. A security vulnerability exists in Biscuit that stems from a data log that allows a malicious user to trick a third-party authority into generating a key pair with the wrong trust via a forg...

biscuit-rust 安全漏洞

biscuit-rust is a Rust implementation of the Biscuit authorization token from the biscuit-auth open source. A security vulnerability exists in biscuit-rust version 4, which stems from the fact that a malicious user's spoofed third-party block request can trick a third-party organization into...

CVE-2022-2993 bt: host: Wrong key validation check

There is an error in the condition of the last if-statement in the function smpcheckkeys. It was rejecting current keys if all requirements were unmet...

DEBIAN-CVE-2013-4166

The gpgctxaddrecipient function in camel/camel-gpg-context.c in GNOME Evolution 3.8.4 and earlier and Evolution Data Server 3.9.5 and earlier does not properly select the GPG key to use for email encryption, which might cause the email to be encrypted with the wrong key and allow remote attackers...

postgresql: pgcrypto has multiple error messages for decryption with an incorrect key.

It was discovered that the pgcrypto module could return different error messages when decrypting certain data with an incorrect key. This could potentially help an authenticated user to launch a possible cryptographic attack, although no suitable attack is currently known...

postgresql: pgcrypto has multiple error messages for decryption with an incorrect key.

It was discovered that the pgcrypto module could return different error messages when decrypting certain data with an incorrect key. This could potentially help an authenticated user to launch a possible cryptographic attack, although no suitable attack is currently known...

postgresql: pgcrypto has multiple error messages for decryption with an incorrect key.

It was discovered that the pgcrypto module could return different error messages when decrypting certain data with an incorrect key. This could potentially help an authenticated user to launch a possible cryptographic attack, although no suitable attack is currently known...

Evolution / libcamel messages encryption vulnerabilities

Under some conditions messages are encrypted with wrong key...

PT-2020-7479 · Gnome +3 · Gnome Evolution +4

Name of the Vulnerable Software and Affected Versions: GNOME Evolution versions 3.8.4 and earlier Evolution Data Server versions 3.9.5 and earlier Description: The issue is related to the gpg ctx add recipient function, which does not properly select the GPG key for email encryption. This might...