CVE-2026-32313

xmlseclibs is a library written in PHP for working with XML Encryption and Signatures. Prior to 3.1.5, XML nodes encrypted with either aes-128-gcm, aes-192-gcm, or aes-256-gcm lack validation of the authentication tag length. An attacker can use this to brute-force an authentication tag, recover...

Xmlseclibs 安全漏洞

Xmlseclibs is a library developed by robrichards, written in PHP, for handling XML encryption and signing. Versions of Xmlseclibs prior to 3.1.5 contained security vulnerabilities. These vulnerabilities stemmed from the lack of authentication tag length validation for XML nodes encrypted using...

EUVD-2026-12099

simplesamlphp/xml-security: Missing AES-GCM Authentication Tag Validation on Encrypted Nodes Allows for Unauthorized Decryption...

OESA-2025-2383 xml-security security update

The XML Security project is aimed at providing implementation of security standards for XML. Currently the focus is on the W3C standards : - XML-Signature Syntax and Processing; and - XML Encryption Syntax and Processing. Security Fixes: All versions of Apache Santuario - XML Security for Java...

EUVD-2011-1110

Malware in sbrugna...

EUVD-2022-1634

Malicious code in bioql PyPI...

php-saml

This is a PHP SAML toolkit for adding SAML support to PHP software. It is a library provided and supported by OneLogin Inc. The library is compatible with PHP versions greater than 7.1. The library includes features such as: Support for SAML 2.0 Support for SAML 1.1 Support for SAML 1.0 Support f...

RHEL 5 / 6 : JBoss Enterprise Web Platform 5.2.0 (RHSA-2013:0874)

The remote Redhat Enterprise Linux 5 / 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2013:0874 advisory. The Enterprise Web Platform is a slimmed down profile of the JBoss Enterprise Application Platform intended for mid-size workloads with light and...

EUVD-2024-1373

xml-crypto is an xml digital signature and encryption library for Node.js. In affected versions the default configuration does not check authorization of the signer, it only checks the validity of the signature per section 3.2.2 of the w3 xmldsig-core-20080610 spec. As such, without additional...

CVE-2024-32962 XML signature verification bypass due improper verification of signature / signature spoofing

xml-crypto is an xml digital signature and encryption library for Node.js. In affected versions the default configuration does not check authorization of the signer, it only checks the validity of the signature per section 3.2.2 of the w3 xmldsig-core-20080610 spec. As such, without additional...

SUSE CVE-2011-2487

The implementations of PKCS1 v1.5 key transport mechanism for XMLEncryption in JBossWS and Apache WSS4J before 1.6.5 is susceptible to a Bleichenbacher attack...

[SECURITY] Fedora 37 Update: xmlsec1-1.2.34-4.fc37

XML Security Library is a C library based on LibXML2 and OpenSSL. The library was created with a goal to support major XML security standards "XML Digital Signature" and "XML Encryption"...

[SECURITY] Fedora 36 Update: xmlsec1-1.2.33-3.fc36

XML Security Library is a C library based on LibXML2 and OpenSSL. The library was created with a goal to support major XML security standards "XML Digital Signature" and "XML Encryption"...

GHSA-7V5V-9V8R-W864 Inadequate Encryption Strength in Apache CXF

Apache CXF 2.5.x before 2.5.10, 2.6.x before CXF 2.6.7, and 2.7.x before CXF 2.7.4 does not verify that a specified cryptographic algorithm is allowed by the WS-SecurityPolicy AlgorithmSuite definition before decrypting, which allows remote attackers to force CXF to use weaker cryptographic...

Inadequate Encryption Strength in Apache CXF

Apache CXF 2.5.x before 2.5.10, 2.6.x before CXF 2.6.7, and 2.7.x before CXF 2.7.4 does not verify that a specified cryptographic algorithm is allowed by the WS-SecurityPolicy AlgorithmSuite definition before decrypting, which allows remote attackers to force CXF to use weaker cryptographic...

GHSA-4QQF-HMV6-R6WH Use of a Broken or Risky Cryptographic Algorithm in Apache WSS4J

The implementations of PKCS1 v1.5 key transport mechanism for XMLEncryption in JBossWS and Apache WSS4J before 1.6.5 is susceptible to a Bleichenbacher attack...

simpleSAMLphp incorrectly handles XML encryption

simplesamlphp before 1.6.3 squeeze and before 1.8.2 sid incorrectly handles XML encryption which could allow remote attackers to decrypt or forge messages...

Fedora: Security Advisory for php-robrichards-xmlseclibs1 (FEDORA-2020-af82229ae5)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora: Security Advisory for php-robrichards-xmlseclibs1 (FEDORA-2020-46d0f456a9)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora: Security Advisory for php-robrichards-xmlseclibs1 (FEDORA-2020-1b95d7a131)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...