Search Vulnerabilities

Deno node:crypto doesn't finalize cipher

Windows Kerberos Elevation of Privilege Vulnerability

The Bastion ttyrec files are not signed after encryption by the osh-encrypt-rsync script

frost-core: refresh shares with smaller min_signers will reduce group security

In MbedTLS 3

RLPx 5 has two CTR streams based on the same key, IV, and nonce

fossasia open-event-server Mail Verification mail.py send_email_change_user_email reliance on obfuscation or encryption of security-relevant inputs...

Missing Cryptographic Step

ALTBN128_ADD, ALTBN128_MUL, ALTBN128_PAIRING precompile functions do not check if points are on curve

sigstore-python has insufficient validation of integration timestamp during verification

Cisco Touch 10 Device Insufficient Identity Verification Vulnerability

Windows Kerberos Information Disclosure Vulnerability

Cryptographic issues with In-Meeting Chat for some Zoom clients may allow a privileged user to conduct an information disclosure via network access

xkeys Seal encryption used fixed key for all encryption

uthenticode EKU validation bypass

Missing Cryptographic Step

Exposure of information intended to be encrypted by some Zoom clients may lead to disclosure of sensitive information

Nextcloud: Lack of authenticity of metadata keys allows a malicious server to gain access to E2EE folders

Nextcloud Desktop client misbehaves with E2EE when the server returns empty list of metadata keys

Using its HSTS support, curl can be instructed to use HTTPS directly insteadof using an insecure clear-text HTTP step even when HTTP is provided in...