CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added 2026/01/23 6:19 a.m.•7 views

CVE-2026-23966

sm-crypto provides JavaScript implementations of the Chinese cryptographic algorithms SM2, SM3, and SM4. A private key recovery vulnerability exists in the SM2 decryption logic of sm-crypto prior to version 0.3.14. By interacting with the SM2 decryption interface multiple times, an attacker can...

9.1CVSS5.5AI score0.0001EPSS

NVD•added 2026/01/22 3:15 a.m.•5 views

CVE-2026-23966

9.1CVSS0.0001EPSS

OSV•added 2026/01/22 2:6 a.m.•3 views

CVE-2026-23966 sm-crypto Affected by Private Key Recovery in SM2-PKE

9.1CVSS5.6AI score0.0001EPSS

Exploits0References4

CVE•added 2026/01/22 2:6 a.m.•16 views

CVE-2026-23966

CVE-2026-23966 (sm-crypto) affects the JavaScript library implementing SM2/SM3/SM4. The vulnerability resides in the SM2 decryption logic, where an attacker can recover the private key by repeatedly invoking the SM2 decryption interface. The issue exists in versions prior to 0.3.14; version 0.3.1...

9.1CVSS5.5AI score0.0001EPSS

Exploits0References2Affected Software1

ATTACKERKB•added 2026/01/22 2:6 a.m.•3 views

CVE-2026-23966

9.1CVSS5.3AI score0.0001EPSS

Exploits0References3Affected Software1

Cvelist•added 2026/01/22 2:6 a.m.•21 views

CVE-2026-23966 sm-crypto Affected by Private Key Recovery in SM2-PKE

9.1CVSS0.0001EPSS

CVE•added 2026/01/22 1:59 a.m.•13 views

CVE-2026-23967

Summary: CVE-2026-23967 affects the JavaScript library sm-crypto (SM2/SM3/SM4) via a signature malleability flaw in the SM2 verification logic present before version 0.3.14. An attacker can derive a new valid signature for a previously signed message from an existing signature. The issue is fixed...

7.5CVSS5.5AI score0.00011EPSS

Exploits0References1Affected Software1

Vulnrichment•added 2026/01/22 1:59 a.m.•2 views

CVE-2026-23967 sm-crypto Affected by Signature Malleability in SM2-DSA

7.5CVSS5.6AI score0.00011EPSS

Cvelist•added 2026/01/22 1:59 a.m.•22 views

CVE-2026-23967 sm-crypto Affected by Signature Malleability in SM2-DSA

7.5CVSS0.00011EPSS

CNNVD•added 2026/01/22 12:0 a.m.•4 views

sm-crypto data forgery vulnerability

sm-crypto is an encryption algorithm developed by June01, a personal developer. Versions of sm-crypto prior to 0.3.14 contained a data manipulation vulnerability. This vulnerability stemmed from defects in the SM2 decryption logic, which could lead to the recovery of private keys...

9.1CVSS5.7AI score0.0001EPSS

Snyk•added 2026/01/21 4:13 p.m.•3 views

Insufficient Verification of Data Authenticity

Overview sm-crypto is a sm-crypto Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity in the SM2 decryption logic. An attacker can recover sensitive private key material by repeatedly interacting with the decryption interface. Remediation Upgrade...

9.1CVSS5.9AI score0.0001EPSS

SUSE CVE•added 2025/03/21 2:50 a.m.•0 views

SUSE CVE-2025-0315

A vulnerability in ollama/ollama =0.3.14 allows a malicious user to create a customized GGUF model file, upload it to the Ollama server, and create it. This can cause the server to allocate unlimited memory, leading to a Denial of Service DoS attack...

7.5CVSS7AI score0.00079EPSS

Exploits1References4

vulnersOsv•added 2025/03/20 12:32 p.m.•1 views

act-workflow (>=4.8.2 <=4.8.399), agent-builder (=0.0.1) +15 more potentially affected by CVE-2024-10940 via langchain-core (>=0.3.0 <=0.3.14)

langchain-core PYPI version =0.3.0, =4.8.2, =0.1.6, =0.3.0, =0.0.4, =0.1.14rc1, =0.1.8rc1, =0.3.0.dev1, =0.1.0, =4.2.1, =0.1.0, =0.4.16, =0.5.69 and more Source cves: CVE-2024-10940 Source advisory: OSV:GHSA-5CHR-FJJV-38QV...

5.3CVSS6AI score0.00274EPSS

Exploits0

CNNVD•added 2025/03/20 12:0 a.m.•2 views

Ollama 缓冲区错误漏洞

Ollama is a large language model that can be started and run locally from the Ollama open source. A buffer error vulnerability exists in Ollama versions 0.3.14 and earlier, which originates from an out-of-bounds read in the gguf.go file and could lead to a denial of service attack...

7.5CVSS7.3AI score0.00071EPSS

Positive Technologies•added 2025/03/20 12:0 a.m.•9 views

PT-2025-12311 · Ollama · Ollama

Name of the Vulnerable Software and Affected Versions: ollama/ollama versions 0.3.14 and earlier Description: A malicious user can create a customized GGUF model file, upload it to the Ollama server, and create it, causing the server to allocate unlimited memory. This leads to a Denial of Service...

7.5CVSS7.3AI score0.02093EPSS

Exploits5References17

CNNVD•added 2025/03/20 12:0 a.m.•2 views

Ollama 代码问题漏洞

Ollama is a large language model that can be started and run locally from the Ollama open source. A code issue vulnerability exists in Ollama version 0.3.14 and earlier, which stems from unchecked null pointer dereferences and could lead to a denial of service attack...

7.5CVSS7.3AI score0.00142EPSS

CNNVD•added 2025/03/20 12:0 a.m.•1 views

Ollama 数字错误漏洞

Ollama is a large language model that can be started and run locally from the Ollama open source. A numeric error vulnerability exists in Ollama version 0.3.14 and earlier, which stems from a divide-by-zero error in the ggufPadding function, and could lead to a server crash and denial-of-service...

7.5CVSS7.3AI score0.02093EPSS

CNNVD•added 2025/03/20 12:0 a.m.•2 views

Ollama 安全漏洞

Ollama is an Ollama open source large-scale language model that can be started and run locally. A security vulnerability exists in Ollama version 0.3.14 and earlier, which stems from the fact that uploading a custom GGUF model file may cause the server to allocate unlimited memory, leading to a...

7.5CVSS7.3AI score0.00079EPSS