CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

SUSE CVE•added 2026/03/04 12:29 a.m.•3 views

SUSE CVE-2026-3336

Improper certificate validation in PKCS7verify in AWS-LC allows an unauthenticated user to bypass certificate chain verification when processing PKCS7 objects with multiple signers, except the final signer. Customers of AWS services do not need to take action. Applications using AWS-LC should...

8.7CVSS5.8AI score0.00015EPSS

Tenable Nessus•added 2026/03/04 12:0 a.m.•1 views

Linux Distros Unpatched Vulnerability : CVE-2026-3338

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper signature validation in PKCS7verify in AWS-LC allows an unauthenticated user to bypass signature verification when processing PKCS7 objects with...

8.7CVSS7.5AI score0.00015EPSS

OSV•added 2026/03/02 10:16 p.m.•1 views

CVE-2026-3337

Observable timing discrepancy in AES-CCM decryption in AWS-LC allows an unauthenticated user to potentially determine authentication tag validity via timing analysis. The impacted implementations are through the EVP CIPHER API: EVPaes128ccm, EVPaes192ccm, and EVPaes256ccm. Customers of AWS servic...

8.2CVSS5.8AI score

OSV•added 2026/03/02 10:16 p.m.•0 views

CVE-2026-3338

Improper signature validation in PKCS7verify in AWS-LC allows an unauthenticated user to bypass signature verification when processing PKCS7 objects with Authenticated Attributes. Customers of AWS services do not need to take action. Applications using AWS-LC should upgrade to AWS-LC version 1.69...

8.7CVSS5.8AI score

NVD•added 2026/03/02 10:16 p.m.•5 views

CVE-2026-3338

8.7CVSS0.00015EPSS

NVD•added 2026/03/02 10:16 p.m.•6 views

CVE-2026-3336

8.7CVSS0.00015EPSS

EUVD•added 2026/03/02 9:22 p.m.•3 views

EUVD-2026-9266

CVE•added 2026/03/02 9:22 p.m.•8 views

CVE-2026-3338

The vulnerability CVE-2026-3338 arises from improper signature validation in PKCS7_verify() within the AWS-LC library, allowing an unauthenticated user to bypass signature verification when processing PKCS7 objects with Authenticated Attributes. Affected component: AWS-LC. Root cause: flawed sign...

Exploits0References3Affected Software2

ATTACKERKB•added 2026/03/02 9:15 p.m.•0 views

CVE-2026-3336

Exploits0References4Affected Software1

Vulnrichment•added 2026/03/02 9:15 p.m.•2 views

CVE-2026-3336 PKCS7_verify Certificate Chain Validation Bypass in AWS-LC

EUVD•added 2026/03/02 9:15 p.m.•5 views

EUVD-2026-9264

CVE•added 2026/03/02 9:15 p.m.•14 views

Exploits0References1

CVE-2026-3336

This CVE affects AWS-LC: improper certificate validation in PKCS7_verify() can bypass certificate chain verification for PKCS7 objects with multiple signers (excluding the final signer). Impact is high (integrity risk) with network attack potential. AWS customers are not required to act, but appl...

Exploits0References3Affected Software2

Cvelist•added 2026/03/02 9:15 p.m.•15 views

CVE-2026-3336 PKCS7_verify Certificate Chain Validation Bypass in AWS-LC

8.7CVSS0.00015EPSS

CNNVD•added 2026/03/02 12:0 a.m.•3 views

AWS libcrypto 安全漏洞

AWS libcrypto is a general-purpose encryption library open sourced by Amazon Web Services. Versions of AWS libcrypto prior to 1.69.0 contained security vulnerabilities. These vulnerabilities stemmed from observable time differences during AES-CCM decryption, which could potentially allow...

8.2CVSS7.5AI score0.00041EPSS

Exploits0References4

Positive Technologies•added 2026/03/02 12:0 a.m.•3 views

PT-2026-22704

Name of the Vulnerable Software and Affected Versions AWS-LC versions prior to 1.69.0 Description A flaw exists in the PKCS7 verify function within AWS-LC that permits an unauthenticated user to circumvent signature verification when handling PKCS7 objects containing Authenticated Attributes. Thi...

Cvelist•added 2025/11/06 9:57 p.m.•5 views

Exploits0References20

CVE-2025-64179 lakeFS: Unauthenticated access to API usage metrics

lakeFS is an open-source tool that transforms object storage into a Git-like repositories. In versions 1.69.0 and below, missing authentication in the /api/v1/usage-report/summary endpoint allows anyone to retrieve aggregate API usage counts. While no sensitive data is disclosed, the endpoint may...

5.3CVSS0.00052EPSS

CNNVD•added 2025/11/06 12:0 a.m.•1 views

lakeFS 安全漏洞

lakeFS is an open source tool from Treeverse Open Source that converts your object store into a Git-like repository. A security vulnerability exists in lakeFS 1.69.0 and earlier versions, which stems from a lack of authentication in the /api/v1/usage-report/summary endpoint that could lead to the...

5.3CVSS6.5AI score0.00052EPSS

Tenable Nessus•added 2025/08/27 12:0 a.m.•3 views

Linux Distros Unpatched Vulnerability : CVE-2022-39335

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. The Matrix Federation API allows remote homeservers to request...

5CVSS6AI score0.00138EPSS