CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

449 matches found

CVE-2026-41565

CryptX versions before 0.088001 for Perl have a stack buffer overflow in four AEAD decryptverify helpers. The gcmdecryptverify, ccmdecryptverify, chacha20poly1305decryptverify and eaxdecryptverify XS routines copied the caller-supplied authentication tag into a fixed 144-byte stack buffer...

7.5CVSS6.1AI score0.0011EPSS

Exploits0References6

Positive Technologies•added 2026/05/28 12:0 a.m.•7 views

PT-2026-44386

CryptX versions before 0.088 001 for Perl have a stack buffer overflow in four AEAD decrypt verify helpers. The gcm decrypt verify, ccm decrypt verify, chacha20poly1305 decrypt verify and eax decrypt verify XS routines copied the caller-supplied authentication tag into a fixed 144-byte stack buff...

6.1AI score0.0011EPSS

Exploits0References6

AstraLinux•added 2026/05/20 5:53 a.m.•5 views

Astra Linux - уязвимость в paramiko, libssh, libssh2, erlang, openssh

The SSH transport protocol, with certain OpenSSH extensions, found in OpenSSH versions prior to 9.6 and other products, allows remote attackers to bypass integrity checks. As a result, some packets may be omitted from the extension negotiation message. Consequently, the client and server may end ...

5.9CVSS6.9AI score0.54214EPSS

Exploits3References2

AstraLinux•added 2026/05/20 5:53 a.m.•2 views

Astra Linux - уязвимость в nss

A flaw was discovered in the implementation of CHACHA20-POLY1305 in NSS versions prior to 3.55. When using multi-part Chacha20, it could lead to out-of-bounds reads. This issue was addressed by explicitly disabling multi-part ChaCha20 which was not functioning correctly and enforcing strict tag...

9.1CVSS7.1AI score0.0072EPSS

Exploits0References1

AstraLinux•added 2026/05/20 5:53 a.m.•4 views

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: s390/crypto: Use vector instructions only if they are available for ChaCha20. Commit 349d03ffd5f6 “crypto: s390 – add a crypto library interface for ChaCha20” added a library interface to the s390-specific ChaCha20...

5.9AI score0.00024EPSS

Exploits0References2

Tenable Nessus•added 2026/05/11 12:0 a.m.•2 views

Unity Linux 20.1060e / 20.1070e Security Update: nss (UTSA-2026-017618)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017618 advisory. A flaw was found in the way CHACHA20-POLY1305 was implemented in NSS in versions before 3.55. When using multi-part Chacha20, it could cause out-of-bounds reads. Thi...

9.1CVSS7AI score0.0072EPSS

Exploits0References4

AstraLinux•added 2026/05/03 11:59 p.m.•1 views

Astra Linux - уязвимость в firefox, nss

Calling PK11Encrypt in NSS using CKMCHACHA20 and the same buffer for input and output can result in plaintext on an Intel Sandy Bridge processor. In Firefox, this only affects the QUIC header protection feature when the connection uses the ChaCha20-Poly1305 cipher suite. The most likely outcome i...

6.5CVSS6.7AI score0.00062EPSS

Exploits0References2

OSV•added 2026/04/27 6:33 p.m.•2 views

JLSEC-2026-245 Issue summary: The POLY1305 MAC (message authentication code) implementation contains a bug that...

Issue summary: The POLY1305 MAC message authentication code implementation contains a bug that might corrupt the internal state of applications running on PowerPC CPU based platforms if the CPU provides vector instructions. Impact summary: If an attacker can influence whether the POLY1305 MAC...

6.5CVSS7.3AI score0.03331EPSS

Exploits0References16

OSV•added 2026/04/27 6:33 p.m.•2 views

JLSEC-2026-242 Issue summary: The POLY1305 MAC (message authentication code) implementation contains a bug that...

Issue summary: The POLY1305 MAC message authentication code implementation contains a bug that might corrupt the internal state of applications on the Windows 64 platform when running on newer X8664 processors supporting the AVX512-IFMA instructions. Impact summary: If in an application that uses...

7.8CVSS6.8AI score0.00728EPSS

Exploits0References11

RedhatCVE•added 2026/04/22 7:22 a.m.•2 views

CVE-2026-5479

In wolfSSL's EVP layer, the ChaCha20-Poly1305 AEAD decryption path in wolfSSLEVPCipherFinal and related EVP cipher finalization functions fails to verify the authentication tag before returning plaintext to the caller. When an application uses the EVP API to perform ChaCha20-Poly1305 decryption,...

8.1CVSS5.7AI score0.00003EPSS

Exploits0References1

Positive Technologies•added 2026/04/22 12:0 a.m.•4 views

PT-2026-36652

Name of the Vulnerable Software and Affected Versions Gitea affected versions not specified Description The built-in SSH server uses default configurations that advertise weak or broken key exchange, MAC, and host key algorithms. Specifically, the server supports the ecdh-sha2-nistp256,...

6.3CVSS5.8AI score

Exploits0References5

EUVD•added 2026/04/10 6:31 a.m.•3 views

EUVD-2026-21292

7.6CVSS5.9AI score0.00003EPSS

Exploits0References2

OSV•added 2026/04/10 4:17 a.m.•0 views

DEBIAN-CVE-2026-5479

8.1CVSS5.3AI score0.00003EPSS

Exploits0References1

NVD•added 2026/04/10 4:17 a.m.•1 views

CVE-2026-5479

8.1CVSS0.00003EPSS

Exploits0References1

OSV•added 2026/04/10 4:17 a.m.•0 views

UBUNTU-CVE-2026-5479

8.1CVSS5.8AI score0.00003EPSS

Exploits0References3

Cvelist•added 2026/04/10 2:38 a.m.•27 views

CVE-2026-5479 wolfSSL EVP ChaCha20-Poly1305 AEAD authentication tag

7.6CVSS0.00003EPSS

Exploits0References1

CVE•added 2026/04/10 2:38 a.m.•14 views

CVE-2026-5479

In wolfSSL, the ChaCha20-Poly1305 AEAD decryption path in the EVP layer (wolfSSL_EVP_CipherFinal and related finalization functions) fails to verify the authentication tag before returning plaintext. As a result, when using the EVP API to decrypt ChaCha20-Poly1305, the tag may be computed or acce...

8.1CVSS5.9AI score0.00003EPSS

Exploits0References1Affected Software1