Lucene search
K

54 matches found

Cvelist
Cvelist
added 2026/06/18 5:6 p.m.20 views

CVE-2026-48984 pam_usb: xfree() does not call explicit_bzero — sensitive cryptographic material may linger in freed heap

pamusb provides hardware authentication for Linux using ordinary removable media. In versions 0.9.1 and below, the xfree memory release helper in calls free without first zeroing the buffer contents, releasing heap-allocated buffers containing sensitive data — including one-time pad bytes read fr...

4.7CVSS0.00109EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/08 3:41 p.m.12 views

EUVD-2026-35148

In the Linux kernel, the following vulnerability has been resolved: tpm: Use kfreesensitive to free auth session in tpmdevrelease tpmdevrelease uses plain kfree to free chip-auth, which contains sensitive cryptographic material including HMAC session keys, nonces, and passphrase data struct...

5.5AI score0.00122EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.16 views

PT-2026-46246

The factory reset functionality in GNCC GP5 v7.1.76 fails to clear sensitive cryptographic material in the JFFS2 configuration partition, possibly allowing attackers to recover and obtain sensitive user data...

5.8AI score0.00145EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/04 12:0 a.m.6 views

CVE-2026-36178

The factory reset functionality in GNCC GP5 v7.1.76 fails to clear sensitive cryptographic material in the JFFS2 configuration partition, possibly allowing attackers to recover and obtain sensitive user data...

4.6CVSS5.8AI score0.00145EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/04 12:0 a.m.13 views

EUVD-2026-34280

The factory reset functionality in GNCC GP5 v7.1.76 fails to clear sensitive cryptographic material in the JFFS2 configuration partition, possibly allowing attackers to recover and obtain sensitive user data...

4.6CVSS5.8AI score0.00145EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/04 12:0 a.m.13 views

CVE-2026-36178

The factory reset functionality in GNCC GP5 v7.1.76 fails to clear sensitive cryptographic material in the JFFS2 configuration partition, possibly allowing attackers to recover and obtain sensitive user data...

5.8AI score0.00145EPSS
Exploits0References3
CVE
CVE
added 2026/06/04 12:0 a.m.28 views

CVE-2026-36178

GNCC GP5 v7.1.76 is affected: the factory reset does not clear sensitive cryptographic material in the JFFS2 configuration partition, potentially enabling recovery of sensitive user data. Available documents provide the issue and impact but do not specify a patch or mitigation.

4.6CVSS5.8AI score0.00145EPSS
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/21 1:31 a.m.16 views

Malicious code in polygon-toolkit-validate (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 77c6fa5fc2aa45c8649c09e54e0f5b318b096a78a133380d18d5379621ba819c The package presents a Polygon/Polymarket validation/crypto utility but its exported APIs silently relay caller data to a hardcoded remote endpoint. ...

5.9AI score
Exploits0References1
Cvelist
Cvelist
added 2026/05/11 4:4 p.m.32 views

CVE-2026-33362 Meari SDK hardcoded cryptographic keys

In Meari IoT SDK builds embedded in CloudEdge 5.5.0 build 220, Arenti 1.8.1 build 220, and white-label Android apps = 1.8.x latest observed, multiple security-critical secrets are hardcoded and shared, including API signing material, password-transport keying, and service access keys...

8.6CVSS0.00241EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/03/26 3:4 p.m.3 views

CVE-2026-3564

A condition in ScreenConnect may allow an actor with access to server-level cryptographic material used for authentication to obtain unauthorized access, including elevated privileges, in certain scenarios...

9CVSS6AI score0.00362EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/17 3:36 p.m.3 views

EUVD-2026-12574

A condition in ScreenConnect may allow an actor with access to server-level cryptographic material used for authentication to obtain unauthorized access, including elevated privileges, in certain scenarios...

9CVSS5.8AI score0.00362EPSS
Exploits0References2
NVD
NVD
added 2026/03/17 3:16 p.m.2 views

CVE-2026-3564

A condition in the ScreenConnect server component may allow an actor with access to server-level cryptographic material used for authentication to obtain unauthorized access, including elevated privileges, in certain scenarios. ScreenConnect host and guest client agents are not independently...

9CVSS0.00362EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/17 2:48 p.m.20 views

CVE-2026-3564 ScreenConnect Instance Level Cryptographic Material Exposure

A condition in the ScreenConnect server component may allow an actor with access to server-level cryptographic material used for authentication to obtain unauthorized access, including elevated privileges, in certain scenarios. ScreenConnect host and guest client agents are not independently...

9CVSS0.00362EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/17 2:48 p.m.3 views

CVE-2026-3564 ScreenConnect Instance Level Cryptographic Material Exposure

A condition in the ScreenConnect server component may allow an actor with access to server-level cryptographic material used for authentication to obtain unauthorized access, including elevated privileges, in certain scenarios. ScreenConnect host and guest client agents are not independently...

9CVSS6.1AI score0.00362EPSS
Exploits0References1
CVE
CVE
added 2026/03/17 2:48 p.m.59 views

CVE-2026-3564

CVE-2026-3564 affects ConnectWise ScreenConnect. A condition in ScreenConnect may allow an attacker who already has access to server‑level cryptographic material used for authentication to obtain unauthorized access, including elevated privileges, in certain scenarios. Red Hat, EUVD, NVD, and CVE...

9CVSS6.1AI score0.00362EPSS
In wildExploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/17 2:48 p.m.8 views

CVE-2026-3564

A condition in the ScreenConnect server component may allow an actor with access to server-level cryptographic material used for authentication to obtain unauthorized access, including elevated privileges, in certain scenarios. ScreenConnect host and guest client agents are not independently...

9CVSS6.1AI score0.00362EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/17 12:0 a.m.12 views

PT-2026-25901

Name of the Vulnerable Software and Affected Versions ScreenConnect versions prior to 26.1 Description A flaw in ScreenConnect could allow an attacker with access to server-level cryptographic material used for authentication to gain unauthorized access, potentially including elevated privileges...

9CVSS6.2AI score0.00362EPSS
Exploits0References25
RedhatCVE
RedhatCVE
added 2026/03/07 1:44 a.m.8 views

CVE-2026-28714

Unnecessary transmission of sensitive cryptographic material. The following products are affected: Acronis Cyber Protect 17 Linux, Windows before build 41186...

4.8CVSS5.8AI score0.00166EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/06 12:31 a.m.7 views

EUVD-2026-9949

Unnecessary transmission of sensitive cryptographic material. The following products are affected: Acronis Cyber Protect 17 Linux, Windows before build 41186...

4.8CVSS5.9AI score0.00166EPSS
Exploits0References2
NVD
NVD
added 2026/03/06 12:16 a.m.10 views

CVE-2026-28714

Unnecessary transmission of sensitive cryptographic material. The following products are affected: Acronis Cyber Protect 17 Linux, Windows before build 41186...

4.8CVSS0.00166EPSS
Exploits0References1
Rows per page
Query Builder