CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Positive Technologies•added 2026/05/06 12:0 a.m.•9 views

PT-2026-37962

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JSSE. Supported versions that are affected are Oracle Java SE: 11.0.17, 17.0.5, 19.0.1; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and 22.3.0. Easily exploitable vulnerability allows...

5.3CVSS6.8AI score0.01836EPSS

Exploits0References5

EUVD•added 2026/05/04 9:8 a.m.•4 views

EUVD-2026-26926

A heap buffer overflow vulnerability exists in the DTLS handshake fragment reassembly logic of GnuTLS. The issue arises in mergehandshakepacket where incoming handshake fragments are matched and merged based solely on handshake type, without validating that the messagelength field remains...

7.5CVSS6.1AI score0.00992EPSS

Snyk•added 2026/04/30 5:28 p.m.•2 views

Integer Underflow (Wrap or Wraparound)

Overview Affected versions of this package are vulnerable to Integer Underflow Wrap or Wraparound via the DTLS handshake parsing process. An attacker can cause an out-of-bounds read and potentially disclose sensitive memory or crash the application by sending specially crafted DTLS handshake...

9.1CVSS5.8AI score0.00669EPSS

Tenable Nessus•added 2026/04/10 12:0 a.m.•2 views

Linux Distros Unpatched Vulnerability : CVE-2026-5264

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Heap buffer overflow in DTLS 1.3 ACK message processing. A remote attacker can send a crafted DTLS 1.3 ACK message that triggers a heap buffer overflow...

9.8CVSS6AI score0.00446EPSS

EUVD•added 2026/04/09 9:31 p.m.•3 views

EUVD-2026-21180

In wolfSSL, ARIA-GCM cipher suites used in TLS 1.2 and DTLS 1.2 reuse an identical 12-byte GCM nonce for every application-data record. Because wcAriaEncrypt is stateless and passes the caller-supplied IV verbatim to the MagicCrypto SDK with no internal counter, and because the explicit IV is...

6CVSS5.9AI score0.00239EPSS

RedhatCVE•added 2025/11/28 4:13 p.m.•4 views

CVE-2025-65499

A flaw was found in libcoap. A remote attacker can cause a denial of service via a NULL pointer dereference due to improper handling of the return values of OpenSSL functions during DTLS Datagram Transport Layer Security operations...

4.3CVSS6.5AI score0.00217EPSS

RedhatCVE•added 2025/11/28 4:13 p.m.•4 views

CVE-2025-65500

4.3CVSS6.5AI score0.00217EPSS

Snyk•added 2025/11/24 2:40 p.m.•2 views

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference via the coapdtlsinfocallback function when a DTLS handshake occurs and SSLgetappdata returns NULL. An attacker can cause the application to crash by initiating a specially crafted DTLS handshake. Remediation...

7.1CVSS5.7AI score0.00217EPSS

OSV•added 2025/11/24 2:15 p.m.•2 views

DEBIAN-CVE-2025-65496

NULL pointer dereference in coapdtlsgeneratecookie in src/coapopenssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS handshake that triggers SSLgetSSLCTX to return NULL...

4.3CVSS5.3AI score0.00217EPSS

Positive Technologies•added 2025/11/24 12:0 a.m.•4 views

PT-2025-47914

NULL pointer dereference in coap dtls generate cookie in src/coap openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS handshake that triggers SSL get SSL CTX to return NULL...

6.7AI score0.00217EPSS

RedhatCVE•added 2025/10/16 2:52 p.m.•8 views

CVE-2025-61951

Undisclosed traffic can cause the Traffic Management Microkernel TMM to terminate. This issue may occur when a Datagram Transport Layer Security DTLS 1.2 virtual server is enabled with a Server SSL profile that is configured with a certificate, key, and the SSL Sign Hash set to ANY, and the backe...

8.7CVSS6.8AI score0.00227EPSS

EUVD•added 2025/10/15 3:30 p.m.•9 views

EUVD-2025-34636

8.7CVSS6.3AI score0.00227EPSS

Vulnrichment•added 2025/10/15 1:55 p.m.•3 views

CVE-2025-61951 BIG-IP DTLS 1.2 Vulnerability

8.7CVSS6.4AI score0.00227EPSS

Cvelist•added 2025/10/15 1:55 p.m.•7 views

CVE-2025-61951 BIG-IP DTLS 1.2 Vulnerability

8.7CVSS0.00227EPSS

Tenable Nessus•added 2025/10/15 12:0 a.m.•3 views

F5 Networks BIG-IP : BIG-IP DTLS 1.2 vulnerability (K000151309)

The version of F5 Networks BIG-IP installed on the remote host is prior to 16.1.6.1 / 17.1.3 / 17.5.1. It is, therefore, affected by a vulnerability as referenced in the K000151309 advisory. Undisclosed traffic can cause the Traffic Management Microkernel TMM to terminate. This issue may occur wh...

8.7CVSS5.6AI score0.00227EPSS

EUVD•added 2025/10/03 8:7 p.m.•4 views

EUVD-2022-3660

Malicious code in bioql PyPI...

5.3CVSS5.4AI score0.0183EPSS

Exploits0References6

AstraLinux•added 2025/06/16 11:28 a.m.•3 views

Astra Linux – Vulnerability in OpenSSL

Issue summary: Clients that use RFC7250 Raw Public Keys RPKs to authenticate a server may fail to notice that the server was not authenticated, because the handshake does not abort as expected when the SSLVERIFYPEER verification mode is set. Impact summary: TLS and DTLS connections that use raw...

6.3CVSS6.8AI score0.02357EPSS