CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added yesterday•2 views

UBUNTU-CVE-2026-55653

CVE•added yesterday•13 views

Exploits0References4

CVE-2026-55653

CVE-2026-55653 affects OpenSSH and describes a double-free in the DH-GEX client path during FIPS known-group validation, allowing a malicious SSH server to terminate the client process and cause a Denial of Service. The issue is tied to processing attacker-controlled DH-GEX group parameters and i...

EUVD•added yesterday•10 views

EUVD-2026-38412

Cvelist•added yesterday•27 views

CVE-2026-55653 Openssh: double free in red hat enterprise linux versions of openssh dh-gex client path during fips known-group validation leads to client-side denial of service

4.3CVSS0.00201EPSS

RedhatCVE•added yesterday•9 views

CVE-2026-55653

Tenable Nessus•added yesterday•4 views

Linux Distros Unpatched Vulnerability : CVE-2026-55653

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in OpenSSH. A malicious SSH server can exploit a double free vulnerability in the Diffie- Hellman Group Exchange DH-GEX client path. This occur...

IBM Security Bulletins•added 6 days ago•63 views

Security Bulletin: Securing your products against OpenSSL and TLS vulnerabilities

Question Security Bulletin: Securing your products against OpenSSL and TLS vulnerabilities "Business Unit":"code":"BU059","label":"IBM Software w/o TPS","Product":"code":"SS8NDZ","label":"IBM Aspera","Component":"","Platform":"code":"PF025","label":"Platform Independent","Version":"All...

5.4AI score

Exploits0Affected Software1

SUSE CVE•added 2026/06/13 2:19 a.m.•6 views

SUSE CVE-2026-42770

Issue summary: When EVPPKEYderivesetpeer is called with a DHX X9.42 peer key, the peer key is not properly checked for the subgroup membership. Impact summary: A malicious peer which presents an X9.42 key carrying the victim's p and g parameters, a forged q = r a small prime factor of the cofacto...

5CVSS5.2AI score0.00259EPSS

Exploits0References9

RedHat Linux•added 2026/06/11 1:24 p.m.•7 views

openssl: FFC-DH Peer Validation Uses Attacker-Supplied q

A flaw was found in OpenSSL. A malicious peer can exploit this vulnerability by presenting a specially crafted DHX X9.42 peer key. Due to improper validation of the peer key's subgroup membership, an attacker can recover the victim's private key after a small number of key exchange attempts. This...

RedHat Linux•added 2026/06/11 1:9 p.m.•4 views

Exploits0References4

openssl: FFC-DH Peer Validation Uses Attacker-Supplied q

RedhatCVE•added 2026/06/10 1:34 p.m.•7 views

Exploits0References4

CVE-2026-42770

5.9CVSS5AI score0.00259EPSS

Tenable Nessus•added 2026/06/10 12:0 a.m.•9 views

Linux Distros Unpatched Vulnerability : CVE-2026-42770

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Issue summary: When EVPPKEYderivesetpeer is called with a DHX X9.42 peer key, the peer key is not properly checked for the subgroup membership. Impact summary: ...

EUVD•added 2026/06/09 6:30 p.m.•8 views

EUVD-2026-35487

OSV•added 2026/06/09 5:17 p.m.•5 views

Exploits0References7

ALPINE-CVE-2026-42770

Debian CVE•added 2026/06/09 4:3 p.m.•9 views

Exploits0References1

CVE-2026-42770

3.7CVSS5.3AI score0.00259EPSS

Exploits0

CVE•added 2026/06/09 4:3 p.m.•43 views

CVE-2026-42770

CVE-2026-42770 affects OpenSSL FIPS modules (4.0, 3.6, 3.5, 3.4, 3.0) and related deployments using EVP_PKEY_derive_set_peer() with DHX/X9.42 keys. The vulnerability arises when the subgroup check Y^q ≡ 1 (mod p) uses the peer’s q instead of the local key’s q, allowing a malicious X9.42 peer to c...