Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

89376 matches found

Snyk
Snykadded 2026/06/09 6:32 p.m.6 views

Covert Channel

Overview Affected versions of this package are vulnerable to Covert Channel information exposure from CMSdecrypt and PKCS7decrypt. An attacker who can supply CMS or S/MIME messages and observe the application's error code and/or decryption output can use the victim's process as an adaptive chosen...

6.3CVSS5.7AI score0.00364EPSS
Exploits0References2
EUVD
EUVDadded 2026/06/09 6:30 p.m.8 views

EUVD-2026-35680

Server-side request forgery ssrf in Microsoft Exchange Server allows an authorized attacker to elevate privileges over a network...

8.8CVSS5.4AI score0.00426EPSS
Exploits0References2
EUVD
EUVDadded 2026/06/09 6:30 p.m.15 views

EUVD-2026-35677

Server-side request forgery ssrf in Microsoft Exchange Server allows an authorized attacker to perform spoofing over a network...

6.5CVSS5.4AI score0.00308EPSS
Exploits0References2
EUVD
EUVDadded 2026/06/09 6:30 p.m.7 views

EUVD-2026-35678

Server-side request forgery ssrf in Microsoft Exchange Server allows an authorized attacker to disclose information over a network...

5CVSS5.4AI score0.0044EPSS
Exploits0References2
EUVD
EUVDadded 2026/06/09 6:30 p.m.8 views

EUVD-2026-35489

Issue summary: When an application drives an AES-OCB context through the public EVPCipher one-shot interface, the application-supplied initialisation vector IV is silently discarded. Impact summary: Every message encrypted under the same key uses the same effective nonce regardless of the IV...

7.5CVSS5.8AI score0.0032EPSS
Exploits0References7
EUVD
EUVDadded 2026/06/09 6:30 p.m.11 views

EUVD-2026-35477

Issue Summary: The PKCS12 file processing fails to perform sufficient input validation for files that use Password-Based Message Authentication Code 1 PBMAC1 integrity mechanism allowing a certificate and private key forgery. Impact Summary: An attacker impersonating a user can cause a service...

5.6AI score0.00196EPSS
Exploits0References6
GithubExploit
GithubExploitadded 2026/06/09 5:19 p.m.40 views

Exploit for CVE-2026-46395

CVE-2026-46395 - HAXcms Node.js Private Key Disclosure via Bro...

9.3CVSS5.6AI score0.00295EPSS
Exploits1
NVD
NVDadded 2026/06/09 5:17 p.m.8 views

CVE-2026-45504

Server-side request forgery ssrf in Microsoft Exchange Server allows an authorized attacker to elevate privileges over a network...

8.8CVSS0.00426EPSS
Exploits0References1
NVD
NVDadded 2026/06/09 5:17 p.m.7 views

CVE-2026-45502

Server-side request forgery ssrf in Microsoft Exchange Server allows an authorized attacker to disclose information over a network...

5CVSS0.0044EPSS
Exploits0References1
NVD
NVDadded 2026/06/09 5:17 p.m.9 views

CVE-2026-45503

Server-side request forgery ssrf in Microsoft Exchange Server allows an authorized attacker to disclose information over a network...

8.1CVSS0.00454EPSS
Exploits0References1
NVD
NVDadded 2026/06/09 5:17 p.m.7 views

CVE-2026-45446

Issue summary: The implementations of AES-SIV RFC 5297 and AES-GCM-SIV RFC 8452 mishandle the authentication of AAD Additional Authenticated Data with an empty ciphertext allowing a forgery of such messages. Impact summary: An attacker can forge empty messages with arbitrary AAD to the victim's...

4.8CVSS0.0021EPSS
Exploits0References6
OSV
OSVadded 2026/06/09 5:17 p.m.4 views

ALPINE-CVE-2026-45446

Issue summary: The implementations of AES-SIV RFC 5297 and AES-GCM-SIV RFC 8452 mishandle the authentication of AAD Additional Authenticated Data with an empty ciphertext allowing a forgery of such messages. Impact summary: An attacker can forge empty messages with arbitrary AAD to the victim's...

4.8CVSS5.7AI score0.0021EPSS
Exploits0References1
NVD
NVDadded 2026/06/09 5:17 p.m.9 views

CVE-2026-45445

Issue summary: When an application drives an AES-OCB context through the public EVPCipher one-shot interface, the application-supplied initialisation vector IV is silently discarded. Impact summary: Every message encrypted under the same key uses the same effective nonce regardless of the IV...

7.5CVSS0.0032EPSS
Exploits0References6
OSV
OSVadded 2026/06/09 5:17 p.m.5 views

ALPINE-CVE-2026-45445

Issue summary: When an application drives an AES-OCB context through the public EVPCipher one-shot interface, the application-supplied initialisation vector IV is silently discarded. Impact summary: Every message encrypted under the same key uses the same effective nonce regardless of the IV...

7.5CVSS5.8AI score0.0032EPSS
Exploits0References1
CVE
CVEadded 2026/06/09 5:4 p.m.26 views

CVE-2026-45504

CVE-2026-45504 is an SSRF-based elevation of privilege in Microsoft Exchange Server . The entry notes an attacker who is authorized can elevate privileges over the network. CVSS v3.1 base score is 8.8 (HIGH) with NETWORK attack vector, LOW attack complexity, and LOW privileges required, with NONE...

8.8CVSS5.4AI score0.00426EPSS
Exploits0References1Affected Software2
CVE
CVEadded 2026/06/09 5:4 p.m.29 views

CVE-2026-45503

CVE-2026-45503 is an SSRF vulnerability in Microsoft Exchange Server that could allow an authorized attacker to disclose information over a network. The provided documents cite CVSSv3.1 base metrics: 8.1 (High), with NETWORK attack vector, LOW attack complexity, Privileges Required: LOW, no user ...

8.1CVSS5.4AI score0.00454EPSS
Exploits0References1Affected Software2
CVE
CVEadded 2026/06/09 4:3 p.m.58 views

CVE-2026-45446

CVE-2026-45446 concerns OpenSSL implementations of AES-SIV (RFC 5297) and AES-GCM-SIV (RFC 8452). The root cause is that the expected authentication tag is computed only when the decryption function processes non-empty data; if a caller provides AAD and then invokes DecryptFinal without any ciphe...

4.8CVSS5.7AI score0.0021EPSS
Exploits0References6Affected Software1
Cvelist
Cvelistadded 2026/06/09 4:3 p.m.33 views

CVE-2026-45446 Incorrect Tag Processing for Empty Messages in AES-GCM-SIV and AES-SIV modes

Issue summary: The implementations of AES-SIV RFC 5297 and AES-GCM-SIV RFC 8452 mishandle the authentication of AAD Additional Authenticated Data with an empty ciphertext allowing a forgery of such messages. Impact summary: An attacker can forge empty messages with arbitrary AAD to the victim's...

0.0021EPSS
Exploits0References6
Vulnrichment
Vulnrichmentadded 2026/06/09 4:3 p.m.11 views

CVE-2026-45446 Incorrect Tag Processing for Empty Messages in AES-GCM-SIV and AES-SIV modes

Issue summary: The implementations of AES-SIV RFC 5297 and AES-GCM-SIV RFC 8452 mishandle the authentication of AAD Additional Authenticated Data with an empty ciphertext allowing a forgery of such messages. Impact summary: An attacker can forge empty messages with arbitrary AAD to the victim's...

5.7AI score0.0021EPSS
Exploits0References6
AlpineLinux
AlpineLinuxadded 2026/06/09 4:3 p.m.7 views

CVE-2026-45446

Issue summary: The implementations of AES-SIV RFC 5297 and AES-GCM-SIV RFC 8452 mishandle the authentication of AAD Additional Authenticated Data with an empty ciphertext allowing a forgery of such messages. Impact summary: An attacker can forge empty messages with arbitrary AAD to the victim's...

4.8CVSS5.7AI score0.0021EPSS
Exploits0
Rows per page
Query Builder