CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Snyk•added 2026/05/14 8:30 p.m.•6 views

Use of Password Hash With Insufficient Computational Effort

Overview electerm is an open-sourced terminal/ssh/telnet/serialport/sftp client Affected versions of this package are vulnerable to Use of Password Hash With Insufficient Computational Effort due to the encrypt process. An attacker can compromise the confidentiality and integrity of synced bookma...

6CVSS5.8AI score0.00105EPSS

Exploits0References6

OSV•added 2026/05/14 8:30 p.m.•5 views

GHSA-G29V-Q6H7-76WH electerm's encrypt method not safe enough

Impact Insecure sync encryption: deterministic AES-192-CBC with a fixed zero IV, constant KDF salt, and no MAC leads to confidentiality and integrity failures for synced bookmark/profile data. Attackers can crack common passwords across installs and perform undetected ciphertext bit-flips to alte...

6CVSS5.8AI score0.00105EPSS

Exploits0References5

Github Security Blog•added 2026/05/14 8:30 p.m.•7 views

electerm's encrypt method not safe enough

9.1CVSS5.8AI score0.00105EPSS

Exploits0References5Affected Software1

Positive Technologies•added 2026/05/14 12:0 a.m.•8 views

PT-2026-41204

Name of the Vulnerable Software and Affected Versions electerm versions prior to 3.9.5 Description Insecure sync encryption occurs due to the use of deterministic AES-192-CBC with a fixed zero IV Initialization Vector, a constant KDF Key Derivation Function salt, and the absence of a MAC Message...

9.1CVSS5.8AI score0.00105EPSS

Exploits0References8

OSV•added 2026/05/06 6:19 p.m.•2 views

OPENSUSE-SU-2026:20695-1 Security update for libtpms

This update for libtpms fixes the following issues: - CVE-2025-49133: Fixed potential out of bounds OOB read vulnerability bsc1244528. - CVE-2026-21444: Fixed remote data confidentiality compromise via incorrect Initialization Vector IV handling bsc1260439...

5.9CVSS7.1AI score0.00132EPSS

Exploits1References4

OSV•added 2026/05/06 6:18 p.m.•3 views

SUSE-SU-2026:21581-1 Security update for libtpms

5.9CVSS7.1AI score0.00132EPSS

Exploits1References5

OSV•added 2026/05/06 6:18 p.m.•5 views

SUSE-SU-2026:21571-1 Security update for libtpms

5.9CVSS7.1AI score0.00132EPSS

Exploits1References5

AstraLinux•added 2026/05/03 11:59 p.m.•4 views

Astra Linux – Vulnerability in LibreOffice

LibreOffice supports the storage of passwords for web connections in the user’s configuration database. The stored passwords are encrypted using a single master key provided by the user. There was a flaw in LibreOffice where the required initialization vector for encryption was always the same,...

7.5CVSS7.7AI score0.00782EPSS

EUVD•added 2026/04/21 3:32 p.m.•2 views

EUVD-2025-209539

Encrypted values in Fortra's GoAnywhere MFT prior to version 7.10.0 and GoAnywhere Agents prior to version 2.2.0 utilize a static IV which allows admin users to brute-force decryption of data...

NVD•added 2026/04/21 3:16 p.m.•4 views

CVE-2025-1241

Encrypted values in Fortra's GoAnywhere MFT prior to version 7.10.0 and GoAnywhere Agents prior to version 2.2.0 utilize a static IV which allows admin users to brute-force decryption of data...

5.8CVSS0.00127EPSS

Cvelist•added 2026/04/21 2:10 p.m.•29 views

CVE-2025-1241 Encryption vulnerable to brute-force decryption in GoAnywhere MFT

Encrypted values in Fortra's GoAnywhere MFT prior to version 7.10.0 and GoAnywhere Agents prior to version 2.2.0 utilize a static IV which allows admin users to brute-force decryption of data...

5.8CVSS0.00127EPSS

CVE•added 2026/04/21 2:10 p.m.•7 views

CVE-2025-1241

CVE-2025-1241 affects Fortra GoAnywhere MFT (prior to 7.10.0) and GoAnywhere Agents (prior to 2.2.0) where a static IV enables brute-force decryption of encrypted values. Impact is confidentiality (high), with network access required and admin privileges needed. Remediation: upgrade to GoAnywhere...

Exploits0References1Affected Software2

Vulnrichment•added 2026/04/21 2:10 p.m.•2 views

CVE-2025-1241 Encryption vulnerable to brute-force decryption in GoAnywhere MFT

Encrypted values in Fortra's GoAnywhere MFT prior to version 7.10.0 and GoAnywhere Agents prior to version 2.2.0 utilize a static IV which allows admin users to brute-force decryption of data...

ATTACKERKB•added 2026/04/21 2:10 p.m.•2 views

CVE-2025-1241

Encrypted values in Fortra's GoAnywhere MFT prior to version 7.10.0 and GoAnywhere Agents prior to version 2.2.0 utilize a static IV which allows admin users to brute-force decryption of data...

Redos•added 2026/04/20 12:0 a.m.•5 views

ROS-20260420-73-0018

A vulnerability in the CMS message handler of the OpenSSL cryptographic library is related to writing outside buffer boundaries when processing an initialization vector. Exploitation of the vulnerability could allow a remote attacker to execute arbitrary code by sending specially crafted packets...

8.8CVSS7.5AI score0.48666EPSS

Exploits7

Snyk•added 2026/04/15 10:16 a.m.•5 views

Use of a Broken or Risky Cryptographic Algorithm

Overview Affected versions of this package are vulnerable to Use of a Broken or Risky Cryptographic Algorithm due to the generateCTR process in G3413CTRBlockCipher. An attacker can recover relationships between encrypted plaintext blocks by driving the cipher past its counter range and causing th...

9.3CVSS5.7AI score0.00115EPSS

EUVD•added 2026/04/09 9:31 p.m.•3 views

EUVD-2026-21180

In wolfSSL, ARIA-GCM cipher suites used in TLS 1.2 and DTLS 1.2 reuse an identical 12-byte GCM nonce for every application-data record. Because wcAriaEncrypt is stateless and passes the caller-supplied IV verbatim to the MagicCrypto SDK with no internal counter, and because the explicit IV is...

6CVSS5.9AI score0.00239EPSS

Vulnrichment•added 2026/04/09 9:2 p.m.•1 views

CVE-2026-5446 wolfSSL ARIA-GCM TLS 1.2/DTLS 1.2 GCM nonce reuse

6CVSS5.8AI score0.00239EPSS