CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

225 matches found

CVE-2026-24349

A vulnerability has been identified in SIMATIC WinCC Unified PC Runtime V16 All versions, SIMATIC WinCC Unified PC Runtime V17 All versions, SIMATIC WinCC Unified PC Runtime V18 All versions, SIMATIC WinCC Unified PC Runtime V19 All versions, SIMATIC WinCC Unified PC Runtime V20 All versions,...

8.2CVSS5.4AI score0.00005EPSS

Exploits0References1

NVD•added 4 days ago•8 views

CVE-2026-24349

8.2CVSS0.00005EPSS

Exploits0References1

EUVD•added 4 days ago•6 views

EUVD-2026-35382

8.2CVSS5.4AI score0.00005EPSS

Exploits0References1

Vulnrichment•added 4 days ago•5 views

CVE-2026-24349

8.2CVSS5.4AI score0.00005EPSS

Exploits0References1

CVE•added 4 days ago•10 views

CVE-2026-24349

The CVE-2026-24349 entry affects SIMATIC WinCC Unified PC Runtime V16–V21 (all versions up to but not including V21 Update 2). The root cause is insufficient protection of key material in WinCC Certificate Manager, which could allow an attacker to extract sensitive information. All connected sour...

8.2CVSS5.4AI score0.00005EPSS

Exploits0References1

Cvelist•added 4 days ago•30 views

CVE-2026-24349

8.2CVSS0.00005EPSS

Exploits0References1

Positive Technologies•added 4 days ago•5 views

PT-2026-47730

8.2CVSS5.4AI score0.00005EPSS

Exploits0References2

OSV•added 5 days ago•2 views

UBUNTU-CVE-2026-46283

In the Linux kernel, the following vulnerability has been resolved: tpm: Use kfreesensitive to free auth session in tpmdevrelease tpmdevrelease uses plain kfree to free chip-auth, which contains sensitive cryptographic material including HMAC session keys, nonces, and passphrase data struct...

5.4AI score0.00018EPSS

Exploits0References7

Positive Technologies•added 2026/06/05 12:0 a.m.•9 views

PT-2026-47036

Name of the Vulnerable Software and Affected Versions Altium Enterprise Server affected versions not specified Description The Vault service uses a hard-coded cryptographic key to sign file download URLs. Since this key is identical across all installations, an unauthenticated network attacker ca...

10CVSS5.5AI score0.00092EPSS

Exploits0References3

Cvelist•added 2026/06/04 5:22 p.m.•26 views

CVE-2026-41207 netty-incubator-codec-ohttp's HPKEContext operations may produce empty byte[] on failures

The netty incubator codec.bhttp is a java language binary http parser. Prior to version 0.0.21.Final, HKDFexpand returns non-NULL on failure. The byte is filled with zeros and has no way to distinguish success from failure. Since this output is used as HKDF key material for the response AEAD, a...

6.9CVSS0.0004EPSS

Exploits0References2

Cvelist•added 2026/05/29 6:28 p.m.•27 views

CVE-2026-4387 Unencrypted storage of authentication state in StrongDM Desktop Application state.kv file

StrongDM Desktop Application before 23.74.0 Desktop Client before 53.77.0 on Microsoft Windows stores authentication state, including a JSON Web Token and asymmetric key material, in cleartext in a per-user state file located at C:\Users\.sdm\state.kv. The file is protected only by default...

2CVSS0.00007EPSS

Exploits0References2

EUVD•added 2026/05/29 6:28 p.m.•13 views

EUVD-2026-33417

2CVSS5.9AI score0.00007EPSS

Exploits0References1

OSV•added 2026/05/26 11:8 p.m.•4 views

GHSA-F659-372H-6X3X netty-incubator-codec-ohttp's HPKEContext operations may produce empty byte[] on failures

HKDFexpand: returns non-NULL on failure. The byte is filled with zeros and has no way to distinguish success from failure. Since this output is used as HKDF key material for the response AEAD, a failure silently produces an all-zero key. When EVPHPKECTXexport fails it also returns an empty byte...

6.9CVSS5.8AI score0.0004EPSS

Exploits0References4

Snyk•added 2026/05/26 11:8 p.m.•3 views

Insecure Randomness

Overview Affected versions of this package are vulnerable to Insecure Randomness due to the HKDFexpand and EVPHPKECTXexport functions returning a zero-filled byte array on failure, which is then used as key material for AEAD encryption. An attacker can predict and exploit the deterministic,...

6.9CVSS5.5AI score0.0004EPSS

Exploits0References2

OSV•added 2026/05/20 12:57 p.m.•3 views

MAL-2026-4220 Malicious code in web3-secrets-detector (npm)

A coordinated supply-chain attack comprising 10 npm packages published by maintainer ddjidd5640 [email protected] within a 48-hour window 2026-05-19T03:55Z – 2026-05-21T04:31Z. All packages masquerade as legitimate Web3/DeFi developer security tools MCP servers while silently exfiltrating...

5.9AI score

Exploits0References17

SUSE CVE•added 2026/05/13 3:35 a.m.•5 views

SUSE CVE-2026-43304

In the Linux kernel, the following vulnerability has been resolved: libceph: define and enforce CEPHMAXKEYLEN When decoding the key, verify that the key material would fit into a fixed-size buffer in processauthdone and generally has a sane length. The new CEPHMAXKEYLEN check replaces the existin...

9.8CVSS5.8AI score0.00078EPSS

Exploits0References3

UbuntuCve•added 2026/05/08 2:16 p.m.•5 views

CVE-2026-43304

9.8CVSS5.8AI score0.00078EPSS

Exploits0References9

OSV•added 2026/05/08 2:16 p.m.•5 views

UBUNTU-CVE-2026-43304

9.8CVSS5.8AI score0.00078EPSS

Exploits0References10

ATTACKERKB•added 2026/05/08 1:11 p.m.•6 views

CVE-2026-43304

5.8AI score0.00078EPSS

Exploits0References8Affected Software1

CVE•added 2026/05/08 1:11 p.m.•15 views

CVE-2026-43304

CVE-2026-43304 affects the Linux kernel libceph component. The flaw arises when decoding key material in process_auth_done(), where the code failed to enforce an upper bound on key length. The fix defines and enforces CEPH_MAX_KEY_LEN and clamps key material to a fixed-size buffer, addressing a v...

9.8CVSS5.8AI score0.00078EPSS

Exploits0References7Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by