CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

26 matches found

Veracode•added 2026/04/15 11:29 a.m.•5 views

Missing Cryptographic Step

jsrsasign is vulnerable to Missing Cryptographic Step. The vulnerability is due to improper handling of invalid DSA signature values without retry logic, which allows an attacker to recover the private key by forcing signature parameters to predictable values...

9.4CVSS5.7AI score0.00024EPSS

Exploits1References4Affected Software1

ATTACKERKB•added 2026/03/23 5:0 a.m.•1 views

CVE-2026-4601

Versions of the package jsrsasign before 11.1.1 are vulnerable to Missing Cryptographic Step via the KJUR.crypto.DSA.signWithMessageHash process in the DSA signing implementation. An attacker can recover the private key by forcing r or s to be zero, so the library emits an invalid signature witho...

9.4CVSS5.8AI score0.00024EPSS

Exploits1References5

OSV•added 2026/03/19 9:17 p.m.•2 views

DEBIAN-CVE-2026-3230

Missing required cryptographic step in the TLS 1.3 client HelloRetryRequest handshake logic in wolfSSL could lead to a compromise in the confidentiality of TLS-protected communications via a crafted HelloRetryRequest followed by a ServerHello message that omits the required keyshare extension,...

2.7CVSS5.3AI score0.00076EPSS

Exploits0References1

Vulnrichment•added 2026/03/02 4:53 p.m.•2 views

CVE-2025-47383 Missing Cryptographic Step in Data Modem

Weak configuration may lead to cryptographic issue when a VoWiFi call is triggered from UE...

7.2CVSS5.9AI score0.00019EPSS

Exploits0References1

CVE•added 2026/03/02 4:53 p.m.•11 views

CVE-2025-47383

CVE-2025-47383 describes a weak configuration that may cause a cryptographic issue when a VoWiFi call is triggered from UE. Connected records repeat the description and list a CVSS v3.1 base score of 7.2 (HIGH) with NETWORK attack vector, low attack complexity, and high impact on confidentiality,...

7.2CVSS5.9AI score0.00019EPSS

Exploits0References1Affected Software1

Snyk•added 2026/02/16 5:2 a.m.•1 views

Missing Cryptographic Step

Overview jsrsasign is a free pure JavaScript cryptographic library. Affected versions of this package are vulnerable to Missing Cryptographic Step via the KJUR.crypto.DSA.signWithMessageHash process in the DSA signing implementation. An attacker can recover the private key by forcing r or s to be...

9.4CVSS5.8AI score0.00024EPSS

Exploits1References2

Snyk•added 2026/02/16 5:2 a.m.•3 views

Missing Cryptographic Step

Overview org.webjars.npm:jsrsasign is a free pure JavaScript cryptographic library. Affected versions of this package are vulnerable to Missing Cryptographic Step via the KJUR.crypto.DSA.signWithMessageHash process in the DSA signing implementation. An attacker can recover the private key by...

9.4CVSS5.9AI score0.00024EPSS

Exploits1References2

Snyk•added 2026/01/27 4:49 p.m.•2 views

Missing Cryptographic Step

Overview Affected versions of this package are vulnerable to Missing Cryptographic Step that exposes the final 1-15 bytes of a message when the low-level OCB API is used directly with AES-NI or other hardware accelerated code paths. Common implementations of openssl using EVP are not vulnerable...

6.3CVSS5.9AI score0.00009EPSS

Exploits1References2

RedhatCVE•added 2025/11/12 6:1 p.m.•1 views

CVE-2025-60704

Missing cryptographic step in Windows Kerberos allows an unauthorized attacker to elevate privileges over a network...

7.5CVSS5.5AI score0.00045EPSS

Exploits0References1

OSV•added 2025/11/11 6:15 p.m.•0 views

CVE-2025-60704

Missing cryptographic step in Windows Kerberos allows an unauthorized attacker to elevate privileges over a network...

7.5CVSS5.8AI score0.00045EPSS

Exploits0References1

NVD•added 2025/11/11 6:15 p.m.•1 views

CVE-2025-60704

Missing cryptographic step in Windows Kerberos allows an unauthorized attacker to elevate privileges over a network...

7.5CVSS0.00045EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 5:35 p.m.•2 views

CVE-2020-9158

There is a Missing Cryptographic Step vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may cause DoS of Samgr...

7.5CVSS6.9AI score0.00182EPSS

Exploits0References1

OSV•added 2025/05/22 1:15 p.m.•1 views

CVE-2025-3938

Missing Cryptographic Step vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Cryptanalysis. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before...

9.8CVSS5.8AI score

Exploits0References2

CVE•added 2025/05/22 12:32 p.m.•46 views

CVE-2025-3938

CVE-2025-3938 describes a Missing Cryptographic Step vulnerability in Tridium Niagara Framework and Niagara Enterprise Security across Windows, Linux and QNX. Affected versions are Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before ...

9.8CVSS6.6AI score0.00173EPSS

Exploits0References2Affected Software2

Snyk•added 2023/10/24 3:0 p.m.•15 views

Missing Cryptographic Step

Overview openssl is a package that wraps the OpenSSL library. Affected versions of this package are vulnerable to Missing Cryptographic Step when the EVPEncryptInitex2, EVPDecryptInitex2 or EVPCipherInitex2 functions are used. An attacker can cause truncation or overreading of key and...

7.5CVSS6.9AI score0.06469EPSS

Exploits0References2

Vulnrichment•added 2023/07/05 6:5 p.m.•8 views

CVE-2023-34471 Missing Cryptographic Step

AMI SPx contains a vulnerability in the BMC where a user may cause a missing cryptographic step by generating a hash-based message authentication code HMAC. A successful exploit of this vulnerability may lead to the loss confidentiality, integrity, and authentication...

6.3CVSS7.2AI score0.00083EPSS

Exploits0References1