CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

247 matches found

EUVD-2026-37016

Crypt::DSA versions before 1.21 for Perl reused the nonce across signatures, leading to private-key recovery. Crypt::DSA::sign caches the per-signature nonce material in the Key object without ever clearing it. The first sign on a Key object picks a nonce, and every later sign on that same object...

5.2AI score0.00289EPSS

Exploits0References4

NVD•added 4 days ago•7 views

CVE-2026-12205

9.1CVSS0.00289EPSS

Exploits0References3

Cvelist•added 4 days ago•29 views

CVE-2026-12205 Crypt::DSA versions before 1.21 for Perl reused the nonce across signatures, leading to private-key recovery

0.00289EPSS

Exploits0References2

CVE•added 4 days ago•10 views

CVE-2026-12205

Crypt::DSA for Perl versions before 1.21 reuse the per-signature nonce across signatures because the sign() function caches nonce data in the Key object and does not clear it. The first sign() selects a nonce and later signs reuse that nonce, producing identical r values, enabling potential priva...

9.1CVSS5.2AI score0.00289EPSS

Exploits0References3

Debian CVE•added 4 days ago•4 views

CVE-2026-12205

9.1CVSS5.3AI score0.00289EPSS

Exploits0

Positive Technologies•added 4 days ago•7 views

PT-2026-49531

Name of the Vulnerable Software and Affected Versions Crypt::DSA versions prior to 1.21 Description The software reuses the nonce across signatures, which can lead to the recovery of the private key. The sign function in the Crypt::DSA::sign module caches the per-signature nonce material within t...

5.3AI score0.00289EPSS

Exploits0References5

Tenable Nessus•added 4 days ago•4 views

Linux Distros Unpatched Vulnerability : CVE-2026-12205

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Crypt::DSA versions before 1.21 for Perl reused the nonce across signatures, leading to private-key recovery. Crypt::DSA::sign caches the per-signature nonce...

9.1CVSS5.5AI score0.00289EPSS

Exploits0References3

SUSE CVE•added 6 days ago•3 views

SUSE CVE-2026-45445

Issue summary: When an application drives an AES-OCB context through the public EVPCipher one-shot interface, the application-supplied initialisation vector IV is silently discarded. Impact summary: Every message encrypted under the same key uses the same effective nonce regardless of the IV...

6.5CVSS5.7AI score0.00332EPSS

Exploits0References9

OSV•added 2026/06/12 12:26 p.m.•6 views

OESA-2026-2651 openssl security update

OpenSSL is a robust, commercial-grade, and full-featured toolkit for the Transport Layer Security TLS and Secure Sockets Layer SSL protocols. Security Fixes: Issue summary: When an application drives an AES-OCB context through the public EVPCipher one-shot interface, the application-supplied...

7.5CVSS5.7AI score0.00332EPSS

Exploits0References2

Tenable Nessus•added 2026/06/10 12:0 a.m.•5 views

Linux Distros Unpatched Vulnerability : CVE-2026-45445

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Issue summary: When an application drives an AES-OCB context through the public EVPCipher one-shot interface, the application-supplied initialisation vector IV ...

7.5CVSS5.8AI score0.00332EPSS

Exploits0References2

Snyk•added 2026/06/09 6:33 p.m.•3 views

Missing Cryptographic Step

Overview Affected versions of this package are vulnerable to Missing Cryptographic Step in the AES-OCB provider when an application uses the EVPCipher interface. The handler silently discards the IV, so every message under a given key runs with the all-zero offset state, causing nonce reuse. If...

9.1CVSS5.3AI score0.00332EPSS

Exploits0References2

EUVD•added 2026/06/09 6:30 p.m.•6 views

EUVD-2026-35489

7.5CVSS5.8AI score0.00332EPSS

Exploits0References7

OSV•added 2026/06/09 5:17 p.m.•4 views

ALPINE-CVE-2026-45445

7.5CVSS5.8AI score0.00332EPSS

Exploits0References1

NVD•added 2026/06/09 5:17 p.m.•7 views

CVE-2026-45445

7.5CVSS0.00332EPSS

Exploits0References6

CVE•added 2026/06/09 4:3 p.m.•114 views

CVE-2026-45445

CVE-2026-45445 describes a vulnerability in AES-OCB when using OpenSSL EVP_Cipher() in one-shot mode: the application-supplied IV is ignored, causing every encrypted message under the same key to use the same effective nonce. This leads to key/nonce reuse and potential confidentiality loss, and, ...

7.5CVSS5.8AI score0.00332EPSS

Exploits0References6Affected Software1

Vulnrichment•added 2026/06/09 4:3 p.m.•6 views

CVE-2026-45445 AES-OCB IV Ignored on EVP_Cipher() Path

5.8AI score0.00332EPSS

Exploits0References6

Cvelist•added 2026/06/09 4:3 p.m.•30 views

CVE-2026-45445 AES-OCB IV Ignored on EVP_Cipher() Path

0.00332EPSS

Exploits0References6

AlpineLinux•added 2026/06/09 4:3 p.m.•28 views

CVE-2026-45445

7.5CVSS5.8AI score0.00332EPSS

Exploits0

CNNVD•added 2026/06/09 12:0 a.m.•5 views

OpenSSL 安全漏洞

OpenSSL is an open-source encryption library developed by the OpenSSL team that enables secure implementation of Secure Sockets Layer SSLv2/v3 and Secure Transport Layer TLSv1 protocols. This product supports various encryption algorithms, including symmetric ciphers, hash algorithms, and secure...

7.5CVSS5.4AI score0.00332EPSS

Exploits0References1

Positive Technologies•added 2026/06/09 12:0 a.m.•8 views

PT-2026-47842

Name of the Vulnerable Software and Affected Versions OpenSSL affected versions not specified Description When using the AES-OCB cipher with the one-shot EVP Cipher interface, the application-supplied initialisation vector IV is silently discarded. This causes every message encrypted with the sam...

7.5CVSS5.6AI score0.00666EPSS

Exploits0References93

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by