CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

23284 matches found

RedhatCVE•added 2026/01/27 3:51 p.m.•6 views

CVE-2025-15469

A flaw was found in openssl. When a user signs or verifies files larger than 16MB using the openssl dgst command with one-shot algorithms, the tool silently truncates the input to 16MB. This creates an integrity gap, allowing trailing data beyond the initial 16MB to be modified without detection...

5.5CVSS5.8AI score0.00176EPSS

Exploits1References3

RedhatCVE•added 2026/01/27 3:51 p.m.•4 views

CVE-2025-15468

A flaw was found in openssl. A remote attacker could trigger a NULL pointer dereference by sending an unknown or unsupported cipher ID during the client hello callback in applications using the QUIC Quick UDP Internet Connections protocol. This vulnerability, occurring when the SSLCIPHERfind...

5.9CVSS5.7AI score0.00748EPSS

Exploits1References3

RedhatCVE•added 2026/01/27 3:46 p.m.•5 views

CVE-2025-69419

A flaw was found in OpenSSL. When processing a specially crafted PKCS12 Personal Information Exchange Syntax Standard file, a remote attacker can exploit an out-of-bounds write vulnerability. This issue, occurring within the OPENSSLuni2utf8 function, leads to memory corruption by writing data...

7.4CVSS5.9AI score0.00444EPSS

Exploits1References3

RedhatCVE•added 2026/01/27 3:46 p.m.•4 views

CVE-2025-11187

A flaw was found in OpenSSL. When an application processes a maliciously crafted PKCS12 file, an attacker can exploit a stack buffer overflow or a NULL pointer dereference. This can lead to a denial of service DoS by crashing the application, and in some cases, may enable arbitrary code execution...

6.1CVSS6.2AI score0.00515EPSS

Exploits1References3

RedhatCVE•added 2026/01/27 3:5 p.m.•5 views

CVE-2025-15467

A flaw was found in OpenSSL. A remote attacker can exploit a stack buffer overflow vulnerability by supplying a crafted Cryptographic Message Syntax CMS message with an oversized Initialization Vector IV when parsing AuthEnvelopedData structures that use Authenticated Encryption with Associated...

9.8CVSS6.2AI score0.45854EPSS

Exploits7References3

RedHat Linux•added 2026/01/27 2:2 p.m.•2 views

openssl: Out-of-bounds read & write in RFC 3211 KEK Unwrap

A flaw was found in the OpenSSL CMS implementation RFC 3211 KEK Unwrap. This vulnerability allows memory corruption, an application level denial of service, or potential execution of attacker-supplied code via crafted CMS messages using password-based encryption PWRI...

7.5CVSS6AI score0.01744EPSS

Exploits0References4

RedHat Linux•added 2026/01/27 2:2 p.m.•4 views

Moderate: Red Hat Security Advisory: openssl security update

An update for openssl is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

7.5CVSS6.6AI score0.01744EPSS

Exploits0References2

Tenable Nessus•added 2026/01/27 12:0 a.m.•2 views

RHEL 9 : openssl (RHSA-2026:1349)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:1349 advisory. OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols, as well as a full-strength...

7.5CVSS6.8AI score0.01744EPSS

Exploits0References5

Tenable Nessus•added 2026/01/27 12:0 a.m.•4 views

Linux Distros Unpatched Vulnerability : CVE-2025-66199

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Issue summary: A TLS 1.3 connection using certificate compression can be forced to allocate a large buffer before decompression without checking against the...

5.9CVSS6.4AI score0.00403EPSS

Exploits1References2

Tenable Nessus•added 2026/01/27 12:0 a.m.•4 views

Linux Distros Unpatched Vulnerability : CVE-2026-22796

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Issue summary: A type confusion vulnerability exists in the signature verification of signed PKCS7 data where an ASN1TYPE union member is accessed without first...

5.3CVSS6.5AI score0.00502EPSS

Exploits1References3

Tenable Nessus•added 2026/01/27 12:0 a.m.•4 views

OpenSSL 1.1.1 < 1.1.1ze Multiple Vulnerabilities

The version of OpenSSL installed on the remote host is prior to 1.1.1ze. It is, therefore, affected by multiple vulnerabilities as referenced in the 1.1.1ze advisory. - Issue summary: An invalid or NULL pointer dereference can happen in an application processing a malformed PKCS12 file. Impact...

7.5CVSS7.1AI score0.00844EPSS

Exploits1References16

CNNVD•added 2026/01/27 12:0 a.m.•5 views

OpenSSL security vulnerabilities

OpenSSL is an open-source encryption library developed by the OpenSSL team that enables secure implementation of Secure Sockets Layer SSLv2/v3 and Secure Transport Layer TLSv1 protocols. This product supports various encryption algorithms, including symmetric ciphers, hash algorithms, and secure...

7.5CVSS7.1AI score0.00844EPSS

Exploits1References6

UbuntuCve•added 2026/01/27 12:0 a.m.•2 views

CVE-2025-15469

Issue summary: The 'openssl dgst' command-line tool silently truncates input data to 16MB when using one-shot signing algorithms and reports success instead of an error. Impact summary: A user signing or verifying files larger than 16MB with one-shot algorithms such as Ed25519, Ed448, or ML-DSA m...

5.5CVSS7AI score0.00176EPSS

Exploits1References2

CNNVD•added 2026/01/27 12:0 a.m.•4 views

OpenSSL security vulnerabilities

5.9CVSS6.3AI score0.00403EPSS

Exploits1References5

CNNVD•added 2026/01/27 12:0 a.m.•5 views

OpenSSL security vulnerabilities

5.5CVSS5.8AI score0.00176EPSS

Exploits1References3

CNNVD•added 2026/01/27 12:0 a.m.•4 views

OpenSSL security vulnerabilities