CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

23267 matches found

Vulnrichment•added 2026/05/17 6:51 p.m.•6 views

CVE-2026-8721 Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl truncates passwords with embedded NULLs

Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl truncates passwords with embedded NULLs. Password parameters in PKCS12.xs are declared char , which routes through Perl's default typemap to SvPVnolen. The Perl length is discarded. The C code or OpenSSL internally calls strlen on the buffer...

5.9AI score0.00447EPSS

Exploits0References1

ATTACKERKB•added 2026/05/17 6:51 p.m.•6 views

CVE-2026-8721

9.8CVSS5.9AI score0.00447EPSS

Exploits0References2

EUVD•added 2026/05/17 6:51 p.m.•14 views

EUVD-2026-30707

5.9AI score0.00447EPSS

Exploits0References1

Debian CVE•added 2026/05/17 6:51 p.m.•6 views

CVE-2026-8721

9.8CVSS5.9AI score0.00447EPSS

Exploits0

ATTACKERKB•added 2026/05/17 6:43 p.m.•4 views

CVE-2026-8507

Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl have out-of-bounds OOB write flaws. When parsing a PKCS12 file, with a = 1 GiB OCTET STRING or BIT STRING attribute on a SAFEBAG, via info or infoashash, a heap out-of-bounds write would be triggered with remote-code-execution potential RCE du...

9.8CVSS5.9AI score0.00648EPSS

Exploits0References5

CVE•added 2026/05/17 6:43 p.m.•17 views

CVE-2026-8507

CVE-2026-8507 affects Crypt::OpenSSL::PKCS12 up to version 1.94 (Perl). The vulnerability stems from a signed integer overflow in size calculations for a 1 GiB+ OCTET STRING/BIT STRING attribute in SAFEBAGs when using info() or info_as_hash(), which can trigger a heap out-of-bounds write and remo...

9.8CVSS5.9AI score0.00648EPSS

Exploits0References5

Debian CVE•added 2026/05/17 6:43 p.m.•8 views

CVE-2026-8507

9.8CVSS5.9AI score0.00648EPSS

Exploits0

EUVD•added 2026/05/17 6:43 p.m.•12 views

EUVD-2026-30708

5.9AI score0.00648EPSS

Exploits0References4

Cvelist•added 2026/05/17 6:43 p.m.•38 views

CVE-2026-8507 Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl have out-of-bounds (OOB) write flaws

0.00648EPSS

Exploits0References4

CNNVD•added 2026/05/17 12:0 a.m.•7 views

Crypt::OpenSSL::PKCS12 安全漏洞

Crypt::OpenSSL::PKCS12 is an open-source cryptographic extension module developed by Dan Sully for the Perl language. It primarily provides functionality for calling the OpenSSL PKCS12 API. Versions of Crypt::OpenSSL::PKCS12 up to 1.94 contained security vulnerabilities. These vulnerabilities...

9.8CVSS5.8AI score0.00447EPSS

Exploits0References1

CNNVD•added 2026/05/17 12:0 a.m.•8 views

Crypt::OpenSSL::PKCS12 缓冲区错误漏洞

Crypt::OpenSSL::PKCS12 is an open-source cryptographic extension module developed by Dan Sully for the Perl language. It primarily provides interface calls to the OpenSSL PKCS12 API. Versions of Crypt::OpenSSL::PKCS12 up to 1.94 contained a buffer error vulnerability. This vulnerability arises wh...

9.8CVSS6.3AI score0.00648EPSS

Exploits0References1

Tenable Nessus•added 2026/05/17 12:0 a.m.•9 views

Linux Distros Unpatched Vulnerability : CVE-2026-8507

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl have out-of-bounds OOB write flaws. When parsing a PKCS12 file, with a = 1 GiB OCTET STRING or BIT STRING...

9.8CVSS5.6AI score0.00648EPSS

Exploits0References3

Hacker One•added 2026/05/16 2:59 a.m.•21 views

curl: SSL session-cache peer key omits signature_algorithms: strict-sigalg handle silently resumes a permissive sibling's session

CURLOPTSSLSIGNATUREALGORITHMS policy bypass: SSL session cache key omits sigalgs, allowing a strict-sigalg handle to resume a session negotiated under a permissive policy AI disclosure This report was prepared with the assistance of an AI coding assistant Claude. The behavioral diff pre/post patc...

7.5CVSS6.7AI score0.03721EPSS

Exploits1

SUSE CVE•added 2026/05/16 1:11 a.m.•10 views

SUSE CVE-2026-44348

PoDoFo is a C++17 PDF manipulation library. From 1.0.0 to before 1.0.4, a double-free vulnerability exists in computehashtosign in src/podofo/private/OpenSSLInternalRipped.cpp. If EVPDigestFinal fails after buf has already been freed, the Error label frees buf a second time, causing heap...

2.5CVSS5.7AI score0.00096EPSS

Exploits0References4

SUSE CVE•added 2026/05/16 1:11 a.m.•7 views

SUSE CVE-2026-44699

LibJWT is a C JSON Web Token Library. From 3.0.0 to 3.3.2, libjwt accepts an RSA JWK that does not contain an alg parameter as the verification key for an HS256/HS384/HS512 token. In the OpenSSL backend, this causes HMAC verification to run with a zero-length key, so an attacker can forge a valid...

9.1CVSS5.8AI score0.00209EPSS

Exploits0References3

Tenable Nessus•added 2026/05/16 12:0 a.m.•6 views

Linux Distros Unpatched Vulnerability : CVE-2026-44699

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - LibJWT is a C JSON Web Token Library. From 3.0.0 to 3.3.2, libjwt accepts an RSA JWK that does not contain an alg parameter as the verification key for an...

9.1CVSS5.5AI score0.00209EPSS

Exploits0References2

Tenable Nessus•added 2026/05/16 12:0 a.m.•4 views

Amazon Linux 2023 : aws-cfn-bootstrap (ALAS2023-2026-1662)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1662 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks...

5.8AI score

Exploits0References2