CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 2026/04/27 6:33 p.m.•4 views

JLSEC-2026-217 OpenSSL has internal defaults for a directory tree where it can find a configuration file as well...

OpenSSL has internal defaults for a directory tree where it can find a configuration file as well as certificates used for verification in TLS. This directory is most commonly referred to as OPENSSLDIR, and is configurable with the --prefix / --openssldir configuration options. For OpenSSL versio...

3.3CVSS5.3AI score0.00072EPSS

Exploits0References31

RedhatCVE•added 2026/04/01 5:0 a.m.•0 views

CVE-2026-34054

vcpkg is a free and open-source C/C++ package manager. Prior to version 3.6.13, vcpkg's Windows builds of OpenSSL set openssldir to a path on the build machine, making that path be attackable later on customer machines. This issue has been patched in version 3.6.13...

NVD•added 2026/03/31 3:15 a.m.•4 views

CVE-2026-34054

7.8CVSS0.00055EPSS

Vulnrichment•added 2026/03/31 1:56 a.m.•2 views

CVE-2026-34054 openssl on Windows built with openssldir set from the build machine (Uncontrolled Search Path Element)

ATTACKERKB•added 2026/03/31 1:56 a.m.•1 views

CVE-2026-34054

CVE•added 2026/03/31 1:56 a.m.•56 views

Exploits0References4

CVE-2026-34054

The CVE-2026-34054 issue affects vcpkg’s Windows OpenSSL builds, where openssldir was set from the build machine. This exposed a path on customer machines that could be attackable. The vulnerability is addressed in vcpkg 3.6.1#3. Affected component: OpenSSL builds within vcpkg’s Windows workflow;...

Cvelist•added 2026/03/31 1:56 a.m.•18 views

CVE-2026-34054 openssl on Windows built with openssldir set from the build machine (Uncontrolled Search Path Element)

7.8CVSS0.00055EPSS

CNNVD•added 2026/03/31 12:0 a.m.•2 views

vcpkg 代码问题漏洞

vcpkg is an open-source C/C++ cross-platform package management tool developed by Microsoft. Versions of vcpkg prior to vcpkg 3.6.1 contained code vulnerabilities. These vulnerabilities stemmed from the Windows version of OpenSSL, where the path to openssldir was set to the path on the build...

7.8CVSS7.2AI score0.00055EPSS

Positive Technologies•added 2026/03/31 12:0 a.m.•1 views

PT-2026-29186

Name of the Vulnerable Software and Affected Versions vcpkg versions prior to 3.6.13 Description vcpkg, a C/C++ package manager, exhibited a configuration issue in its Windows builds of OpenSSL. Specifically, the openssldir setting was configured to a path on the build machine. This configuration...

EUVD•added 2025/10/03 8:7 p.m.•1 views

Exploits0References9

EUVD-2025-14377

Malicious code in bioql PyPI...

7.8CVSS6.6AI score0.00052EPSS

Cvelist•added 2025/05/13 1:13 a.m.•15 views

CVE-2025-35471 conda-forge openssl-feedstock writable OPENSSLDIR

conda-forge openssl-feedstock before 066e83c 2024-05-20, on Microsoft Windows, configures OpenSSL to use an OPENSSLDIR file path that can be written to by non-privilged local users. By writing a specially crafted openssl.cnf file in OPENSSLDIR, a non-privileged local user can execute arbitrary co...

7.3CVSS0.00052EPSS

Vulnrichment•added 2025/05/13 1:13 a.m.•10 views

CVE-2025-35471 conda-forge openssl-feedstock writable OPENSSLDIR

7.3CVSS7.2AI score0.00052EPSS

CVE•added 2025/05/13 1:13 a.m.•43 views

CVE-2025-35471

CVE-2025-35471 affects the conda-forge openssl-feedstock (pre-066e83c, 2024-05-20) on Windows. The issue arises from configuring OpenSSL to use an OPENSSLDIR path writable by non-privileged local users; an attacker can place a crafted openssl.cnf in OPENSSLDIR and trigger arbitrary code execution...

7.8CVSS7.3AI score0.00052EPSS

Exploits1References2Affected Software2

CNNVD•added 2025/05/13 12:0 a.m.•1 views

openssl-feedstock 安全漏洞

openssl-feedstock is a conda smithy repository for openssl open source by conda-forge. A security vulnerability exists in versions prior to openssl-feedstock 066e83c, which stems from an improperly configured path to the OPENSSLDIR file and could lead to the execution of arbitrary code...

7.8CVSS6.8AI score0.00052EPSS

OSV•added 2023/08/30 5:15 p.m.•2 views

CVE-2023-40596

In Splunk Enterprise versions earlier than 8.2.12, 9.0.6, and 9.1.1, a dynamic link library DLL that ships with Splunk Enterprise references an insecure path for the OPENSSLDIR build definition. An attacker can abuse this reference and subsequently install malicious code to achieve privilege...

8.8CVSS5.8AI score0.00055EPSS

NVD•added 2023/08/30 5:15 p.m.•13 views

CVE-2023-40596

8.8CVSS8.1AI score0.00055EPSS

Vulnrichment•added 2023/08/30 4:19 p.m.•17 views

CVE-2023-40596 Splunk Enterprise on Windows Privilege Escalation due to Insecure OPENSSLDIR Build Definition Reference in DLL

7CVSS7.3AI score0.00055EPSS