Lucene search
K

1057 matches found

OSV
OSV
added 2026/04/09 11:17 p.m.9 views

DEBIAN-CVE-2026-5504

A padding oracle exists in wolfSSL's PKCS7 CBC decryption that could allow an attacker to recover plaintext through repeated decryption queries with modified ciphertext. In previous versions of wolfSSL the interior padding bytes are not validated...

5.3CVSS5.3AI score0.00111EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/04/09 11:17 p.m.7 views

CVE-2026-5504

A padding oracle exists in wolfSSL's PKCS7 CBC decryption that could allow an attacker to recover plaintext through repeated decryption queries with modified ciphertext. In previous versions of wolfSSL the interior padding bytes are not validated...

6.3CVSS5.8AI score0.00111EPSS
Exploits0References2
OSV
OSV
added 2026/04/09 11:17 p.m.10 views

UBUNTU-CVE-2026-5504

A padding oracle exists in wolfSSL's PKCS7 CBC decryption that could allow an attacker to recover plaintext through repeated decryption queries with modified ciphertext. In previous versions of wolfSSL the interior padding bytes are not validated...

6.3CVSS5.8AI score0.00111EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/09 10:33 p.m.7 views

CVE-2026-5504 PKCS7 CBC Padding Oracle — Plaintext Recovery

A padding oracle exists in wolfSSL's PKCS7 CBC decryption that could allow an attacker to recover plaintext through repeated decryption queries with modified ciphertext. In previous versions of wolfSSL the interior padding bytes are not validated...

6.3CVSS5.8AI score0.00111EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2026/04/09 10:33 p.m.5 views

CVE-2026-5504

A padding oracle exists in wolfSSL's PKCS7 CBC decryption that could allow an attacker to recover plaintext through repeated decryption queries with modified ciphertext. In previous versions of wolfSSL the interior padding bytes are not validated...

6.3CVSS5.3AI score0.00111EPSS
Exploits0
CVE
CVE
added 2026/04/09 10:33 p.m.25 views

CVE-2026-5504

CVE-2026-5504 affects wolfSSL’s PKCS7 CBC decryption. A padding oracle could enable plaintext recovery via repeated decryption queries with modified ciphertext; earlier wolfSSL versions did not validate interior padding bytes. The Connected documents confirm this is a padding oracle vulnerability...

6.3CVSS5.9AI score0.00111EPSS
Exploits0References1Affected Software1
Debian CVE
Debian CVE
added 2026/04/09 10:33 p.m.5 views

CVE-2026-5504

A padding oracle exists in wolfSSL's PKCS7 CBC decryption that could allow an attacker to recover plaintext through repeated decryption queries with modified ciphertext. In previous versions of wolfSSL the interior padding bytes are not validated...

6.3CVSS5.3AI score0.00111EPSS
Exploits0
Cvelist
Cvelist
added 2026/04/09 10:33 p.m.21 views

CVE-2026-5504 PKCS7 CBC Padding Oracle — Plaintext Recovery

A padding oracle exists in wolfSSL's PKCS7 CBC decryption that could allow an attacker to recover plaintext through repeated decryption queries with modified ciphertext. In previous versions of wolfSSL the interior padding bytes are not validated...

6.3CVSS0.00111EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/09 9:31 p.m.4 views

EUVD-2026-21012

Padding Oracle vulnerability in Apache Tomcat's EncryptInterceptor with default configuration. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.0.0-M1 through 10.1.52, from 9.0.13 through 9..115, from 8.5.38 through 8.5.100, from 7.0.100 through 7.0.109. Users are...

5.8AI score0.03494EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/04/09 9:31 p.m.5 views

Apache Tomcat: Padding Oracle vulnerability in EncryptInterceptor

Padding Oracle vulnerability in Apache Tomcat's EncryptInterceptor with default configuration. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.0.0-M1 through 10.1.52, from 9.0.13 through 9..115, from 8.5.38 through 8.5.100, from 7.0.100 through 7.0.109. Users are...

7.5CVSS5.8AI score0.03494EPSS
Exploits1References11Affected Software2
OSV
OSV
added 2026/04/09 9:31 p.m.10 views

GHSA-H468-7PVH-8VR8 Apache Tomcat: Padding Oracle vulnerability in EncryptInterceptor

Padding Oracle vulnerability in Apache Tomcat's EncryptInterceptor with default configuration. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.0.0-M1 through 10.1.52, from 9.0.13 through 9..115, from 8.5.38 through 8.5.100, from 7.0.100 through 7.0.109. Users are...

8.7CVSS5.8AI score0.03494EPSS
Exploits1References11
OSV
OSV
added 2026/04/09 8:16 p.m.2 views

DEBIAN-CVE-2026-29146

Padding Oracle vulnerability in Apache Tomcat's EncryptInterceptor with default configuration. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.0.0-M1 through 10.1.52, from 9.0.13 through 9..115, from 8.5.38 through 8.5.100, from 7.0.100 through 7.0.109. Users are...

7.5CVSS5.6AI score0.03494EPSS
Exploits1References1
NVD
NVD
added 2026/04/09 8:16 p.m.6 views

CVE-2026-29146

Padding Oracle vulnerability in Apache Tomcat's EncryptInterceptor with default configuration. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.0.0-M1 through 10.1.52, from 9.0.13 through 9..115, from 8.5.38 through 8.5.100, from 7.0.100 through 7.0.109. Users are...

7.5CVSS0.03494EPSS
Exploits1References7
UbuntuCve
UbuntuCve
added 2026/04/09 8:16 p.m.3 views

CVE-2026-29146

Padding Oracle vulnerability in Apache Tomcat's EncryptInterceptor with default configuration. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.0.0-M1 through 10.1.52, from 9.0.13 through 9..115, from 8.5.38 through 8.5.100, from 7.0.100 through 7.0.109. Users are...

7.5CVSS5.8AI score0.03494EPSS
Exploits1References3
OSV
OSV
added 2026/04/09 8:16 p.m.6 views

UBUNTU-CVE-2026-29146

Padding Oracle vulnerability in Apache Tomcat's EncryptInterceptor with default configuration. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.0.0-M1 through 10.1.52, from 9.0.13 through 9..115, from 8.5.38 through 8.5.100, from 7.0.100 through 7.0.109. Users are...

7.5CVSS5.8AI score0.03494EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/04/09 7:21 p.m.26 views

CVE-2026-29146 Apache Tomcat: EncryptInterceptor vulnerable to padding oracle attack by default

Padding Oracle vulnerability in Apache Tomcat's EncryptInterceptor with default configuration. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.0.0-M1 through 10.1.52, from 9.0.13 through 9..115, from 8.5.38 through 8.5.100, from 7.0.100 through 7.0.109. Users are...

0.03494EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/04/09 7:21 p.m.4 views

CVE-2026-29146 Apache Tomcat: EncryptInterceptor vulnerable to padding oracle attack by default

Padding Oracle vulnerability in Apache Tomcat's EncryptInterceptor with default configuration. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.0.0-M1 through 10.1.52, from 9.0.13 through 9..115, from 8.5.38 through 8.5.100, from 7.0.100 through 7.0.109. Users are...

5.8AI score0.03494EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/04/09 7:21 p.m.4 views

CVE-2026-29146

Padding Oracle vulnerability in Apache Tomcat's EncryptInterceptor with default configuration. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.0.0-M1 through 10.1.52, from 9.0.13 through 9..115, from 8.5.38 through 8.5.100, from 7.0.100 through 7.0.109. Users are...

5.8AI score0.03494EPSS
Exploits1References2Affected Software1
Debian CVE
Debian CVE
added 2026/04/09 7:21 p.m.6 views

CVE-2026-29146

Padding Oracle vulnerability in Apache Tomcat's EncryptInterceptor with default configuration. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.0.0-M1 through 10.1.52, from 9.0.13 through 9..115, from 8.5.38 through 8.5.100, from 7.0.100 through 7.0.109. Users are...

7.5CVSS5.6AI score0.03494EPSS
Exploits1
CVE
CVE
added 2026/04/09 7:21 p.m.112 views

CVE-2026-29146

Summary of CVE-2026-29146 : The Padding Oracle flaw in Apache Tomcat’s EncryptInterceptor affects multiple Tomcat lines: 11.0.0-M1..11.0.18, 10.0.0-M1..10.1.52, 9.0.13..9.0.115, 8.5.38..8.5.100, and 7.0.100..7.0.109. Root cause: during a fix, EncryptInterceptor.messageReceived() was refactored so...

7.5CVSS5.8AI score0.03494EPSS
Exploits1References7Affected Software1
Rows per page
Query Builder