266 matches found
CVE-2026-9076
CVE-2026-9076 describes a heap out-of-bounds read in the OpenSSL CMS password-based decryption flow (RFC 3211 PWRI key unwrap). When processing attacker-supplied CMS data, using a stream-mode KEK cipher chosen via the PWRI keyEncryptionAlgorithm, the check-byte guard can be bypassed, causing a bu...
UBUNTU-CVE-2026-42766
Issue summary: A specially crafted password-encrypted CMS message can trigger a NULL pointer dereference during CMS decryption. Impact summary: This NULL pointer dereference leads to an application crash and a Denial of Service. The CMS PasswordRecipientInfo.keyDerivationAlgorithm field is define...
PT-2026-47836
Name of the Vulnerable Software and Affected Versions OpenSSL affected versions not specified Description A NULL pointer dereference can occur during the decryption of password-encrypted Cryptographic Message Syntax CMS messages. The issue arises because the OpenSSL CMS implementation dereference...
PT-2026-47830
Name of the Vulnerable Software and Affected Versions OpenSSL affected versions not specified Description PKCS12 file processing fails to perform sufficient input validation for files using the Password-Based Message Authentication Code 1 PBMAC1 integrity mechanism. This allows an attacker to...
CVE-2026-45749
Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. The POST /users/totp/disable and POST /users/totp/backup-codes endpoints in Termix prior to version 2.3.2 accept the account password as a sole authentication factor for MFA-critical...
CVE-2026-45327
TinyIce is a streaming server for audio and video. In versions 0.8.95 through 2.4.1, missing authentication on WebRTC ingest endpoint allows unauthenticated stream injection. Version 2.5.0 fixes the issue by requiring either HTTP Basic auth or a ?password= query parameter, comparing the supplied...
PBES2-HS*+A*KW unwrap accepts an unbounded p2c iteration count, enabling CPU-amplification denial of service
Impact When a JWE uses a password-based key-encryption algorithm PBES2-HS256+A128KW, PBES2-HS384+A192KW, PBES2-HS512+A256KW, PBES2AESKW::unwrapKey reads the p2c PBKDF2 iteration count parameter directly from the attacker-controlled JOSE header and passes it to hashpbkdf2 with no upper bound. The...
CVE-2026-45749 Termix's TOTP two-factor authentication can be disabled or bypassed using only the account password
Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. The POST /users/totp/disable and POST /users/totp/backup-codes endpoints in Termix prior to version 2.3.2 accept the account password as a sole authentication factor for MFA-critical...
PT-2026-47021
Name of the Vulnerable Software and Affected Versions Termix versions prior to 2.3.2 Description Termix is a web-based server management platform providing SSH terminal, tunneling, and file editing capabilities. The endpoints "/users/totp/disable" and "/users/totp/backup-codes" allow MFA-critical...
jdbc.postgresql.org: pgjdbc: Client-side Denial of Service via malicious SCRAM-SHA-256 authentication
A flaw was found in pgjdbc, an open-source PostgreSQL JDBC Driver. A malicious server can exploit this vulnerability by instructing the driver to perform SCRAM-SHA-256 Salted Challenge Response Authentication Mechanism Secure Hash Algorithm 256 authentication with an excessively large iteration...
Nextcloud Server 授权问题漏洞
NextCloud Server is an open-source NextCloud server program. Versions of NextCloud Server from 32.0.0 to 32.0.9 and from 33.0.0 to 33.0.3 had authorization-related vulnerabilities. These vulnerabilities stemmed from authentication bypasses, allowing attackers who know the user’s password to...
GHSA-CQH3-JG8P-336J Yamcs Vulnerable to LDAP Injection in LdapAuthModule
Summary An LDAP injection vulnerability exists in org.yamcs.security.LdapAuthModule when constructing search filters. The username parameter is inserted directly into the LDAP filter without proper RFC 4515 escaping. Root Cause File:...
jdbc.postgresql.org: pgjdbc: Client-side Denial of Service via malicious SCRAM-SHA-256 authentication
A flaw was found in pgjdbc, an open-source PostgreSQL JDBC Driver. A malicious server can exploit this vulnerability by instructing the driver to perform SCRAM-SHA-256 Salted Challenge Response Authentication Mechanism Secure Hash Algorithm 256 authentication with an excessively large iteration...
Astra Linux – Vulnerability in erlang-jose
In versions 1.11.6 and earlier of erlang-jose also known as JOSE for Erlang and Elixir, attackers can exploit this vulnerability to cause a denial of service attack, resulting in high CPU usage. This vulnerability stems from a large p2c value in the JOSE header...
openssl: Out-of-bounds read & write in RFC 3211 KEK Unwrap
A flaw was found in the OpenSSL CMS implementation RFC 3211 KEK Unwrap. This vulnerability allows memory corruption, an application level denial of service, or potential execution of attacker-supplied code via crafted CMS messages using password-based encryption PWRI...
JLSEC-2026-255 Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation which can trigger a...
Issue summary: PBMAC1 parameters in PKCS12 files are missing validation which can trigger a stack-based buffer overflow, invalid pointer or NULL pointer dereference during MAC verification. Impact summary: The stack buffer overflow or NULL pointer dereference may cause a crash leading to Denial o...
JLSEC-2026-266
Issue summary: An application trying to decrypt CMS messages encrypted using password based encryption can trigger an out-of-bounds read and write. Impact summary: This out-of-bounds read may trigger a crash which leads to Denial of Service for an application. The out-of-bounds write can cause a...
CVE-2026-40582
ChurchCRM is an open-source church management system. In versions prior to 7.2.0, the /api/public/user/login endpoint validates only the username and password before returning the user's API key, bypassing the normal authentication flow that enforces account lockout and two-factor authentication...
NewStart CGSL MAIN 7.02 : tongsuo Vulnerability (NS-SA-2026-0039)
The remote NewStart CGSL host, running version MAIN 7.02, has tongsuo packages installed that are affected by a vulnerability: - Issue summary: An application trying to decrypt CMS messages encrypted using password based encryption can trigger an out-of-bounds read and write. Impact summary: This...
NewStart CGSL MAIN 7.02 : openssl Vulnerability (NS-SA-2026-0038)
The remote NewStart CGSL host, running version MAIN 7.02, has openssl packages installed that are affected by a vulnerability: - Issue summary: An application trying to decrypt CMS messages encrypted using password based encryption can trigger an out-of-bounds read and write. Impact summary: This...