Lucene search
+L

3408 matches found

Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.19 views

PT-2026-47830

Name of the Vulnerable Software and Affected Versions OpenSSL affected versions not specified Description PKCS12 file processing fails to perform sufficient input validation for files using the Password-Based Message Authentication Code 1 PBMAC1 integrity mechanism. This allows an attacker to...

9.1CVSS5.5AI score0.02719EPSS
Exploits0References99
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.19 views

PT-2026-47840

Name of the Vulnerable Software and Affected Versions OpenSSL FIPS modules versions 3.0, 3.4, 3.5, 3.6, and 4.0 Description When the EVP PKEY derive set peer function is called with a DHX X9.42 peer key, the software fails to properly verify subgroup membership. Specifically, the check Y^q ≡ 1 mo...

3.7CVSS5.5AI score0.00259EPSS
Exploits0References118
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.11 views

OpenSSL 加密问题漏洞

OpenSSL is an open-source encryption library developed by the OpenSSL team that enables secure implementation of Secure Sockets Layer SSLv2/v3 and Secure Transport Layer TLSv1 protocols. This product supports various encryption algorithms, including symmetric ciphers, hash algorithms, and secure...

7.4CVSS5.8AI score0.00196EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/06/09 12:0 a.m.48 views

OpenSSL 3.6.0 < 3.6.3 Multiple Vulnerabilities

The version of OpenSSL installed on the remote host is prior to 3.6.3. It is, therefore, affected by multiple vulnerabilities as referenced in the 3.6.3 advisory. - Issue summary: A specially crafted PKCS7 or S/MIME signed message could trigger a use-after-free during PKCS7 signature verification...

9.1CVSS7.3AI score0.02719EPSS
Exploits0References53
ATTACKERKB
ATTACKERKB
added 2026/06/08 4:53 p.m.7 views

CVE-2026-45581

fabric-chaincode-java is a Java based implementation of Hyperledger Fabric chaincode shim APIs. From version 2.3.1 to before version 2.5.10, when chaincode is deployed in chaincode-as-a-service mode with TLS enabled, the chaincode server INFO level logging includes the TLS private key password in...

5.5CVSS5.4AI score0.00106EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/08 4:53 p.m.8 views

CVE-2026-45581 fabric-chaincode-java: TLS Private Key Password Disclosed in INFO Startup Logs in Chaincode-as-a-Service Mode

fabric-chaincode-java is a Java based implementation of Hyperledger Fabric chaincode shim APIs. From version 2.3.1 to before version 2.5.10, when chaincode is deployed in chaincode-as-a-service mode with TLS enabled, the chaincode server INFO level logging includes the TLS private key password in...

5.5CVSS5.4AI score0.00106EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/08 4:53 p.m.45 views

CVE-2026-45581 fabric-chaincode-java: TLS Private Key Password Disclosed in INFO Startup Logs in Chaincode-as-a-Service Mode

fabric-chaincode-java is a Java based implementation of Hyperledger Fabric chaincode shim APIs. From version 2.3.1 to before version 2.5.10, when chaincode is deployed in chaincode-as-a-service mode with TLS enabled, the chaincode server INFO level logging includes the TLS private key password in...

5.5CVSS0.00106EPSS
Exploits0References1
CVE
CVE
added 2026/06/08 4:53 p.m.25 views

CVE-2026-45581

CVE-2026-45581 affects fabric-chaincode-java (Hyperledger Fabric chaincode runtime). In versions 2.3.1 through 2.5.09, when deployed in chaincode-as-a-service mode with TLS enabled, the chaincode server’s INFO logs include the TLS private key password in plaintext, enabling an attacker with log a...

5.5CVSS5.4AI score0.00106EPSS
Exploits0References1
Hacker One
Hacker One
added 2026/06/08 3:11 a.m.946 views

curl: SSH/SFTP connection reuse can bypass SSH key identity after ssh_config_matches removal

Summary: libcurl's SSH/SFTP connection reuse logic no longer binds a pooled SSH connection to the SSH key identity requested by the new transfer. After sshconfigmatches was removed, urlmatchprotoconfig again has no SSH-specific check for CURLOPTSSHPUBLICKEYFILE or CURLOPTSSHPRIVATEKEYFILE. An...

7.7CVSS7.5AI score0.02596EPSS
Exploits2
CNNVD
CNNVD
added 2026/06/08 12:0 a.m.13 views

Hyperledger Fabric Chaincode Java 日志信息泄露漏洞

Hyperledger Fabric Chaincode Java is an open-source Java-based smart contract development framework developed by the Hyperledger project. In versions 2.3.1 to 2.5.10 of Hyperledger Fabric Chaincode Java, there was a vulnerability involving log information leakage. This vulnerability occurred when...

5.5CVSS5.3AI score0.00106EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/05 8:7 p.m.16 views

Malicious Package

Overview moustick is a malicious package. This package contains malicious code that fetches and eval a remote payload from attacker-controlled URL https://www.jsonkeeper.com/b/MYUKZ on require in moustick/index.js. The payload is designed to extract RELAYERPRIVATEKEY and JWTSECRET from the victim...

9.8CVSS5.6AI score
Exploits0References2
Snyk
Snyk
added 2026/06/05 8:7 p.m.11 views

Malicious Package

Overview cookie-parser-legacy is a malicious package. This package contains malicious code that uses another malicious package moustick Snyk Advisory as a dependency to fetch a remote payload from attacker-controlled URL https://www.jsonkeeper.com/b/MYUKZ. The payload is designed to extract...

9.8CVSS5.6AI score
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:46 p.m.9 views

CVE-2026-46598

A flaw was found in golang.org/x/crypto/ssh/agent. An attacker could provide specially crafted inputs that, when processed, lead to the creation of an ed25519.PrivateKey by casting malformed wire bytes. This improper input handling can cause the program to panic and crash, resulting in a Denial o...

5.3CVSS5.3AI score0.00313EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/06/05 7:18 p.m.13 views

CVE-2026-45433

This vulnerability exists in GX Earth 2022 ONT models due to the presence of hardcoded RSA private key within the device firmware. A remote attacker could exploit this vulnerability by extracting the cryptographic private key from the firmware, which could lead to decryption of HTTPS traffic and...

8.7CVSS5.5AI score0.00344EPSS
Exploits0References1
NVD
NVD
added 2026/06/05 7:16 p.m.17 views

CVE-2026-46395

HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0, the hmacBase64 function in the HAXcms Node.js backend contains two critical cryptographic implementation errors that together allow any unauthenticated attacker to extract the system’s private signing ke...

9.3CVSS0.00295EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:13 p.m.14 views

CVE-2026-40965

Cloud Foundry UAA versions v76.12.0 through v78.12.0 are vulnerable to a private key exposure. The server contains a vulnerability where EC Elliptic Curve private keys are inadvertently exposed through the public /tokenkeys endpoint. This endpoint is designed to provide public key material for JW...

10CVSS5.4AI score0.00346EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/05 6:27 p.m.15 views

CVE-2026-46395 HAX CMS Vulnerable to Private Key Disclosure via Broken HMAC Implementation

HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0, the hmacBase64 function in the HAXcms Node.js backend contains two critical cryptographic implementation errors that together allow any unauthenticated attacker to extract the system’s private signing ke...

9.3CVSS5.9AI score0.00295EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/06/05 6:27 p.m.33 views

CVE-2026-46395 HAX CMS Vulnerable to Private Key Disclosure via Broken HMAC Implementation

HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0, the hmacBase64 function in the HAXcms Node.js backend contains two critical cryptographic implementation errors that together allow any unauthenticated attacker to extract the system’s private signing ke...

9.3CVSS0.00295EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/06/05 6:27 p.m.14 views

CVE-2026-46395

HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0, the hmacBase64 function in the HAXcms Node.js backend contains two critical cryptographic implementation errors that together allow any unauthenticated attacker to extract the system’s private signing ke...

9.3CVSS5.9AI score0.00295EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2026/06/05 6:27 p.m.32 views

CVE-2026-46395

HAX CMS Node.js backend (before 26.0.0) exposes a critical cryptographic flaw in the hmacBase64() function. It uses a hardcoded signing key of the string "0" and then appends the real key (this.privateKey + this.salt) to the output, producing tokens that reveal the private key when decoded. An un...

9.3CVSS5.9AI score0.00295EPSS
Exploits1References1
Rows per page
Query Builder