Lucene search
K

3401 matches found

Cvelist
Cvelist
added 2026/07/01 2:7 p.m.36 views

CVE-2026-5142 Foreman: foreman: cross-tenant private ssh key disclosure via taxonomy scoping bypass

A flaw was found in foreman. Authenticated users with 'viewkeypairs' permission can bypass taxonomy scoping, allowing them to download private SSH Secure Shell keys from other organizations by directly querying key pair IDs. This vulnerability leads to cross-tenant data exposure in multi-tenant...

6.5CVSS0.00253EPSS
Exploits0References6
EUVD
EUVD
added 2026/07/01 2:7 p.m.9 views

EUVD-2026-41002

A flaw was found in foreman. Authenticated users with 'viewkeypairs' permission can bypass taxonomy scoping, allowing them to download private SSH Secure Shell keys from other organizations by directly querying key pair IDs. This vulnerability leads to cross-tenant data exposure in multi-tenant...

6.5CVSS5.7AI score0.00253EPSS
Exploits0References4
OSV
OSV
added 2026/06/30 11:5 a.m.2 views

CVE-2026-57082 Net::BitTorrent versions through 2.0.1 for Perl generate the MSE Diffie-Hellman private key with a non-cryptographic PRNG

Net::BitTorrent versions through 2.0.1 for Perl generate the MSE Diffie-Hellman private key with a non-cryptographic PRNG. The MSE Message Stream Encryption handshake derives its 160-bit Diffie-Hellman private key from Perl's rand, a non-cryptographic drand48-class generator seeded once per...

5.9CVSS5.9AI score0.00152EPSS
Exploits0References5
CVE
CVE
added 2026/06/29 4:7 p.m.26 views

CVE-2026-13750

Snowflake CLI contains a local-logging vulnerability prior to version 3.19 where sensitive credentials (passwords, tokens, or private key material) could be written to persistent debug logs. An attacker with read access to the affected user’s local log files could exfiltrate credentials if they a...

5.5CVSS5.8AI score0.00108EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/06/25 10:12 p.m.11 views

EUVD-2026-31402

golang.org/x/crypto/ssh/agent: Invoking pathological inputs can lead to client panic...

5.3CVSS5.8AI score0.00313EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/06/25 10:12 p.m.8 views

golang.org/x/crypto: Invoking pathological inputs can lead to client panic

For certain crafted inputs, a 'ed25519.PrivateKey' was created by casting malformed wire bytes, leading to a panic when used...

5.3CVSS6AI score0.00313EPSS
Exploits0References6Affected Software1
AlpineLinux
AlpineLinux
added 2026/06/25 7:59 p.m.9 views

CVE-2026-10097

wolfSSL's AVX2-optimized ML-KEM implementation mlkemcmpavx2 compares only 1536 of the 1568 ciphertext bytes during the Fujisaki-Okamoto re-encryption check in ML-KEM-1024 decapsulation. Ciphertexts that differ from the expected re-encryption solely in bytes 1536-1567 bypass implicit rejection and...

8.3CVSS5.8AI score0.00161EPSS
Exploits0References2
OSV
OSV
added 2026/06/24 2:0 p.m.5 views

UBUNTU-CVE-2026-8932

libcurl would reuse a previously created connection even when some mTLS config related option had been changed that should have prohibited reuse. libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. However, some TLS...

7.5CVSS6AI score0.00368EPSS
Exploits1References3
curl security advisories
curl security advisories
added 2026/06/24 8:0 a.m.32 views

incomplete mTLS config matching in conn reuse

libcurl would reuse a previously created connection even when some mTLS config related option had been changed that should have prohibited reuse. libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. However, some TLS...

7.5CVSS5.8AI score0.00368EPSS
Exploits1References1Affected Software2
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.15 views

PT-2026-51751

Name of the Vulnerable Software and Affected Versions curl versions 7.7 through 8.20.x Description libcurl incorrectly reuses connections from its connection pool when certain mTLS mutual TLS configuration options, specifically those related to the private key, are modified. Because these TLS...

7.5CVSS6.1AI score0.00368EPSS
Exploits1References45
RedhatCVE
RedhatCVE
added 2026/06/22 2:7 p.m.12 views

CVE-2026-12205

A flaw was found in Crypt::DSA, a Perl module for Digital Signature Algorithm DSA cryptography. This vulnerability occurs because the software reuses a unique random number, known as a nonce, for multiple digital signatures generated with the same cryptographic key. An attacker could exploit this...

9.1CVSS5.8AI score0.00289EPSS
Exploits0References5
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in mbedtls

A vulnerability was discovered in Mbed TLS before versions 2.28.2 and 3.x, prior to 3.3.0. An adversary with access to sufficiently precise information about memory accesses typically, an untrusted operating system attacking a secure environment can retrieve an RSA private key by observing the...

5.3CVSS6.1AI score0.00787EPSS
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/19 5:1 a.m.12 views

Malicious code in nodepathbalance54 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d5ade836e7f92049242a01dbc0782900900c4e28eb7e08f9d9ebc611aab80762 nodepathbalance54 exports a single function nodeaxionweb whose implementation is hidden inside a hand-rolled stack-based JavaScript VM in index.js...

6AI score
Exploits0References2
EUVD
EUVD
added 2026/06/16 12:34 a.m.12 views

EUVD-2026-37016

Crypt::DSA versions before 1.21 for Perl reused the nonce across signatures, leading to private-key recovery. Crypt::DSA::sign caches the per-signature nonce material in the Key object without ever clearing it. The first sign on a Key object picks a nonce, and every later sign on that same object...

5.2AI score0.00289EPSS
Exploits0References4
NVD
NVD
added 2026/06/15 11:16 p.m.13 views

CVE-2026-12205

Crypt::DSA versions before 1.21 for Perl reused the nonce across signatures, leading to private-key recovery. Crypt::DSA::sign caches the per-signature nonce material in the Key object without ever clearing it. The first sign on a Key object picks a nonce, and every later sign on that same object...

9.1CVSS0.00289EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/15 9:57 p.m.53 views

CVE-2026-12205 Crypt::DSA versions before 1.21 for Perl reused the nonce across signatures, leading to private-key recovery

Crypt::DSA versions before 1.21 for Perl reused the nonce across signatures, leading to private-key recovery. Crypt::DSA::sign caches the per-signature nonce material in the Key object without ever clearing it. The first sign on a Key object picks a nonce, and every later sign on that same object...

0.00289EPSS
Exploits0References2
CVE
CVE
added 2026/06/15 9:57 p.m.22 views

CVE-2026-12205

Crypt::DSA for Perl versions before 1.21 reuse the per-signature nonce across signatures because the sign() function caches nonce data in the Key object and does not clear it. The first sign() selects a nonce and later signs reuse that nonce, producing identical r values, enabling potential priva...

9.1CVSS5.2AI score0.00289EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/06/15 9:57 p.m.11 views

CVE-2026-12205

Crypt::DSA versions before 1.21 for Perl reused the nonce across signatures, leading to private-key recovery. Crypt::DSA::sign caches the per-signature nonce material in the Key object without ever clearing it. The first sign on a Key object picks a nonce, and every later sign on that same object...

9.1CVSS5.3AI score0.00289EPSS
Exploits0
OSV
OSV
added 2026/06/15 9:57 p.m.1 views

CVE-2026-12205 Crypt::DSA versions before 1.21 for Perl reused the nonce across signatures, leading to private-key recovery

Crypt::DSA versions before 1.21 for Perl reused the nonce across signatures, leading to private-key recovery. Crypt::DSA::sign caches the per-signature nonce material in the Key object without ever clearing it. The first sign on a Key object picks a nonce, and every later sign on that same object...

9.1CVSS5.9AI score0.00289EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/06/15 12:0 a.m.34 views

CVE-2026-50892

Incorrect access control in the "Let's Encrypt" certificate download endpoint of Nginx Proxy Manager v2.14.0 allows authenticated attackers to obtain the TLS private key material via a crafted GET request...

0.00171EPSS
Exploits0References1
Rows per page
Query Builder