CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

22 matches found

OSV•added 2026/04/07 12:0 a.m.•1 views

UBUNTU-CVE-2026-28387

Issue summary: An uncommon configuration of clients performing DANE TLSA-based server authentication, when paired with uncommon server DANE TLSA records, may result in a use-after-free and/or double-free on the client side. Impact summary: A use after free can have a range of potential consequenc...

8.1CVSS6.2AI score0.00047EPSS

Exploits0References5

OSV•added 2025/10/15 7:23 p.m.•5 views

CVE-2025-62375 go-witness Improper Verification of AWS EC2 Identity Documents

go-witness and witness are Go modules for generating attestations. In go-witness versions 0.8.6 and earlier and witness versions 0.9.2 and earlier the AWS attestor improperly verifies AWS EC2 instance identity documents. Verification can incorrectly succeed when a signature is not present or is...

6.9CVSS6.6AI score0.00045EPSS

Exploits0References4

Cvelist•added 2025/10/15 7:23 p.m.•8 views

CVE-2025-62375 go-witness Improper Verification of AWS EC2 Identity Documents

6.9CVSS0.00045EPSS

Exploits0References2

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2000-0674

Malware in sbrugna...

5CVSS6.4AI score0.0045EPSS

Exploits0References4

RedhatCVE•added 2025/08/16 5:29 a.m.•4 views

CVE-2025-0309

An insufficient validation on the server connection endpoint in Netskope Client allows local users to elevate privileges on the system. The insufficient validation allows Netskope Client to connect to any other server with Public Signed CA TLS certificates and send specially crafted responses to...

6CVSS6.9AI score0.00056EPSS

Exploits1References1

Vulnrichment•added 2025/08/14 4:35 a.m.•2 views

CVE-2025-0309 Netskope Client Local Elevation of Privileges

6CVSS6.9AI score0.00056EPSS

Exploits1References2

Veracode•added 2025/06/18 4:51 a.m.•3 views

Improper Authentication

salt is vulnerable to Improper Authentication. The vulnerability is due to improper validation logic in the salt.auth.pki module, which treats the presence of a valid public certificate as sufficient for authentication without requiring the corresponding private key, allows an attacker to bypass...

6.4CVSS6.6AI score0.00123EPSS

Exploits0References6Affected Software1

SUSE CVE•added 2025/06/14 3:4 a.m.•2 views

SUSE CVE-2024-38825

The salt.auth.pki module does not properly authenticate callers. The "password" field contains a public certificate which is validated against a CA certificate by the module. This is not pki authentication, as the caller does not need access to the corresponding private key for the authentication...

6.4CVSS7AI score0.00123EPSS

Exploits0References23

RedhatCVE•added 2025/06/13 5:34 p.m.•4 views

CVE-2024-38825

6.4CVSS6.3AI score0.00123EPSS

Exploits0References2

OSV•added 2025/06/13 9:30 a.m.•3 views

GHSA-4J59-VV55-Q6H3 Salt's salt.auth.pki module does not properly authenticate callers

6.4CVSS7.3AI score0.00123EPSS

Exploits0References6

Github Security Blog•added 2025/06/13 9:30 a.m.•7 views

Salt's salt.auth.pki module does not properly authenticate callers

6.4CVSS6.5AI score0.00123EPSS

Exploits0References6Affected Software1

Snyk•added 2025/06/13 7:43 a.m.•1 views

Improper Certificate Validation

Overview salt is a new approach to infrastructure management built on a dynamic communication bus. Salt can be used for data-driven orchestration, remote execution for any infrastructure, configuration management for any app stack, and much more. Affected versions of this package are vulnerable t...

6.4CVSS7.3AI score0.00123EPSS

Exploits0References2

NVD•added 2025/06/13 7:15 a.m.•10 views

CVE-2024-38825

6.4CVSS0.00123EPSS

Exploits0References2

AlpineLinux•added 2025/06/13 7:15 a.m.•2 views

CVE-2024-38825

6.4CVSS7.4AI score0.00123EPSS

Exploits0References2

OSV•added 2025/06/13 7:15 a.m.•0 views

UBUNTU-CVE-2024-38825

6.4CVSS5.8AI score0.00123EPSS

Exploits0References4

Vulnrichment•added 2025/06/13 6:46 a.m.•2 views

CVE-2024-38825 CVE-2024-38825 Salt Advisory

6.4CVSS7.3AI score0.00123EPSS

Exploits0References2

CNNVD•added 2021/08/18 12:0 a.m.•4 views

Nextcloud Desktop Client 信任管理问题漏洞

Nextcloud is an open source suite of self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany.Nextcloud Desktop Client is a desktop client application for Nextcloud. A security vulnerability exists in versions of the Nextcloud Desktop Client prior to...

6.5CVSS6.4AI score0.00209EPSS

Exploits1References6

Positive Technologies•added 2021/08/18 12:0 a.m.•3 views

PT-2021-6528 · Nextcloud +1 · Nextcloud Desktop Client +1

Name of the Vulnerable Software and Affected Versions: Nextcloud Desktop Client versions prior to 3.3.0 Description: The issue is related to the end-to-end encryption feature of the Nextcloud Desktop Client, where the client fails to check if a private key belongs to a previously downloaded publi...

8.8CVSS5.9AI score0.02214EPSS

Exploits10References45

Cisco•added 2020/07/31 4:0 p.m.•20 views

Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Trustpoint Configuration Defaults

Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software can be configured for certificate authentication in remote access VPN deployments. An external researcher has identified several misconfigured Cisco ASA and FTD Software remote access devices where the...

2.4AI score

Exploits0References1

NVD•added 2000/10/20 4:0 a.m.•14 views

CVE-2000-0678

PGP 5.5.x through 6.5.3 does not properly check if an Additional Decryption Key ADK is stored in the signed portion of a public certificate, which allows an attacker who can modify a victim's public certificate to decrypt any data that has been encrypted with the modified certificate...

5CVSS6.2AI score0.0045EPSS

Exploits0References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by