CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

SUSE CVE•added 2026/04/03 11:26 p.m.•4 views

SUSE CVE-2026-25835

Mbed TLS before 3.6.6 and TF-PSA-Crypto before 1.1.0 misuse seeds in a Pseudo-Random Number Generator PRNG...

SUSE CVE•added 2026/04/03 11:24 p.m.•3 views

Exploits0References8

SUSE CVE-2026-34871

An issue was discovered in Mbed TLS before 3.6.6 and 4.x before 4.1.0 and TF-PSA-Crypto before 1.1.0. There is a Predictable Seed in a Pseudo-Random Number Generator PRNG...

6.7CVSS5.8AI score0.00192EPSS

Tenable Nessus•added 2026/04/03 12:0 a.m.•4 views

Linux Distros Unpatched Vulnerability : CVE-2026-25835

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Mbed TLS before 3.6.6 and TF-PSA-Crypto before 1.1.0 misuse seeds in a Pseudo-Random Number Generator PRNG. CVE-2026-25835 Note that Nessus relies on the presen...

Tenable Nessus•added 2026/04/03 12:0 a.m.•6 views

Linux Distros Unpatched Vulnerability : CVE-2026-34875

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Mbed TLS through 3.6.5 and TF-PSA-Crypto 1.0.0. A buffer overflow can occur in public key export for FFDH keys. CVE-2026-34875 Note...

9.8CVSS6AI score0.00366EPSS

RedhatCVE•added 2026/04/02 5:58 a.m.•3 views

CVE-2026-34875

A flaw was found in Mbed TLS and TF-PSA-Crypto. This vulnerability, a buffer overflow, occurs during the export of public keys for FFDH Finite Field Diffie-Hellman keys. A remote attacker could exploit this to potentially execute arbitrary code, gaining full control over the affected system, or...

9.8CVSS6.2AI score0.00366EPSS

Exploits0References5

RedhatCVE•added 2026/04/02 5:58 a.m.•4 views

CVE-2025-66442

A flaw was found in Mbed TLS and TF-PSA-Crypto. This vulnerability is a compiler-induced timing side channel that occurs when the LLVM compiler's select-optimize feature is enabled. A remote attacker could potentially exploit this timing difference during RSA and CBC/ECB decryption operations to...

5.9CVSS5.8AI score0.0027EPSS

Exploits0References7

RedhatCVE•added 2026/04/02 5:58 a.m.•3 views

CVE-2026-34872

A flaw was found in Mbed TLS and TF-PSA-Crypto. This vulnerability, stemming from improper input validation in the finite-field Diffie-Hellman FFDH key exchange, allows a remote attacker to force the shared secret into a small, predictable set of values. This lack of contributory behavior can...

9.1CVSS5.9AI score0.00204EPSS

Exploits0References5

UbuntuCve•added 2026/04/01 8:16 p.m.•3 views

CVE-2025-66442

In Mbed TLS through 4.0.0, there is a compiler-induced timing side channel in RSA and CBC/ECB decryption that only occurs with LLVM's select-optimize feature. TF-PSA-Crypto through 1.0.0 is also affected...

5.1CVSS5.9AI score0.0027EPSS

Exploits0References5

OSV•added 2026/04/01 7:16 p.m.•2 views

DEBIAN-CVE-2026-34871

An issue was discovered in Mbed TLS before 3.6.6 and 4.x before 4.1.0 and TF-PSA-Crypto before 1.1.0. There is a Predictable Seed in a Pseudo-Random Number Generator PRNG...

6.7CVSS4.4AI score0.00192EPSS

Exploits0References1

NVD•added 2026/04/01 7:16 p.m.•2 views

CVE-2026-25835

Mbed TLS before 3.6.6 and TF-PSA-Crypto before 1.1.0 misuse seeds in a Pseudo-Random Number Generator PRNG...

7.7CVSS0.0017EPSS

OSV•added 2026/04/01 7:16 p.m.•2 views

DEBIAN-CVE-2026-25835

Mbed TLS before 3.6.6 and TF-PSA-Crypto before 1.1.0 misuse seeds in a Pseudo-Random Number Generator PRNG...

7.7CVSS5.2AI score0.0017EPSS

Exploits0References1

OSV•added 2026/04/01 7:16 p.m.•5 views

UBUNTU-CVE-2026-25835

Mbed TLS before 3.6.6 and TF-PSA-Crypto before 1.1.0 misuse seeds in a Pseudo-Random Number Generator PRNG...

OSV•added 2026/04/01 7:16 p.m.•1 views

UBUNTU-CVE-2026-34871

An issue was discovered in Mbed TLS before 3.6.6 and 4.x before 4.1.0 and TF-PSA-Crypto before 1.1.0. There is a Predictable Seed in a Pseudo-Random Number Generator PRNG...

6.7CVSS5.8AI score0.00192EPSS

Cvelist•added 2026/04/01 12:0 a.m.•19 views

CVE-2026-34875

An issue was discovered in Mbed TLS through 3.6.5 and TF-PSA-Crypto 1.0.0. A buffer overflow can occur in public key export for FFDH keys...

0.00366EPSS

Cvelist•added 2026/04/01 12:0 a.m.•20 views

CVE-2026-34871

An issue was discovered in Mbed TLS before 3.6.6 and 4.x before 4.1.0 and TF-PSA-Crypto before 1.1.0. There is a Predictable Seed in a Pseudo-Random Number Generator PRNG...

0.00192EPSS

Cvelist•added 2026/04/01 12:0 a.m.•17 views

CVE-2025-66442

0.0027EPSS

Exploits0References4

CNNVD•added 2026/04/01 12:0 a.m.•5 views

Mbed TLS 安全漏洞

Mbed TLS is an open-source, portable, easy-to-use, readable, and flexible SSL library developed by Mbed TLS. Versions of Mbed TLS prior to 3.6.6 and TF-PSA-Crypto prior to 1.1.0 contained security vulnerabilities, which were caused by improper use of seeds in the pseudo-random number generators...