Lucene search
K

85 matches found

Cvelist
Cvelist
added yesterday24 views

CVE-2026-53763 OP-TEE has AES-GCM 32-bit integer overflow in length counters that breaks authentication guarantee

OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 3.0.0 and prior to version 4.11.0, 32-bit integer overflows in OP-TEE core's AES-GCM implementation cause the...

3.8CVSS0.00026EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added yesterday3 views

CVE-2026-41516

OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 4.5.0 and prior to version 4.11.0, the RSA PKCS1 v1.5 decryption implementation in the Hisilicon HPRE crypto driver...

2.5CVSS6AI score
Exploits0References2Affected Software1
CVE
CVE
added yesterday5 views

CVE-2026-41514

OP-TEE affects Cortex-A TrustZone, with RSA-OAEP decryption in the Hisilicon HPRE driver vulnerable from v4.5.0 up to v4.11.0 due to non-constant-time memcmp() in label hash verification and multiple distinct error paths. This creates a padding oracle allowing plaintext recovery on ~1,000–2,000 a...

2.5CVSS6AI score
Exploits0References1
Cvelist
Cvelist
added yesterday21 views

CVE-2026-41514 OP-TEE: RSA-OAEP padding oracle in Hisilicon HPRE driver enables plaintext recovery

OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 4.5.0 and prior to version 4.11.0, the RSA-OAEP decryption implementation in the Hisilicon HPRE crypto driver uses...

2.5CVSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/06/20 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-43915

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Coturn is a free open source implementation of TURN and STUN Server. Versions prior to 4.11.0 contain a stored cross-site scripting XSS vulnerability in the...

5.4CVSS5.6AI score0.00141EPSS
Exploits0References3
OSV
OSV
added 2026/06/18 8:16 p.m.6 views

UBUNTU-CVE-2026-43915

Coturn is a free open source implementation of TURN and STUN Server. Versions prior to 4.11.0 contain a stored cross-site scripting XSS vulnerability in the web-admin HTTPS interface. An attacker who can create a TURN allocation with a crafted USERNAME value can inject HTML/JavaScript that execut...

5.4CVSS5.6AI score0.00141EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.9 views

PT-2026-50779

Name of the Vulnerable Software and Affected Versions Coturn versions prior to 4.11.0 Description A stored cross-site scripting XSS issue exists in the web-admin HTTPS interface. An attacker can inject HTML or JavaScript by creating a TURN allocation with a crafted USERNAME value. This script...

5.4CVSS5.8AI score0.00141EPSS
Exploits0References15
Vulnrichment
Vulnrichment
added 2026/06/03 5:55 p.m.6 views

CVE-2026-45702 OP-TEE has FF-A type confusion in SPMC tmem path that causes S-EL1 kernel panic

OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 4.3.0 and prior to version 4.11.0, a type confusion vulnerability exists in OP-TEE OS when processing an FFAMEMSHARE...

4.4CVSS5.8AI score0.00155EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/06/03 5:53 p.m.40 views

CVE-2026-45614 OP-TEE vulnerable to ECDH private key recovery

OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Prior to version 4.11.0, on many of the ECDH shared secret paths, the public key isn't verified to be a point on the correct curve. By...

4.7CVSS0.00096EPSS
Exploits1References1
EUVD
EUVD
added 2026/06/03 5:53 p.m.11 views

EUVD-2026-34159

OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Prior to version 4.11.0, on many of the ECDH shared secret paths, the public key isn't verified to be a point on the correct curve. By...

4.7CVSS5.8AI score0.00096EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/06/03 12:0 a.m.20 views

PT-2026-46045

Name of the Vulnerable Software and Affected Versions OP-TEE versions prior to 4.11.0 Description OP-TEE is a Trusted Execution Environment designed as a companion to a non-secure Linux kernel running on Arm Cortex-A cores using TrustZone technology. In several ECDH shared secret paths, the publi...

4.7CVSS5.8AI score0.00096EPSS
Exploits1References5
OSV
OSV
added 2026/04/24 3:16 a.m.3 views

DEBIAN-CVE-2026-33317

OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. In versions 3.13.0 through 4.10.0, missing checks in entrygetattributevalue in ta/pkcs11/src/object.c can lead to out-of-bounds read from...

8.7CVSS5.6AI score0.00183EPSS
Exploits2References1
ATTACKERKB
ATTACKERKB
added 2026/04/24 2:20 a.m.10 views

CVE-2026-33317

OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. In versions 3.13.0 through 4.10.0, missing checks in entrygetattributevalue in ta/pkcs11/src/object.c can lead to out-of-bounds read from...

8.7CVSS5.9AI score0.00183EPSS
Exploits2References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/24 12:0 a.m.15 views

PT-2026-34837

OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. In versions 3.13.0 through 4.10.0, missing checks in entry get attribute value in ta/pkcs11/src/object.c can lead to out-of-bounds read...

8.7CVSS5.9AI score0.00183EPSS
Exploits2References6
CNNVD
CNNVD
added 2026/03/12 12:0 a.m.6 views

GL-iNet GL-AR300M16 安全漏洞

GL-iNet GL-AR300M16 is a portable mini router produced by the Chinese company GL-iNet. The version GL-iNet GL-AR300M16 v4.3.11 contains a security vulnerability. This vulnerability stems from an SQL injection vulnerability in the addgroup function, which may allow for the execution of arbitrary S...

8.8CVSS6.1AI score0.00453EPSS
Exploits1References1
NVD
NVD
added 2026/03/10 6:17 p.m.4 views

CVE-2025-27769

A vulnerability has been identified in Heliox Flex 180 kW EV Charging Station All versions F4.11.1, Heliox Mobile DC 40 kW EV Charging Station All versions L4.10.1. Affected devices contain improper access control that could allow an attacker to reach unauthorized services via the charging cable...

2.6CVSS0.00141EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/02/27 9:33 p.m.7 views

ZITADEL has potential SSRF via Actions

Summary ZITADEL Action V2 introduced as early preview in 2.59.0, beta in 3.0.0 and GA in 4.0.0 is a webhook based approach to allow developers act on API request to Zitadel and customize flows such the issue of a token. ZITADEL's Action target URLs can point to local hosts, potentially allowing...

6.5CVSS5.9AI score0.00226EPSS
Exploits0References5Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/28 9:17 p.m.3 views

CVE-2026-24473

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.11.7, Serve static Middleware for the Cloudflare Workers adapter contains an information disclosure vulnerability that may allow attackers to read arbitrary keys from the Workers environment...

6.3CVSS5.9AI score0.00419EPSS
Exploits0References1
EUVD
EUVD
added 2026/01/28 4:10 p.m.4 views

EUVD-2026-4752

Hono vulnerable to XSS through ErrorBoundary component...

4.7CVSS5.8AI score0.00298EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/01/27 7:41 p.m.20 views

CVE-2026-24771 Hono has a Cross-site Scripting vulnerability

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.11.7, a Cross-Site Scripting XSS vulnerability exists in the ErrorBoundary component of the hono/jsx library. Under certain usage patterns, untrusted user-controlled strings may be rendered as...

4.7CVSS0.00298EPSS
Exploits0References2
Rows per page
Query Builder