CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

92 matches found

CVE-2026-6458

Missing cryptographic step in Caliptra Core Firmware aes256gcmupdate module results in an incorrect GCM authentication tag. When the streaming AES-256-GCM API is used with empty AAD, the hardware GHASH accumulator state is not saved after the first update call, causing the final tag to exclude th...

5.1CVSS0.00128EPSS

Exploits0References1

CVE•added 2 days ago•6 views

CVE-2026-6458

CVE-2026-6458 involves the Caliptra Core Firmware (aes_256_gcm_update module) where a missing cryptographic step in the streaming AES-256-GCM API with empty AAD leads to the hardware GHASH accumulator state not being saved after the first update. As a result, the final GCM authentication tag does...

5.1CVSS5.8AI score0.00128EPSS

Exploits0References1

Cvelist•added 2 days ago•18 views

CVE-2026-6458 AES-256-GCM Authentication Tag Does Not Cover First Ciphertext Blocks When AAD Is Empty

5.1CVSS0.00128EPSS

Exploits0References1

SUSE CVE•added 2026/06/13 2:17 a.m.•7 views

SUSE CVE-2026-45446

Issue summary: The implementations of AES-SIV RFC 5297 and AES-GCM-SIV RFC 8452 mishandle the authentication of AAD Additional Authenticated Data with an empty ciphertext allowing a forgery of such messages. Impact summary: An attacker can forge empty messages with arbitrary AAD to the victim's...

5.3CVSS5.7AI score0.0021EPSS

Exploits0References10

Tenable Nessus•added 2026/06/10 12:0 a.m.•8 views

Linux Distros Unpatched Vulnerability : CVE-2026-45446

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Issue summary: The implementations of AES-SIV RFC 5297 and AES-GCM-SIV RFC 8452 mishandle the authentication of AAD Additional Authenticated Data with an empty...

4.8CVSS5.8AI score0.0021EPSS

Exploits0References3

vulnersOsv•added 2026/06/08 5:52 p.m.•5 views

aad-fastapi (>=1.0.0 <=1.1.2), aad-fastapi-dl37 (>=1.0.0 <=1.0.3) +232 more potentially affected by CVE-2026-41479 via authlib (>=0.10.0 <=1.6.1)

authlib PYPI version =0.10.0, =1.0.0, =1.0.0, =0.0.1, =1.0.2, =1.0.2, =1.2.0a20250730, =1.1.0, =1.2.0a20250730, =0.1.0, =0.1.0a1, =1.2.0, =1.2.0a20250730, =1.2.0a20250730, =1.2.0a20250730, =1.2.0, =1.2.1 and more Source cves: CVE-2026-41479 Source advisory: OSV:GHSA-W8P2-R796-3VMQ...

5.5AI score0.00155EPSS

Exploits0

Tenable Nessus•added 2026/05/19 12:0 a.m.•14 views

RHEL 9 : kernel (RHSA-2026:19225)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:19225 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: Linux kernel: Denial of Servi...

8.8CVSS7.2AI score0.96775EPSS

Exploits254References10

AlmaLinux•added 2026/05/19 12:0 a.m.•12 views

Important: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: Linux kernel: Denial of Service in authencesn due to too-short AAD CVE-2026-23060 kernel: crypto: algifaead - Revert to operating out-of-place CVE-2026-31431 kernel: crypto: afalg - limit...

8.8CVSS7.2AI score0.96775EPSS

Exploits254References10

vulnersOsv•added 2026/05/13 1:36 a.m.•7 views

aad-fastapi-dl37 (>=1.0.0 <=1.0.2), agentiq (>=1.2.0a20250730 <=1.2.0rc4) +171 more potentially affected by CVE-2026-44681 via authlib (>=1.0.0 <=1.6.11)

authlib PYPI version =1.0.0, =1.0.0, =1.2.0a20250730, =1.1.0, =1.2.0a20250730, =0.1.0, =0.1.0a1, =1.2.0, =1.2.0a20250730, =1.2.0a20250730, =1.2.0a20250730, =1.2.0, =1.2.0a20250730, =1.2.0a20250730, =1.2.0a20250730, =1.2.0a20250730, =1.2.0rc4 and more Source cves: CVE-2026-44681 Source advisory:...

6.1CVSS5.4AI score0.00203EPSS

Exploits1

vulnersOsv•added 2026/05/13 1:36 a.m.•5 views

aad-fastapi (>=1.0.0 <=1.1.2), aad-fastapi-dl37 (>=1.0.0 <=1.0.3) +235 more potentially affected by CVE-2026-44681 via authlib (>=0.10.0 <=1.6.11)

6.1CVSS5.4AI score0.00203EPSS

Exploits1

Tenable Nessus•added 2026/05/07 12:0 a.m.•17 views

CentOS 9 : kernel-5.14.0-701.el9

The remote CentOS Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the kernel-5.14.0-701.el9 build changelog. - In the Linux kernel, the following vulnerability has been resolved: crypto: afalg - limit RX SG extraction by receive buffer budget Mak...

9.8CVSS6.2AI score0.96775EPSS

Exploits228References6

Tenable Nessus•added 2026/05/06 12:0 a.m.•9 views

Oracle Linux 10 : kernel (ELSA-2026-13566)

The remote Oracle Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-13566 advisory. - crypto: authencesn - Do not place hiseq at end of dst for out-of-place decryption Vladislav Dronov RHEL-172211 CVE-2026-31431 - crypto: authencesn ...

9.8CVSS6.5AI score0.96775EPSS

Exploits228References5

GithubExploit•added 2026/05/05 1:52 p.m.•72 views

Exploit for Incorrect Resource Transfer Between Spheres in Linux Linux_Kernel

CVE-2026-31431 Copy Fail Toolset This repository contains t...

7.8CVSS7.3AI score0.96775EPSS

Exploits228

vulnersOsv•added 2026/04/24 8:16 p.m.•10 views

aad-fastapi (>=1.0.0 <=1.1.2), aad-fastapi-dl37 (>=1.0.0 <=1.0.3) +233 more potentially affected by CVE-2026-41425 via authlib (>=0.10.0 <=1.6.10)

5.4CVSS5.3AI score0.00106EPSS

Exploits1

vulnersOsv•added 2026/04/16 10:38 p.m.•5 views

aad-fastapi-dl37 (>=1.0.0 <=1.0.2), agentiq (>=1.2.0a20250730 <=1.2.0rc4) +168 more potentially affected by CVE-2026-41425 via authlib (>=1.0.0 <=1.6.10)

5.4CVSS5.3AI score0.00106EPSS

Exploits1

vulnersOsv•added 2026/04/16 10:38 p.m.•11 views

aad-fastapi (>=1.0.0 <=1.1.2), aad-fastapi-dl37 (>=1.0.0 <=1.0.3) +233 more potentially affected by CVE-2026-41425 via authlib (>=0.10.0 <=1.6.10)

5.4CVSS5.3AI score0.00106EPSS

Exploits1

vulnersOsv•added 2026/03/16 8:53 p.m.•4 views

aad-fastapi-dl37 (>=1.0.0 <=1.0.2), agentiq (>=1.2.0a20250730 <=1.2.0rc4) +225 more potentially affected by CVE-2026-28498 via authlib (>=1.0.0 <=1.6.8)

authlib PYPI version =1.0.0, =1.0.0, =1.2.0a20250730, =1.1.0, =1.2.0a20250730, =0.4.0, =0.1.0, =0.5.0, =0.1.0a1, =1.2.0, =1.2.0a20250730, =1.2.0a20250730, =1.2.0a20250730, =1.2.0, =1.2.0a20250730, =1.2.0a20250730, =1.2.0rc4 and more Source cves: CVE-2026-28498 Source advisory:...

8.2CVSS7.7AI score0.00201EPSS

Exploits1

vulnersOsv•added 2026/03/16 4:15 p.m.•3 views

aad-fastapi (>=1.0.0 <=1.1.2), aad-fastapi-dl37 (>=1.0.0 <=1.0.3) +283 more potentially affected by CVE-2026-28498 via authlib (>=0.10.0 <=1.6.8)

authlib PYPI version =0.10.0, =1.0.0, =1.0.0, =0.0.1, =1.0.2, =1.0.2, =1.2.0a20250730, =1.1.0, =1.2.0a20250730, =0.4.0, =0.1.0, =0.5.0, =0.1.0a1, =1.2.0, =1.2.0a20250730, =1.2.0a20250730, =1.2.0rc4 and more Source cves: CVE-2026-28498 Source advisory: OSV:GHSA-M344-F55W-2M6J...

8.2CVSS7.7AI score0.00201EPSS

Exploits1

vulnersOsv•added 2026/03/16 3:17 p.m.•2 views

aad-fastapi (>=1.0.0 <=1.1.2), aad-fastapi-dl37 (>=1.0.0 <=1.0.3) +283 more potentially affected by CVE-2026-28490 via authlib (>=0.10.0 <=1.6.8)

8.3CVSS5.4AI score0.00142EPSS

Exploits1

vulnersOsv•added 2026/03/16 3:17 p.m.•4 views

aad-fastapi (>=1.0.0 <=1.1.2), aad-fastapi-dl37 (>=1.0.0 <=1.0.3) +283 more potentially affected by CVE-2026-27962 via authlib (>=0.10.0 <=1.6.8)

9.1CVSS7.7AI score0.0041EPSS

Exploits1

Rows per page