Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

9 matches found

NVD
NVDadded 2026/06/09 5:17 p.m.7 views

CVE-2026-45446

Issue summary: The implementations of AES-SIV RFC 5297 and AES-GCM-SIV RFC 8452 mishandle the authentication of AAD Additional Authenticated Data with an empty ciphertext allowing a forgery of such messages. Impact summary: An attacker can forge empty messages with arbitrary AAD to the victim's...

4.8CVSS0.0021EPSS
Exploits0References6
Vulnrichment
Vulnrichmentadded 2026/06/09 4:3 p.m.11 views

CVE-2026-45446 Incorrect Tag Processing for Empty Messages in AES-GCM-SIV and AES-SIV modes

Issue summary: The implementations of AES-SIV RFC 5297 and AES-GCM-SIV RFC 8452 mishandle the authentication of AAD Additional Authenticated Data with an empty ciphertext allowing a forgery of such messages. Impact summary: An attacker can forge empty messages with arbitrary AAD to the victim's...

5.7AI score0.0021EPSS
Exploits0References6
Positive Technologies
Positive Technologiesadded 2026/06/09 12:0 a.m.11 views

PT-2026-47843

Name of the Vulnerable Software and Affected Versions OpenSSL versions 3.0 through 3.3 Description The implementations of AES-SIV and AES-GCM-SIV mishandle the authentication of Additional Authenticated Data AAD when the ciphertext is empty, which allows for the forgery of such messages. In the...

4.8CVSS5.6AI score0.0021EPSS
Exploits0References93
AstraLinux
AstraLinuxadded 2026/06/02 3:27 p.m.6 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: crypto: authencesn – Rejects AADs that are too short assoclen 8 to match the ESP/ESN specification. authencesn assumes that the AAD is in the ESP/ESN format. When the length of assoclen is shorter than the minimum expected length...

5.5CVSS5.7AI score0.00123EPSS
Exploits0References3
EUVD
EUVDadded 2025/10/07 12:30 a.m.5 views

EUVD-2016-3543

Malware in sbrugna...

7.6CVSS7.2AI score0.00455EPSS
Exploits0References4
EUVD
EUVDadded 2025/10/03 8:7 p.m.4 views

EUVD-2022-2037

Malicious code in bioql PyPI...

7.5CVSS7.7AI score0.00888EPSS
Exploits0References6
BDU FSTEC
BDU FSTECadded 2022/04/01 12:0 a.m.6 views

The vulnerability of the AES GCM encryption function of the authentication and authorization module for the Apache 2.x HTTP server Mod_auth_openidc allows a perpetrator to access confidential data.

The vulnerability of the AES GCM module’s authentication and authorization function for the Apache 2.x HTTP server Modauthopenidc is related to the use of static IVs and AADs. Exploiting this vulnerability allows a malicious actor to gain access to confidential data...

5.9CVSS6.5AI score0.01503EPSS
Exploits0References7Affected Software3
CNNVD
CNNVDadded 2021/07/26 12:0 a.m.2 views

mod_auth_openidc 安全特征问题漏洞

modauthopenidc is a software application. It is an authentication/authorization module for the Apache 2.x HTTP server that is used as an OpenID Connect dependency to authenticate users against the OpenID Connect provider. A security vulnerability exists in Zmartzone modauthopenidc that stems from...

5.9CVSS6.5AI score0.01503EPSS
Exploits0References12
NVD
NVDadded 2016/05/09 10:59 a.m.17 views

CVE-2016-2461

OpenSSLCipher.java in Conscrypt in Android 6.x before 2016-05-01 mishandles resets of the Additional Authenticated Data AAD array, which allows attackers to spoof message authentication via unspecified vectors, aka internal bugs 27324690 and 27696681...

7.6CVSS6.9AI score0.00455EPSS
Exploits0References3
Rows per page
Query Builder