Lucene search
K

205 matches found

Tenable Nessus
Tenable Nessus
added 2026/07/06 12:0 a.m.10 views

Debian dla-4669 : libapache2-mod-php8.2 - security update

The remote Debian 12 host has packages installed that are affected by a vulnerability as referenced in the dla-4669 advisory. - ----------------------------------------------------------------------- Debian LTS Advisory DLA-4669-1 [email protected] https://www.debian.org/lts/security/...

5.6CVSS6.2AI score0.00306EPSS
Exploits0References4
Debian
Debian
added 2026/07/04 2:23 p.m.7 views

[SECURITY] [DLA 4669-1] php8.2 security update

----------------------------------------------------------------------- Debian LTS Advisory DLA-4669-1 [email protected] https://www.debian.org/lts/security/ Utkarsh Gupta July 04, 2026 https://wiki.debian.org/LTS - -----------------------------------------------------------------------...

5.6CVSS6.1AI score0.00306EPSS
Exploits0
Debian
Debian
added 2026/07/04 12:44 p.m.6 views

[SECURITY] [DSA 6377-1] php8.4 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6377-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff July 04, 2026 https://www.debian.org/security/faq -...

5.6CVSS6.1AI score0.00306EPSS
Exploits0
EUVD
EUVD
added 2026/06/23 1:48 p.m.7 views

EUVD-2026-38453

NetComm NF20MESH routers running firmware R6B031 and earlier contain an authentication bypass vulnerability that allows unauthenticated attackers to gain administrative access by exploiting a hardcoded AES-256 key used to encrypt session cookies for the web management interface. Attackers can for...

9.2CVSS5.9AI score0.00431EPSS
Exploits0References4
CVE
CVE
added 2026/06/23 1:48 p.m.33 views

CVE-2026-35019

NetComm NF20MESH routers with firmware R6B031 and earlier are affected by an authentication bypass in the web management interface. The root cause is a hardcoded AES-256 key used to encrypt session cookies; an attacker can forge a valid encrypted cookie with the shared key to bypass authenticatio...

9.2CVSS5.9AI score0.00431EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/03 6:13 p.m.9 views

CVE-2026-8881 CVE-2026-8881

Version 3.0.7 of the Securly Chrome Extension uses EVPBytesToKey key derivation with MD5 and a single iteration for AES encryption. MD5 has been broken since 2004 and a single iteration provides no key stretching...

5.7AI score0.00163EPSS
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/22 6:27 a.m.12 views

Malicious code in qaq-core-util-v2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 41cf368bbc06ee2a9e0d2a9b2030d7604a41af7ed5fed253d48a0d9ff41f92f6 lib/memcached.js exports getCacheRedis, getCacheDataRedis, and setCacheRedis. Each function's signature accepts a cachedUrl parameter, but the...

5.8AI score
Exploits0References1
OSV
OSV
added 2026/05/22 6:27 a.m.8 views

MAL-2026-4653 Malicious code in qaq-core-util-v2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 41cf368bbc06ee2a9e0d2a9b2030d7604a41af7ed5fed253d48a0d9ff41f92f6 lib/memcached.js exports getCacheRedis, getCacheDataRedis, and setCacheRedis. Each function's signature accepts a cachedUrl parameter, but the...

5.8AI score
Exploits0References1
OSV
OSV
added 2026/05/19 7:50 p.m.7 views

GHSA-PHQJ-4MHP-Q6MQ rust-openssl: Potential out-of-bounds write in `CipherCtxRef::cipher_update_inplace` for AES-KW-PAD ciphers

CipherCtxRef::cipherupdateinplace incorrectly sized output buffers when used with AES key-wrap-with-padding ciphers EVPaes128,192,256wrappad. For a non-multiple-of-8 input, OpenSSL writes up to 7 bytes past the end of the caller's buffer or Vec, producing attacker-controllable heap corruption whe...

5.1CVSS5.8AI score0.00019EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/19 12:0 a.m.15 views

PT-2026-42029

Name of the Vulnerable Software and Affected Versions OpenSSL affected versions not specified Description The CipherCtxRef::cipher update inplace function incorrectly sizes output buffers when utilizing AES key-wrap-with-padding ciphers, specifically EVP aes 128 wrap pad, EVP aes 192 wrap pad, an...

5.1CVSS6AI score0.00019EPSS
Exploits0References53
NVD
NVD
added 2026/05/14 9:16 p.m.12 views

CVE-2026-44662

rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.10.0 to before 0.10.79, CipherCtxRef::cipherupdate, CipherCtxRef::cipherupdatevec, and symm::Crypter::update incorrectly sized output buffers when used with AES key-wrap-with-padding ciphers EVPaes128,192,256wrappad...

5.1CVSS0.00172EPSS
Exploits0References1
CVE
CVE
added 2026/05/14 8:18 p.m.21 views

CVE-2026-44662

CVE-2026-44662 affects rust-openssl bindings (Rust) from 0.10.0 up to 0.10.79. CipherCtxRef::cipher_update, CipherCtxRef::cipher_update_vec, and symm::Crypter::update mis-sized outputs when used with AES key-wrap-with-padding ciphers (EVP_aes_{128,192,256}_wrap_pad). For non-multiple-of-8 input, ...

5.1CVSS5.8AI score0.00172EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/14 8:18 p.m.59 views

CVE-2026-44662 rust-openssl: Heap buffer overflow when encrypting with AES key-wrap-with-padding

rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.10.0 to before 0.10.79, CipherCtxRef::cipherupdate, CipherCtxRef::cipherupdatevec, and symm::Crypter::update incorrectly sized output buffers when used with AES key-wrap-with-padding ciphers EVPaes128,192,256wrappad...

5.1CVSS0.00172EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2026/05/07 9:12 p.m.102 views

Exploit for Missing Authentication for Critical Function in Nginxui Nginx_Ui

HTB-Snapped-Writeup HTB Snapped — Hard Linux machine writeup...

9.8CVSS7AI score0.22162EPSS
Exploits18
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.14 views

MAXHUB Pivot client application 加密问题漏洞

The MAXHUB Pivot client application is a client component of the MAXHUB company’s device management platform. Versions of the MAXHUB Pivot client application prior to 1.36.2 contained an encryption vulnerability. This vulnerability stemmed from the hardcoded AES key within the application. It cou...

7.3CVSS5.8AI score0.00159EPSS
Exploits0References1
OSV
OSV
added 2026/04/24 5:18 p.m.1 views

CVE-2026-41678 rust-openssl: Incorrect bounds assertion in aes key wrap

rust-openssl provides OpenSSL bindings for the Rust programming language. From to before 0.10.78, aes::unwrapkey contains an incorrect assertion: it checks that out.len + 8 = in.len - 8, ensuring the output buffer is large enough. Because of the inverted check, the function only accepts buffers a...

9.2CVSS6.1AI score0.00294EPSS
Exploits0References3
CVE
CVE
added 2026/04/24 5:18 p.m.29 views

CVE-2026-41678

CVE-2026-41678 affects rust-openssl bindings. The aes::unwrap_key() function contains an inverted assertion (out.len() + 8 = in_.len() - 8, allowing potential out-of-bounds writes when buffers are smaller than required. This vulnerability is limited to versions before 0.10.78; 0.10.78 fixes the i...

9.8CVSS5.5AI score0.00294EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/04/24 5:18 p.m.38 views

CVE-2026-41678 rust-openssl: Incorrect bounds assertion in aes key wrap

rust-openssl provides OpenSSL bindings for the Rust programming language. From to before 0.10.78, aes::unwrapkey contains an incorrect assertion: it checks that out.len + 8 = in.len - 8, ensuring the output buffer is large enough. Because of the inverted check, the function only accepts buffers a...

9.2CVSS0.00294EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/24 5:18 p.m.8 views

CVE-2026-41678 rust-openssl: Incorrect bounds assertion in aes key wrap

rust-openssl provides OpenSSL bindings for the Rust programming language. From to before 0.10.78, aes::unwrapkey contains an incorrect assertion: it checks that out.len + 8 = in.len - 8, ensuring the output buffer is large enough. Because of the inverted check, the function only accepts buffers a...

9.2CVSS5.5AI score0.00294EPSS
Exploits0References1
NVD
NVD
added 2026/03/19 6:16 p.m.11 views

CVE-2025-67112

Use of a hard-coded AES-256-CBC key in the configuration backup/restore implementation of Small Cell Sercomm SCE4255W FreedomFi Englewood firmware before DG3934v3@2308041842 allows remote authenticated users to decrypt, modify, and re-encrypt device configurations, enabling credential manipulatio...

9.8CVSS0.00401EPSS
Exploits0References3
Rows per page
Query Builder