CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

111 matches found

CVE•added 2026/06/09 4:3 p.m.•144 views

CVE-2026-45445

CVE-2026-45445 describes a vulnerability in AES-OCB when using OpenSSL EVP_Cipher() in one-shot mode: the application-supplied IV is ignored, causing every encrypted message under the same key to use the same effective nonce. This leads to key/nonce reuse and potential confidentiality loss, and, ...

7.5CVSS5.8AI score0.00332EPSS

Exploits0References6Affected Software1

Vulnrichment•added 2026/06/09 4:3 p.m.•9 views

CVE-2026-45445 AES-OCB IV Ignored on EVP_Cipher() Path

Issue summary: When an application drives an AES-OCB context through the public EVPCipher one-shot interface, the application-supplied initialisation vector IV is silently discarded. Impact summary: Every message encrypted under the same key uses the same effective nonce regardless of the IV...

5.8AI score0.00332EPSS

Exploits0References6

NVD•added 2026/05/28 4:16 p.m.•16 views

CVE-2026-41565

CryptX versions before 0.088001 for Perl have a stack buffer overflow in four AEAD decryptverify helpers. The gcmdecryptverify, ccmdecryptverify, chacha20poly1305decryptverify and eaxdecryptverify XS routines copied the caller-supplied authentication tag into a fixed 144-byte stack buffer...

7.5CVSS0.00494EPSS

Exploits0References4

ATTACKERKB•added 2026/05/28 2:13 p.m.•7 views

CVE-2026-41565

6.1AI score0.00494EPSS

Exploits0References4

OSV•added 2026/04/30 7:30 p.m.•3 views

JLSEC-2026-373

A security vulnerability has been detected in Cesanta Mongoose up to 7.20. This issue affects the function mgaesgcmdecrypt of the file /src/tlsaes128.c of the component GCM Authentication Tag Handler. Such manipulation leads to improper verification of cryptographic signature. The attack may be...

6.3CVSS4.6AI score0.00217EPSS

Exploits1References5

Cvelist•added 2026/04/25 4:30 p.m.•32 views

CVE-2026-6986 Cesanta Mongoose GCM Authentication Tag tls_aes128.c mg_aes_gcm_decrypt signature verification

6.3CVSS0.00217EPSS

Exploits1References5

RedhatCVE•added 2026/04/22 7:22 a.m.•4 views

CVE-2026-5479

In wolfSSL's EVP layer, the ChaCha20-Poly1305 AEAD decryption path in wolfSSLEVPCipherFinal and related EVP cipher finalization functions fails to verify the authentication tag before returning plaintext to the caller. When an application uses the EVP API to perform ChaCha20-Poly1305 decryption,...

8.1CVSS5.7AI score0.00152EPSS

Exploits0References1

OSV•added 2026/04/14 1:10 p.m.•7 views

JLSEC-2026-108 Deno's AES GCM authentication tags are not verified

Summary This affects AES-256-GCM and AES-128-GCM in Deno, introduced by commit 0d1beed. Specifically, the authentication tag is not being validated. This means tampered ciphertexts or incorrect keys might not be detected, which breaks the guarantees expected from AES-GCM. Older versions of Deno...

8.7CVSS5.7AI score0.0024EPSS

Exploits1References7

EUVD•added 2026/04/10 6:31 a.m.•4 views

EUVD-2026-21292

7.6CVSS5.9AI score0.00152EPSS

Exploits0References2

Snyk•added 2026/04/10 5:8 a.m.•4 views

Improper Validation of Integrity Check Value

Overview Affected versions of this package are vulnerable to Improper Validation of Integrity Check Value in the wolfSSLEVPCipherFinal process. An attacker can obtain unauthorized access to plaintext data by submitting ciphertext with a forged or incorrect authentication tag, as the tag is not...

8.1CVSS5.8AI score0.00152EPSS

Exploits0References2

NVD•added 2026/04/10 4:17 a.m.•1 views

CVE-2026-5479

8.1CVSS0.00152EPSS

Exploits0References1

OSV•added 2026/04/10 4:17 a.m.•1 views

DEBIAN-CVE-2026-5479

8.1CVSS5.3AI score0.00152EPSS

Exploits0References1

OSV•added 2026/04/10 4:17 a.m.•3 views

UBUNTU-CVE-2026-5479

8.1CVSS5.8AI score0.00152EPSS

Exploits0References3

ATTACKERKB•added 2026/04/10 2:38 a.m.•2 views

CVE-2026-5479

7.6CVSS5.9AI score0.00152EPSS

Exploits0References2

Vulnrichment•added 2026/04/10 2:38 a.m.•1 views

CVE-2026-5479 wolfSSL EVP ChaCha20-Poly1305 AEAD authentication tag

7.6CVSS5.8AI score0.00152EPSS

Exploits0References1

Cvelist•added 2026/04/10 2:38 a.m.•30 views

CVE-2026-5479 wolfSSL EVP ChaCha20-Poly1305 AEAD authentication tag

7.6CVSS0.00152EPSS

Exploits0References1

CVE•added 2026/04/10 2:38 a.m.•30 views

CVE-2026-5479

In wolfSSL, the ChaCha20-Poly1305 AEAD decryption path in the EVP layer (wolfSSL_EVP_CipherFinal and related finalization functions) fails to verify the authentication tag before returning plaintext. As a result, when using the EVP API to decrypt ChaCha20-Poly1305, the tag may be computed or acce...

8.1CVSS5.9AI score0.00152EPSS

Exploits0References1Affected Software1

AlpineLinux•added 2026/04/10 2:38 a.m.•3 views

CVE-2026-5479

8.1CVSS5.3AI score0.00152EPSS

Exploits0

Positive Technologies•added 2026/04/10 12:0 a.m.•2 views

PT-2026-31863

Name of the Vulnerable Software and Affected Versions wolfSSL affected versions not specified Description The software fails to verify the authentication tag during ChaCha20-Poly1305 AEAD decryption, potentially returning plaintext to the caller even with an invalid tag. This occurs in the EVP...

7.6CVSS5.8AI score0.00152EPSS

Exploits0References4

UbuntuCve•added 2026/04/10 12:0 a.m.•1 views

CVE-2026-5479

8.1CVSS5.8AI score0.00152EPSS

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by