CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added 2026/05/06 11:28 a.m.•27 views

CVE-2026-43254 ovpn: tcp - fix packet extraction from stream

7.5CVSS0.00054EPSS

SUSE CVE•added 2026/05/06 1:41 a.m.•2 views

SUSE CVE-2026-43033

In the Linux kernel, the following vulnerability has been resolved: crypto: authencesn - Do not place hiseq at end of dst for out-of-place decryption When decrypting data that is not in-place src != dst, there is no need to save the high-order sequence bits in dst as it could simply be re-copied...

7.8CVSS5.7AI score0.00015EPSS

OSV•added 2026/05/05 10:28 a.m.•6 views

CLSA-2026-1777976917 openssh: Fix of CVE-2026-35385

CVE-2026-35385: when downloading files as root in legacy -O mode and without the -p preserve modes flag, scp1 did not clear setuid/setgid bits from downloaded files. Backport upstream commit 487e8ac1 to mask out the setuid/setgid bits in this case...

OSV•added 2026/05/05 12:38 a.m.•4 views

CLSA-2026-1777941528 openssh: Fix of CVE-2026-35385

CVE-2026-35385: fix scp legacy protocol receiver to clear setuid/setgid bits from downloaded files when -p preserve mode is not set...

AstraLinux•added 2026/05/03 11:59 p.m.•2 views

Astra Linux – Vulnerability in Firefox

When parsing internationalized domain names, the high bits of the characters in the URLs were sometimes removed, resulting in inconsistencies that could cause confusion for users or lead to attacks like phishing. This vulnerability affects Firefox versions earlier than 94...

4.3CVSS4.9AI score0.00186EPSS

Exploits0References2

AstraLinux•added 2026/05/03 11:59 p.m.•1 views

Astra Linux – Vulnerability in p7zip

7-Zip 22.01 does not report an error for certain invalid xz files that involve stream flags and reserved bits. Some later versions are unaffected...

3.3CVSS5.3AI score0.00119EPSS

Exploits1References2

Tenable Nessus•added 2026/05/02 12:0 a.m.•4 views

Linux Distros Unpatched Vulnerability : CVE-2026-43033

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - crypto: authencesn - Do not place hiseq at end of dst for out-of-place decryption When decrypting data that is not in-place src != dst, there is no need to save...

7.8CVSS5.4AI score0.00015EPSS

RedhatCVE•added 2026/05/01 5:40 p.m.•2 views

CVE-2026-43033

A flaw was found in the Linux kernel's authencesn cryptographic module. When performing out-of-place decryption where source and destination data buffers are different, the system incorrectly handles high-order sequence bits. This leads to improper data rearrangement before hashing, which could...

7.8CVSS5.8AI score0.00015EPSS

Exploits0References4

ATTACKERKB•added 2026/05/01 2:15 p.m.•1 views

CVE-2026-43033

5.7AI score0.00015EPSS

Exploits0References9Affected Software1

EUVD•added 2026/05/01 2:15 p.m.•3 views

EUVD-2026-26632

5.7AI score0.00015EPSS

Exploits0References8

Cvelist•added 2026/05/01 1:56 p.m.•31 views

CVE-2026-31710 smb: client: fix dir separator in SMB1 UNIX mounts

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix dir separator in SMB1 UNIX mounts When calling cifsmountgettcon with SMB1 UNIX mounts, @cifssb-mntcifsflags needs to be read or updated only after calling resetcifsunixcaps, otherwise it might end up with missing...

0.00017EPSS

Exploits0References2

CNNVD•added 2026/05/01 12:0 a.m.•6 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the crypto authencesn module failing to save the high sequence bits in dst when decrypting out-of-place,...

7.8CVSS5.8AI score0.00015EPSS

OSV•added 2026/04/30 9:57 p.m.•4 views

CLSA-2026-1777586245 Fix CVE(s): CVE-2026-35385

SECURITY UPDATE: scp1 downloading as root in legacy mode without -p did not clear setuid/setgid bits on downloaded files. - debian/patches/CVE-2026-35385.patch: clear setuid/setgid bits from umask in sink when -p is not set - CVE-2026-35385...

OSV•added 2026/04/30 4:52 p.m.•4 views

CLSA-2026-1777567965 openssh: Fix of CVE-2026-35385

OSV•added 2026/04/30 1:41 p.m.•4 views

CLSA-2026-1777556512 Fix CVE(s): CVE-2026-35385

SECURITY UPDATE: setuid/setgid bits preserved on scp downloads without -p - debian/patches/CVE-2026-35385.patch: in legacy -O mode, OR 07000 into the saved umask in sink in scp.c so that setuid/setgid/sticky bits are stripped from received files when -p is not specified. - CVE-2026-35385...

OSV•added 2026/04/30 11:1 a.m.•5 views

CLSA-2026-1777546896 openssh: Fix of CVE-2026-35385

RedHat Linux•added 2026/04/30 10:22 a.m.•5 views

cryptography: cryptography Subgroup Attack Due to Missing Subgroup Validation for SECT Curves

A validation flaw has been discovered in the python cryptography package. This missing validation allows an attacker to provide a public key point P from a small-order subgroup. This can lead to security issues in various situations, such as the most commonly used signature verification ECDSA and...

8.2CVSS8.5AI score0.00011EPSS

Exploits0References6

OSV•added 2026/04/30 9:54 a.m.•4 views

CLSA-2026-1777542837 Fix CVE(s): CVE-2026-35385

SECURITY UPDATE: scp setuid/setgid bit handling - debian/patches/CVE-2026-35385.patch: when downloading files as root in legacy -O mode and without the -p preserve modes flag, mask out setuid/setgid bits in scp1 sink. - CVE-2026-35385...