Lucene search
K

1337 matches found

NVD
NVD
added last week10 views

CVE-2026-14969

A flaw was found in 389-ds-base where the LDBM backend attribute encryption uses a hardcoded static initialization vector for AES-CBC and 3DES-CBC operations, allowing an attacker with privileged filesystem access to detect plaintext equality across encrypted entries by comparing ciphertext block...

4.4CVSS0.00077EPSS
Exploits0References2
CVE
CVE
added last week9 views

CVE-2026-14969

The CVE-2026-14969 entry concerns 389-ds-base. The LDBM backend attribute encryption uses a hardcoded static initialization vector for AES-CBC and 3DES-CBC, enabling a privileged attacker with filesystem access to detect plaintext equality across encrypted entries by ciphertext block comparison. ...

4.4CVSS5.9AI score0.00077EPSS
Exploits0References2Affected Software3
OSV
OSV
added 2026/06/30 11:39 p.m.5 views

BIT-ENVOY-2026-47775 Envoy OAuth2 Filter: Padding Oracle via AES-256-CBC Cookie Decryption

Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to 1.35.11, 1.36.7, 1.37.3, and 1.38.1, the OAuth2 HTTP filter's encrypt/decrypt functions use AES-256-CBC without an authentication tag no HMAC, no AEAD. The /callback endpoint returns HTTP 302 on...

6.8CVSS5.8AI score0.00219EPSS
Exploits1References2
OSV
OSV
added 2026/06/29 9:16 p.m.6 views

UBUNTU-CVE-2026-13758

CryptX versions before 0.088001 for Perl compare AEAD authentication tags in non-constant time in the streaming decryptdone path. The decryptdone$tag form compares it against the computed tag with memNE memcmp != 0, which short-circuits on the first differing byte, so its run time depends on the...

3.7CVSS5.8AI score0.00295EPSS
Exploits0References6
GithubExploit
GithubExploit
added 2026/06/28 7:5 a.m.68 views

Exploit for Generation of Predictable IV with CBC Mode in Redhat Enterprise_Linux

C...

4.3CVSS6.7AI score0.99999EPSS
Exploits7
Cvelist
Cvelist
added 2026/06/26 5:23 p.m.35 views

CVE-2026-47775 Envoy OAuth2 Filter: Padding Oracle via AES-256-CBC Cookie Decryption

Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to 1.35.11, 1.36.7, 1.37.3, and 1.38.1, the OAuth2 HTTP filter's encrypt/decrypt functions use AES-256-CBC without an authentication tag no HMAC, no AEAD. The /callback endpoint returns HTTP 302 on...

6.8CVSS0.00219EPSS
Exploits1References1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/18 7:42 p.m.65 views

Security Bulletin: Securing your products against OpenSSL and TLS vulnerabilities

Question Security Bulletin: Securing your products against OpenSSL and TLS vulnerabilities "Business Unit":"code":"BU059","label":"IBM Software w/o TPS","Product":"code":"SS8NDZ","label":"IBM Aspera","Component":"","Platform":"code":"PF025","label":"Platform Independent","Version":"All...

5.4AI score
Exploits0Affected Software1
EUVD
EUVD
added 2026/06/05 10:18 a.m.10 views

EUVD-2026-34811

The linqi application contains hardcoded cryptographic keys. Additionally, the application uses a weak algorithm with a limited ASCII charset to dynamically generate Initialization Vectors IVs for AES/CBC encryption, making known-plaintext attacks feasible. An attacker with local access can...

8.5CVSS5.5AI score0.00073EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/05 10:18 a.m.6 views

CVE-2026-11347

The linqi application contains hardcoded cryptographic keys. Additionally, the application uses a weak algorithm with a limited ASCII charset to dynamically generate Initialization Vectors IVs for AES/CBC encryption, making known-plaintext attacks feasible. An attacker with local access can...

8.5CVSS5.5AI score0.00073EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/28 5:17 p.m.12 views

CVE-2026-45787 electerm's encrypt method not safe enough

electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. Prior to 3.9.5, deterministic AES-192-CBC with a fixed zero IV, constant KDF salt, and no MAC leads to confidentiality and integrity failures for synced bookmark/profile data. Attackers can crack common...

6CVSS5.8AI score0.00105EPSS
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/24 4:4 p.m.18 views

Malicious code in class-blend (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d3876854a76bda6892f76b9b44c67e066bfc6315a7e3d27431137727ff0ee728 The package advertises itself as a clsx/twMerge-style class-name merging utility, but the exported applyGlobalStylespalette, accents function contain...

5.9AI score
Exploits0References4
GithubExploit
GithubExploit
added 2026/05/21 7:36 a.m.91 views

Exploit for Incorrect Resource Transfer Between Spheres in Linux Linux_Kernel

copy-fail CVE-2026-31431 Copy Fail – a C language PoC,...

7.8CVSS7.4AI score0.96267EPSS
Exploits230
OSV
OSV
added 2026/05/07 4:17 p.m.11 views

JLSEC-2026-463 Mbed TLS timing side channel in RSA and CBC/ECB decryption

In Mbed TLS through 4.0.0, there is a compiler-induced timing side channel in RSA and CBC/ECB decryption that only occurs with LLVM's select-optimize feature. TF-PSA-Crypto through 1.0.0 is also affected...

5.1CVSS5.8AI score0.0027EPSS
Exploits0References4
ICS
ICS
added 2026/04/29 2:27 p.m.6 views

TP-Link WR841N Router multiple vulnerabilities

RISK EVALUATION Multiple TP-Link products TP-Link Archer C20 V5, Archer C20 6.0, Archer AX53 v1.0 and TL-WR841N v13 are affected by multiple vulnerabilities. The most severe of these vulnerabilities could allow an adjacent, unauthenticated attacker to execute administrative commands. 2...

8.8CVSS5.7AI score0.00401EPSS
Exploits0References1
CVE
CVE
added 2026/04/27 2:21 p.m.46 views

CVE-2026-40514

SmarterTools SmarterMail builds prior to 9610 are affected by a cryptographic weakness in file and email sharing endpoints. DES-CBC is used with keys and IVs derived from System.Random seeded with insufficient entropy, reducing the seed space to about 19,000 values. An unauthenticated attacker ca...

9.1CVSS5.5AI score0.00155EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/27 2:21 p.m.4 views

CVE-2026-40514 SmarterTools SmarterMail < Build 9610 Cryptographic Weakness via Weak RNG

SmarterTools SmarterMail builds prior to 9610 contain a cryptographic weakness in the file and email sharing endpoints that use DES-CBC encryption with keys and initialization vectors derived from System.Random seeded with insufficient entropy, reducing the seed space to approximately 19,000...

8.2CVSS5.5AI score0.00155EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/27 12:0 a.m.12 views

PT-2026-35434

Name of the Vulnerable Software and Affected Versions SmarterTools SmarterMail versions prior to 9610 Description A cryptographic weakness exists in the file and email sharing endpoints. These endpoints utilize DES-CBC encryption with keys and initialization vectors derived from System.Random...

9.1CVSS5.5AI score0.00155EPSS
Exploits0References7
NVD
NVD
added 2026/04/23 6:16 p.m.4 views

CVE-2026-5039

TP-Link TL-WR841N v13 uses DES-CBC encryption in the TDDPv2 debug protocol with a cryptographic key derived from default web management credentials, making the key predictable if device is left in default configuration. A network-adjacent attacker can exploit this weakness to gain unauthorized...

8.8CVSS0.0013EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/23 4:10 p.m.4 views

CVE-2026-5039

TP-Link TL-WR841N v13 uses DES-CBC encryption in the TDDPv2 debug protocol with a cryptographic key derived from default web management credentials, making the key predictable if device is left in default configuration. A network-adjacent attacker can exploit this weakness to gain unauthorized...

6.1CVSS5.7AI score0.0013EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/23 12:0 a.m.10 views

TP-Link TL-WR841N 安全漏洞

The TP-Link TL-WR841N is a router produced by the TP-Link company. The TP-Link TL-WR841N v13 version has a security vulnerability. This vulnerability stems from the use of DES-CBC encryption in the TDDPv2 debugging protocol, where the key is predictable. This could allow unauthorized attackers to...

8.8CVSS5.8AI score0.0013EPSS
Exploits0References2
Rows per page
Query Builder