CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

941 matches found

OSV•added 2025/10/29 11:16 p.m.•4 views

CVE-2025-58188

Validating certificate chains which contain DSA public keys can cause programs to panic, due to a interface cast that assumes they implement the Equal method. This affects programs which validate arbitrary certificate chains...

7.5CVSS6AI score

Exploits0References5

OSV•added 2025/10/29 11:16 p.m.•5 views

AZL-69275 CVE-2025-58188 affecting package golang 1.26.0-1

7.5CVSS7.1AI score0.00344EPSS

Exploits0References1

NVD•added 2025/10/29 11:16 p.m.•5 views

CVE-2025-58187

Due to the design of the name constraint checking algorithm, the processing time of some inputs scale non-linearly with respect to the size of the certificate. This affects programs which validate arbitrary certificate chains...

7.5CVSS0.00366EPSS

Exploits0References5

NVD•added 2025/10/29 11:16 p.m.•4 views

CVE-2025-58188

7.5CVSS0.00344EPSS

Exploits0References5

OSV•added 2025/10/29 11:16 p.m.•2 views

CVE-2025-58187

7.5CVSS6AI score

Exploits0References5

Cvelist•added 2025/10/29 10:10 p.m.•6 views

CVE-2025-58188 Panic when validating certificates with DSA public keys in crypto/x509

0.00344EPSS

Exploits0References4

CVE•added 2025/10/29 10:10 p.m.•36 views

CVE-2025-58188

CVE-2025-58188 (panic on validating certificate chains with DSA keys) is confirmed in an F5 advisory tied to BIG-IP Next for Kubernetes. Affected component set includes TMM, f5-dwbld, and f5-downloader; the root cause is a cast assuming an Equal method when validating certificate chains containin...

7.5CVSS6.6AI score0.00344EPSS

Exploits0References5Affected Software1

CVE•added 2025/10/29 10:10 p.m.•42 views

CVE-2025-58187

The CVE 2025-58187-name constraints issue is disclosed in F5 advisory for BIG-IP Next for Kubernetes, with a root cause in the crypto/x509 name-contraint check logic that leads to non-linear (quadratic) processing times on some certificates, causing potential DoS via excessive CPU usage. Affected...

7.5CVSS6.3AI score0.00366EPSS

Exploits0References5Affected Software1

Snyk•added 2025/10/29 9:50 p.m.•3 views

Uncaught Exception

Overview std/crypto/x509 is a Go standard library package std/crypto/x509 Affected versions of this package are vulnerable to Uncaught Exception. Go Vulnerability Report: Validating certificate chains which contain DSA public keys can cause programs to panic, due to a interface cast that assumes...

8.7CVSS6.9AI score0.00344EPSS

Exploits0References3

OSV•added 2025/10/27 3:15 p.m.•5 views

CVE-2025-34292

Rox, the software running BeWelcome, contains a PHP object injection vulnerability resulting from deserialization of untrusted data. User-controlled input is passed to PHP's unserialize: the POST parameter formkitmemoryrecovery in \RoxPostHandler::getCallbackAction and the 'memory cookie' read by...

9.4CVSS8.3AI score

Exploits0References4

Packet Storm News•added 2025/10/21 12:0 a.m.•3 views

Cyberattack Detection in Critical Infrastructure and Supply Chains

Cyberattack detection in Critical Infrastructure and Supply Chains has become challenging in Industry 4.0. Intrusion Detection Systems IDS are deployed to counter the cyberattacks. However, an IDS effectively detects attacks based on the known signatures and patterns, Zero-day attacks go...

6.7AI score

Exploits0