Lucene search
K

43672 matches found

RedHat Linux
RedHat Linux
added 2026/01/28 3:32 p.m.13 views

openssl: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing

A flaw was found in OpenSSL. A remote attacker can exploit a stack buffer overflow vulnerability by supplying a crafted Cryptographic Message Syntax CMS message with an oversized Initialization Vector IV when parsing AuthEnvelopedData structures that use Authenticated Encryption with Associated...

8.8CVSS6.3AI score0.47621EPSS
Exploits7References4
GithubExploit
GithubExploit
added 2026/01/28 12:44 p.m.592 views

Exploit for CVE-2025-15467

CVE-2025-15467 Stack buffer overflow in OpenSSL CMS AuthEnvel...

6.3AI score0.47621EPSS
Exploits7
RedHat Linux
RedHat Linux
added 2026/01/28 10:8 a.m.3 views

openssl: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing

A flaw was found in OpenSSL. A remote attacker can exploit a stack buffer overflow vulnerability by supplying a crafted Cryptographic Message Syntax CMS message with an oversized Initialization Vector IV when parsing AuthEnvelopedData structures that use Authenticated Encryption with Associated...

8.8CVSS6.3AI score0.47621EPSS
Exploits7References4
OSV
OSV
added 2026/01/28 9:36 a.m.4 views

SUSE-SU-2026:0309-1 Security update for openssl-3

This update for openssl-3 fixes the following issues: - CVE-2025-15467: Stack buffer overflow in CMS AuthEnvelopedData parsing bsc1256830. - CVE-2025-68160: Heap out-of-bounds write in BIOflinebuffer on short writes bsc1256834. - CVE-2025-69418: Unauthenticated/unencrypted trailing bytes with...

9.8CVSS6.1AI score0.47621EPSS
Exploits7References17
RedHat Linux
RedHat Linux
added 2026/01/28 9:21 a.m.2 views

openssl: Out-of-bounds read & write in RFC 3211 KEK Unwrap

A flaw was found in the OpenSSL CMS implementation RFC 3211 KEK Unwrap. This vulnerability allows memory corruption, an application level denial of service, or potential execution of attacker-supplied code via crafted CMS messages using password-based encryption PWRI...

7.5CVSS6AI score0.01744EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/01/28 9:6 a.m.24 views

openssl: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing

A flaw was found in OpenSSL. A remote attacker can exploit a stack buffer overflow vulnerability by supplying a crafted Cryptographic Message Syntax CMS message with an oversized Initialization Vector IV when parsing AuthEnvelopedData structures that use Authenticated Encryption with Associated...

8.8CVSS6.3AI score0.47621EPSS
Exploits7References4
Tenable Nessus
Tenable Nessus
added 2026/01/28 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-24881

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In GnuPG before 2.5.17, a crafted CMS S/MIME EnvelopedData message carrying an oversized wrapped session key can cause a stack-based buffer overflow in gpg-agen...

9.8CVSS6.5AI score0.01745EPSS
Exploits1References2
AlmaLinux
AlmaLinux
added 2026/01/28 12:0 a.m.19 views

Important: openssl security update

OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols, as well as a full-strength general-purpose cryptography library. Security Fixes: openssl: OpenSSL: Arbitrary code execution or denial of service through crafted PKCS12 file CVE-2025-11187...

9.8CVSS6.2AI score0.47621EPSS
Exploits7References26
ATTACKERKB
ATTACKERKB
added 2026/01/27 11:49 p.m.3 views

CVE-2026-24833

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to versions 9.13.10 and 10.2.0, a module could install with richtext in its description field which could contain scripts that will run for user in the Persona Bar. Versions 9.13.10 and...

7.6CVSS5.9AI score0.00174EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/01/27 11:34 p.m.6 views

CVE-2026-24134 StudioCMS has an Authorization Bypass Through User-Controlled Key

StudioCMS is a server-side-rendered, Astro native, headless content management system. Versions prior to 0.2.0 contain a Broken Object Level Authorization BOLA vulnerability in the Content Management feature that allows users with the "Visitor" role to access draft content created by...

6.5CVSS5.9AI score0.00295EPSS
Exploits2References5
Vulnrichment
Vulnrichment
added 2026/01/27 11:34 p.m.2 views

CVE-2026-24134 StudioCMS has an Authorization Bypass Through User-Controlled Key

StudioCMS is a server-side-rendered, Astro native, headless content management system. Versions prior to 0.2.0 contain a Broken Object Level Authorization BOLA vulnerability in the Content Management feature that allows users with the "Visitor" role to access draft content created by...

6.5CVSS5.9AI score0.00295EPSS
Exploits2References3
Cvelist
Cvelist
added 2026/01/27 11:34 p.m.32 views

CVE-2026-24134 StudioCMS has an Authorization Bypass Through User-Controlled Key

StudioCMS is a server-side-rendered, Astro native, headless content management system. Versions prior to 0.2.0 contain a Broken Object Level Authorization BOLA vulnerability in the Content Management feature that allows users with the "Visitor" role to access draft content created by...

6.5CVSS0.00295EPSS
Exploits2References3
NVD
NVD
added 2026/01/27 10:15 p.m.10 views

CVE-2026-24778

Ghost is an open source content management system. In Ghost versions 5.43.0 through 5.12.04 and 6.0.0 through 6.14.0, an attacker was able to craft a malicious link that, when accessed by an authenticated staff user or member, would execute JavaScript with the victim's permissions, potentially...

8.8CVSS0.00255EPSS
Exploits0References2
OSV
OSV
added 2026/01/27 9:57 p.m.6 views

CVE-2026-24778 Ghost vulnerable to XSS via malicious Portal preview links

Ghost is an open source content management system. In Ghost versions 5.43.0 through 5.12.04 and 6.0.0 through 6.14.0, an attacker was able to craft a malicious link that, when accessed by an authenticated staff user or member, would execute JavaScript with the victim's permissions, potentially...

8.8CVSS5.9AI score0.00255EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/01/27 8:54 p.m.4 views

CVE-2026-24736 Squidex has Server-Side Request Forgery (SSRF) Issue in Webhook Configuration

Squidex is an open source headless content management system and content management hub. Versions of the application up to and including 7.21.0 allow users to define "Webhooks" as actions within the Rules engine. The url parameter in the webhook configuration does not appear to validate or restri...

9.1CVSS6AI score0.0042EPSS
Exploits1References1
EUVD
EUVD
added 2026/01/27 8:54 p.m.5 views

EUVD-2026-4742

Squidex is an open source headless content management system and content management hub. Versions of the application up to and including 7.21.0 allow users to define "Webhooks" as actions within the Rules engine. The url parameter in the webhook configuration does not appear to validate or restri...

9.1CVSS6AI score0.0042EPSS
Exploits1References1
UbuntuCve
UbuntuCve
added 2026/01/27 7:16 p.m.3 views

CVE-2026-24881

In GnuPG before 2.5.17, a crafted CMS S/MIME EnvelopedData message carrying an oversized wrapped session key can cause a stack-based buffer overflow in gpg-agent during PKDECRYPT--kem=CMS handling. This can easily be leveraged for denial of service; however, there is also memory corruption that...

9.8CVSS6.4AI score0.01745EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/01/27 6:36 p.m.3 views

CVE-2026-24881

In GnuPG before 2.5.17, a crafted CMS S/MIME EnvelopedData message carrying an oversized wrapped session key can cause a stack-based buffer overflow in gpg-agent during PKDECRYPT--kem=CMS handling. This can easily be leveraged for denial of service; however, there is also memory corruption that...

8.1CVSS6.5AI score0.01745EPSS
Exploits1References3Affected Software1
Debian CVE
Debian CVE
added 2026/01/27 6:36 p.m.6 views

CVE-2026-24881

In GnuPG before 2.5.17, a crafted CMS S/MIME EnvelopedData message carrying an oversized wrapped session key can cause a stack-based buffer overflow in gpg-agent during PKDECRYPT--kem=CMS handling. This can easily be leveraged for denial of service; however, there is also memory corruption that...

9.8CVSS6.7AI score0.01745EPSS
Exploits1
Ubuntu
Ubuntu
added 2026/01/27 6:10 p.m.12 views

USN-7980-1: OpenSSL vulnerabilities

Stanislav Fort, Petr Šimeček, and Hamza discovered that OpenSSL incorrectly validated PBMAC1 parameters when doing PKCS12 MAC verification. An attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. This issue only affected Ubuntu 25.10. CVE-2025-11187...

9.8CVSS5.4AI score0.47621EPSS
Exploits7
Rows per page
Query Builder