CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 6 days ago•6 views

CVE-2026-36606

CVE-2026-36606 affects Mercusys AC12G (EU) V1 router running firmware AC12G(EU)_V1_200909. The vulnerability stems from encrypting configuration backups with a hardcoded DES key using single DES in ECB mode. An attacker who gains a backup file can decrypt it to recover all stored credentials, inc...

7.1CVSS5.8AI score0.00011EPSS

Positive Technologies•added 6 days ago•9 views

PT-2026-45994

Mercusys AC12G EU V1 router with firmware AC12GEU V1 200909 encrypts configuration backups with a hardcoded DES key using single DES in ECB mode. An attacker who obtains a backup file can decrypt it to recover all stored credentials including admin password, WiFi PSK, and DDNS credentials...

7.1CVSS5.8AI score0.00011EPSS

Exploits0References2

Cvelist•added 6 days ago•34 views

CVE-2026-36606

Mercusys AC12G EU V1 router with firmware AC12GEUV1200909 encrypts configuration backups with a hardcoded DES key using single DES in ECB mode. An attacker who obtains a backup file can decrypt it to recover all stored credentials including admin password, WiFi PSK, and DDNS credentials...

0.00011EPSS

AstraLinux•added 2026/05/20 5:53 a.m.•2 views

Astra Linux - уязвимость в openssl

AES OCB mode for 32-bit x86 platforms, using the AES-NI assembly-optimized implementation, may not encrypt all of the data under certain circumstances. This could reveal sixteen bytes of data that were already present in the memory but were not written. In the special case of “in-place” encryptio...

5.3CVSS6.7AI score0.00509EPSS

Exploits0References2

OSV•added 2026/04/27 6:33 p.m.•3 views

JLSEC-2026-230 AES OCB fails to encrypt some bytes

AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of "in place" encryption...

5.3CVSS6.5AI score0.00509EPSS

Exploits0References27

Vulnrichment•added 2026/04/07 6:22 p.m.•0 views

CVE-2026-39349 OrangeHRM Uses AES-ECB for Sensitive Data Encryption Enables Pattern Disclosure

2.1CVSS5.9AI score0.00016EPSS

CNNVD•added 2026/04/07 12:0 a.m.•4 views

OrangeHRM 加密问题漏洞

OrangeHRM is a human resources management system developed by the American company OrangeHRM. This system supports functions such as personnel information management, leave management, attendance management, and recruitment management. Versions of OrangeHRM prior to 5.8 contained a security...

2.7CVSS5.8AI score0.00016EPSS

OSV•added 2026/03/20 2:24 p.m.•3 views

OESA-2026-1663 edk2 security update

EDK II is a modern, feature-rich, cross-platform firmware development environment for the UEFI and PI specifications. Security Fixes: Issue summary: When using the low-level OCB API directly with AES-NI orbrother hardware-accelerated code paths, inputs whose length is not a multiplebrof 16 bytes...

4CVSS5.8AI score0.00009EPSS

Exploits1References2

OSV•added 2026/02/09 8:15 p.m.•4 views

CLSA-2026-1770668132 openssl: Fix of 2 CVEs

CVE-2025-69418: fix OCB AES-NI/HW stream path leaving trailing bytes unauthenticated/unencrypted by advancing pointers after stream processing - CVE-2025-69420: fix missing ASN1TYPE validation in TSRESPverifyresponse for signing certificate attributes...

7.5CVSS7.2AI score0.01131EPSS

OSV•added 2026/02/09 8:2 p.m.•6 views

CLSA-2026-1770667352 openssl: Fix of 3 CVEs

7.5CVSS5.8AI score0.01131EPSS

RedHat Linux•added 2026/01/28 10:8 a.m.•3 views

openssl: OpenSSL: Information disclosure and data tampering via specific low-level OCB encryption/decryption calls

A flaw was found in OpenSSL. When applications directly call the low-level CRYPTOocb128encrypt or CRYPTOocb128decrypt functions with non-block-aligned lengths in a single call on hardware-accelerated builds, the trailing 1-15 bytes of a message may be exposed in cleartext. These exposed bytes are...

OSV•added 2026/01/27 4:16 p.m.•5 views

Exploits1References4

CVE-2025-69418

Issue summary: When using the low-level OCB API directly with AES-NI orother hardware-accelerated code paths, inputs whose length is not a multipleof 16 bytes can leave the final partial block unencrypted and unauthenticated.Impact summary: The trailing 1-15 bytes of a message may be exposed...

4CVSS5.7AI score

Exploits0References6

OSV•added 2026/01/27 4:16 p.m.•2 views

ALPINE-CVE-2025-69418

OSV•added 2026/01/27 4:16 p.m.•2 views

AZL-75899 CVE-2025-69418 affecting package edk2 for versions less than 20240524git3e722403cd16-14

4CVSS7AI score0.00009EPSS

AlpineLinux•added 2026/01/27 4:1 p.m.•2 views

CVE-2025-69418

CVE•added 2026/01/27 4:1 p.m.•39 views

Exploits1

CVE-2025-69418

CVE-2025-69418 affects OpenSSL when using the low-level OCB API (CRYPTO_ocb128_encrypt/decrypt) with non-block-aligned lengths on hardware-accelerated builds. The trailing 1–15 bytes of a message may be left unencrypted and unauthenticated, exposing or tampering with data. The issue does not affe...

Exploits1References7Affected Software1

UbuntuCve•added 2026/01/27 12:0 a.m.•4 views

CVE-2025-69418

4CVSS6.3AI score0.00009EPSS

Exploits1References3

Tenable Nessus•added 2026/01/27 12:0 a.m.•4 views

Linux Distros Unpatched Vulnerability : CVE-2025-69418

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Issue summary: When using the low-level OCB API directly with AES-NI orother hardware-accelerated code paths, inputs whose length is not a multipleof 16 bytes c...

4CVSS6.4AI score0.00009EPSS

Exploits1References3

RedhatCVE•added 2025/12/13 3:58 p.m.•2 views

CVE-2025-54981

Weak Encryption Algorithm in StreamPark, The use of an AES cipher in ECB mode and a weak random number generator for encrypting sensitive data, including JWT tokens, may have risked exposing sensitive authentication data This issue affects Apache StreamPark: from 2.0.0 before 2.1.7. Users are...

7.5CVSS7AI score0.00025EPSS