CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

106 matches found

OSV•added 2026/02/09 8:15 p.m.•4 views

CLSA-2026-1770668132 openssl: Fix of 2 CVEs

CVE-2025-69418: fix OCB AES-NI/HW stream path leaving trailing bytes unauthenticated/unencrypted by advancing pointers after stream processing - CVE-2025-69420: fix missing ASN1TYPE validation in TSRESPverifyresponse for signing certificate attributes...

7.5CVSS7.2AI score0.01131EPSS

Exploits1References1

OSV•added 2026/02/09 8:2 p.m.•6 views

CLSA-2026-1770667352 openssl: Fix of 3 CVEs

7.5CVSS5.8AI score0.01131EPSS

Exploits1References1

CVE•added 2026/02/09 7:40 a.m.•12 views

CVE-2026-22906

CVE-2026-22906 involves credentials disclosure caused by AES-ECB encryption with a hardcoded key in a configuration file. An unauthenticated remote attacker that can obtain the config file can decrypt and recover plaintext usernames and passwords, with higher risk when combined with an authentica...

9.8CVSS5.6AI score0.00076EPSS

Exploits0References1

CNNVD•added 2026/02/09 12:0 a.m.•5 views

WAGO Industrial-Managed-Switch 0852-1322和WAGO Industrial-Managed-Switch 0852-1328 安全漏洞

WAGO Industrial-Managed-Switch 0852-1322 and WAGO Industrial-Managed-Switch 0852-1328 are industrial-grade managed Ethernet switches from the German company WAGO. Both devices have security vulnerabilities. These vulnerabilities stem from the use of hardcoded keys for AES-ECB encryption, which...

9.8CVSS5.9AI score0.00076EPSS

Exploits0References2

Positive Technologies•added 2026/02/09 12:0 a.m.•5 views

PT-2026-7084

Name of the Vulnerable Software and Affected Versions WAGO 0852-1322 affected versions not specified Description User credentials are stored using AES-ECB encryption with a hardcoded key. An unauthenticated remote attacker obtaining the configuration file can decrypt and recover plaintext usernam...

9.8CVSS5.6AI score0.00076EPSS

Exploits0References11

RedHat Linux•added 2026/01/28 10:8 a.m.•3 views

openssl: OpenSSL: Information disclosure and data tampering via specific low-level OCB encryption/decryption calls

A flaw was found in OpenSSL. When applications directly call the low-level CRYPTOocb128encrypt or CRYPTOocb128decrypt functions with non-block-aligned lengths in a single call on hardware-accelerated builds, the trailing 1-15 bytes of a message may be exposed in cleartext. These exposed bytes are...

4CVSS5.7AI score0.00009EPSS

Exploits1References4

OSV•added 2026/01/27 4:16 p.m.•6 views

CVE-2025-69418

Issue summary: When using the low-level OCB API directly with AES-NI orother hardware-accelerated code paths, inputs whose length is not a multipleof 16 bytes can leave the final partial block unencrypted and unauthenticated.Impact summary: The trailing 1-15 bytes of a message may be exposed...

4CVSS5.7AI score

Exploits0References6

OSV•added 2026/01/27 4:16 p.m.•3 views

ALPINE-CVE-2025-69418

4CVSS5.7AI score0.00009EPSS

Exploits1References1

OSV•added 2026/01/27 4:16 p.m.•2 views

AZL-75899 CVE-2025-69418 affecting package edk2 for versions less than 20240524git3e722403cd16-14

4CVSS7AI score0.00009EPSS

Exploits1References1

AlpineLinux•added 2026/01/27 4:1 p.m.•2 views

CVE-2025-69418

4CVSS5.7AI score0.00009EPSS

Exploits1

Debian CVE•added 2026/01/27 4:1 p.m.•4 views

CVE-2025-69418

4CVSS6.1AI score0.00009EPSS

Exploits1

CVE•added 2026/01/27 4:1 p.m.•39 views

CVE-2025-69418

CVE-2025-69418 affects OpenSSL when using the low-level OCB API (CRYPTO_ocb128_encrypt/decrypt) with non-block-aligned lengths on hardware-accelerated builds. The trailing 1–15 bytes of a message may be left unencrypted and unauthenticated, exposing or tampering with data. The issue does not affe...

4CVSS5.7AI score0.00009EPSS

Exploits1References7Affected Software1

UbuntuCve•added 2026/01/27 12:0 a.m.•4 views

CVE-2025-69418

4CVSS6.3AI score0.00009EPSS

Exploits1References3

Tenable Nessus•added 2026/01/27 12:0 a.m.•4 views

Linux Distros Unpatched Vulnerability : CVE-2025-69418

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Issue summary: When using the low-level OCB API directly with AES-NI orother hardware-accelerated code paths, inputs whose length is not a multipleof 16 bytes c...

4CVSS6.2AI score0.00009EPSS

Exploits1References3

Packet Storm News•added 2025/12/17 12:0 a.m.•3 views

Random Coding for Long-Range Continuous-Variable QKD

Quantum Key Distribution QKD schemes are key exchange protocols based on the physical properties of quantum channels. They avoid the computational-hardness assumptions that underlie the security of classical key exchange. Continuous-Variable QKD CVQKD, in contrast to qubit-based discrete-variable...

6.5AI score

Exploits0

RedhatCVE•added 2025/12/13 3:58 p.m.•3 views

CVE-2025-54981

Weak Encryption Algorithm in StreamPark, The use of an AES cipher in ECB mode and a weak random number generator for encrypting sensitive data, including JWT tokens, may have risked exposing sensitive authentication data This issue affects Apache StreamPark: from 2.0.0 before 2.1.7. Users are...

7.5CVSS7AI score0.00025EPSS

Exploits0References1

Veracode•added 2025/12/13 4:33 a.m.•4 views

Weak Encryption

org.apache.streampark, streampark is vulnerable to weak encryption. The vulnerability is due to the use of AES encryption in ECB mode along with a weak random number generator for protecting sensitive data, which allows an attacker to potentially expose or recover sensitive authentication...

7.5CVSS6.6AI score0.00025EPSS

Exploits0References5Affected Software1