CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

884 matches found

openssl: Multi-RecipientInfo Bleichenbacher Oracle in CMS_decrypt() and PKCS7_decrypt()

A flaw was found in OpenSSL's CMSdecrypt and PKCS7decrypt functions. This vulnerability, a Bleichenbacher-style oracle, could allow a remote attacker to decrypt or sign messages using the victim's private RSA key. Exploitation requires the attacker to provide specially crafted CMS or S/MIME...

3.7CVSS5.4AI score0.00009EPSS

Exploits0References4

Rockylinux•added 4 days ago•7 views

bind security update

An update is available for bind. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The Berkeley Internet Name Domain BIND is an implementation of the Domain Name...

7.5CVSS5.5AI score0.00092EPSS

Exploits0

OSV•added 4 days ago•3 views

RLSA-2026:24367 Important: bind security update

The Berkeley Internet Name Domain BIND is an implementation of the Domain Name System DNS protocols. BIND includes a DNS server named; a resolver library routines for applications to use when interfacing with DNS; and tools for verifying that the DNS server is operating correctly. Security Fixes:...

7.5CVSS5.5AI score0.00092EPSS

Exploits0References3

Rockylinux•added 4 days ago•7 views

bind9.18 security update

An update is available for bind9.18. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list BIND Berkeley Internet Name Domain is an implementation of the DNS Domain Na...

7.5CVSS5.5AI score0.00092EPSS

Exploits0

OSV•added last week•4 views

USN-8403-1 isc-kea vulnerability

Ali Norouzi discovered that Kea DHCP did not properly handle maliciously crafted messages over configured API sockets and HA listeners. A remote attacker could possibly use this issue to cause Kea DHCP to crash, resulting in a denial of service...

7.5CVSS8AI score0.00011EPSS

Exploits0References2

Ubuntu•added last week•4 views

USN-8403-1: Kea DHCP vulnerability

7.5CVSS8AI score0.00011EPSS

Exploits0

RedHat Linux•added last week•5 views

bind: BIND: Denial of Service via specially crafted DNS messages

A flaw was found in the bind component, specifically within the named daemon. This vulnerability allows a remote attacker to send specially crafted Domain Name System DNS messages. These messages, which use unusual classes or meta-classes, can trigger assertion failures in the named daemon when...

7.5CVSS5.4AI score0.0005EPSS

Exploits0References4

OSV•added 2026/06/08 12:0 a.m.•3 views

ALSA-2026:24367 Important: bind security update

7.5CVSS5.5AI score0.00092EPSS

Exploits0References6

RedhatCVE•added 2026/06/06 6:43 p.m.•9 views

CVE-2025-59174

Ericsson Packet Core Controller PCC versions prior to 1.39 contain a vulnerability where an attacker sending a large volume of specially crafted messages may cause service degradation...

7.1CVSS5.5AI score0.00019EPSS

Exploits0References1

RedhatCVE•added 2026/06/06 12:43 p.m.•10 views

CVE-2026-25659

Ericsson Packet Core Gateway PCG versions prior to 1.30 contain an Improper Handling of Missing Values CWE-230 vulnerability where an attacker continuously sending a specially crafted message can cause service degradation. The impact continues as long the attack persists but the system recovers...

7.1CVSS5.4AI score0.00019EPSS

Exploits0References1

RedhatCVE•added 2026/06/05 7:20 p.m.•8 views

CVE-2026-23824

Vulnerabilities exist in a protocol-handling component of AOS-8 and AOS-10 Operating Systems. An unauthenticated attacker could exploit these vulnerabilities by sending specially crafted network messages to the affected service. Due to insufficient input validation, successful exploitation may...

7.5CVSS5.5AI score0.00048EPSS

Exploits0References1

NVD•added 2026/06/05 3:16 p.m.•7 views

CVE-2025-59174

Ericsson Packet Core Controller PCC versions prior to 1.39 contain a vulnerability where an attacker sending a large volume of specially crafted messages may cause service degradation...

7.1CVSS0.00019EPSS

Exploits0References1

ATTACKERKB•added 2026/06/05 1:44 p.m.•6 views

CVE-2025-59174

Ericsson Packet Core Controller PCC versions prior to 1.39 contain a vulnerability where an attacker sending a large volume of specially crafted messages may cause service degradation...

7.1CVSS5.5AI score0.00019EPSS

Exploits0References2

NVD•added 2026/06/05 12:16 p.m.•10 views

CVE-2026-25659

7.1CVSS0.00019EPSS

Exploits0References1

NVD•added 2026/06/05 12:16 p.m.•10 views

CVE-2026-25658

7.1CVSS0.00019EPSS

Exploits0References1

NVD•added 2026/06/05 12:16 p.m.•9 views

CVE-2026-25657

Ericsson Packet Core Gateway PCG versions prior to 1.30 contain an Improper Handling of Syntactically Invalid Structure CWE-228 vulnerability where an attacker continuously sending a specially crafted message can cause service degradation. The impact continues as long the attack persists but the...

7.1CVSS0.00019EPSS

Exploits0References1

CVE•added 2026/06/05 11:8 a.m.•15 views

CVE-2026-25659

Ericsson Packet Core Gateway (PCG) before version 1.30 is affected by an Improper Handling of Missing Values (CWE-230). A crafted message can be repeatedly sent to cause service degradation; impact persists while the attack continues and the system recovers once the attack stops. Remediation: upg...

7.1CVSS5.4AI score0.00019EPSS

Exploits0References1Affected Software1