Lucene search
K

5397 matches found

RedhatCVE
RedhatCVE
added 2026/06/23 1:28 p.m.13 views

CVE-2026-54276

A flaw was found in aiohttp, an asynchronous HTTP client/server framework for asyncio and Python. The DigestAuthMiddleware component can send an authentication response after following a cross-origin redirect. This could allow a remote attacker, in conjunction with an open redirect vulnerability ...

6.3CVSS5.7AI score0.00178EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/06/23 12:0 a.m.9 views

Oracle Linux 9 : kernel (ELSA-2026-19225)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-19225 advisory. - xfrm: esp: avoid in-place decrypt on shared skb frags Sabrina Dubroca RHEL-174563 CVE-2026-43284 - crypto: authencesn - Do not place hiseq at end of...

8.8CVSS7.2AI score0.96267EPSS
Exploits263References5
OSV
OSV
added 2026/06/22 9:24 p.m.4 views

GO-2026-5052 Vulnerability in software.sslmate.com/src/go-pkcs12

Users who decode PKCS12 files from untrusted sources and rely on the password for authentication can be tricked into accepting malicious PKCS12 files...

5.9AI score
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/06/22 9:1 p.m.3 views

crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages

A flaw was found in the crypto/tls package within the Go golang standard library, specifically affecting TLS 1.3 connections. A remote attacker can exploit this vulnerability by sending multiple key update messages in a single record after the handshake. This can cause the connection to deadlock,...

7.5CVSS7.1AI score0.00621EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/06/22 8:40 p.m.3 views

crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages

A flaw was found in the crypto/tls package within the Go golang standard library, specifically affecting TLS 1.3 connections. A remote attacker can exploit this vulnerability by sending multiple key update messages in a single record after the handshake. This can cause the connection to deadlock,...

7.5CVSS7.1AI score0.00621EPSS
Exploits0References8
Ubuntu
Ubuntu
added 2026/06/22 5:23 p.m.4 views

USN-8447-3: Google Guest Agent vulnerabilities

USN-8447-1 fixed vulnerabilities in Go Cryptography. This update provides the corresponding updates for Go Cryptography code embedded in Google Guest Agent. Original advisory details: It was discovered that Go Cryptography did not properly handle SSH global request responses. A remote attacker...

10CVSS6.2AI score0.005EPSS
Exploits0
OSV
OSV
added 2026/06/22 5:23 p.m.2 views

USN-8447-3 google-guest-agent vulnerabilities

USN-8447-1 fixed vulnerabilities in Go Cryptography. This update provides the corresponding updates for Go Cryptography code embedded in Google Guest Agent. Original advisory details: It was discovered that Go Cryptography did not properly handle SSH global request responses. A remote attacker...

10CVSS6.1AI score0.005EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/22 2:7 p.m.9 views

CVE-2026-12205

A flaw was found in Crypt::DSA, a Perl module for Digital Signature Algorithm DSA cryptography. This vulnerability occurs because the software reuses a unique random number, known as a nonce, for multiple digital signatures generated with the same cryptographic key. An attacker could exploit this...

9.1CVSS5.8AI score0.00289EPSS
Exploits0References5
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/22 1:48 p.m.3 views

Security Bulletin: Vulnerability in cryptography affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerability in cryptography has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information...

8.2CVSS6.5AI score0.00341EPSS
Exploits0Affected Software2
OSV
OSV
added 2026/06/22 12:0 p.m.10 views

MAL-2026-6312 Malicious code in @tinyfox/shapecheck (npm)

@tinyfox/shapecheck malicious version 0.8.7, published by [email protected] is a trojanized npm package belonging to the wshu.net credential-stealer campaign. The campaign published trojanized look-alike utility packages across 12+ scopes whose publisher accounts all follow the pattern...

5.9AI score
Exploits0References7
OSV
OSV
added 2026/06/22 12:0 p.m.5 views

MAL-2026-6313 Malicious code in @zynkit/jwtbytes (npm)

@zynkit/jwtbytes malicious version 0.5.3, published by [email protected] is a trojanized npm package belonging to the wshu.net credential-stealer campaign. The campaign published trojanized look-alike utility packages across 12+ scopes whose publisher accounts all follow the pattern...

6.5AI score
Exploits0References7
OSV
OSV
added 2026/06/22 9:36 a.m.6 views

ROOT-APP-PYPI-CVE-2026-26007 CVE-2026-26007 in rootio-cryptography - Patched by Root

Root has patched CVE-2026-26007 in the rootio-cryptography package for Root:PyPI. Multiple fixed versions available...

6.5CVSS5.4AI score0.00341EPSS
Exploits0
NVD
NVD
added 2026/06/20 2:16 a.m.13 views

CVE-2026-9265

Crypt::OpenSSL::PKCS12 versions before 1.96 for Perl permits a heap OOB read in printattribute UTF8STRING path. printattribute copies a UTF8STRING ASN.1 attribute value into a heap buffer sized exactly to its declared length via strncpy, leaving no NUL terminator. Downstream callers run strlen on...

9.1CVSS0.00354EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/06/20 12:28 a.m.7 views

kernel: crypto: caam - fix overflow on long hmac keys

A flaw was found in the Linux kernel's caam cryptographic accelerator driver. When processing a Hash-based Message Authentication Code HMAC key that exceeds the block size, the driver incorrectly handles memory allocation and copying. This can lead to an overflow, where the system attempts to rea...

7.8CVSS6.1AI score0.00129EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/06/20 12:0 a.m.8 views

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 26.04 LTS : Go Cryptography vulnerabilities (USN-8447-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8447-1 advisory. It was discovered that Go Cryptography did not properly handle SSH global request responses. ...

10CVSS6.3AI score0.005EPSS
Exploits0References8
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: crypto: afalg – Fixed an issue where initialisation was missing, affecting gcm-aes-s390. Fixed the afalgallocareq function to initialize areq-firstrsgl.sgl.sgt.sgl to point to the scatterlist array in areq-firstrsgl.sgl.sgl...

5.5CVSS5.8AI score0.0012EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in Thunderbird, Firefox, NSS

An attacker could create a PKCS 12 certificate bundle in a way that allows arbitrary memory writes through the mishandled Safe Bag attributes of PKCS 12. This vulnerability affects Firefox 110, Thunderbird 102.8, and Firefox ESR 102.8...

8.8CVSS7AI score0.00817EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: crypto: lib/mpi – Fixed unexpected pointer access in mpiecinit When the mpiecctx structure is initialized, some fields are not cleared, resulting in a crash when referencing those fields after the structure is released. Initially...

5.5CVSS5.3AI score0.0023EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in libcrypto++

In gf2n.cpp within Crypto++ also known as cryptopp, available from version 8.9.0, attackers can cause a denial of service application crash by exploiting DER public-key data for an F2^m curve. This occurs when the degree of each term in the polynomial is not strictly decreasing...

7.5CVSS7.1AI score0.00829EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.2 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: crypto: hisilicon/sec - don't sleep when in softirq When kunpeng920 encryption driver is used to deencrypt and decrypt packets during the softirq, it is not allowed to use mutex lock. The kernel will report the following error:...

5.5CVSS6.1AI score0.00128EPSS
Exploits0References1
Rows per page
Query Builder