CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Exploits1References2Affected Software1

EUVD•added 2 days ago•6 views

EUVD-2026-34159

Cvelist•added 2 days ago•28 views

Exploits1References1

CVE-2026-45614 OP-TEE vulnerable to ECDH private key recovery

4.7CVSS0.00009EPSS

Exploits1References1

CVE•added 2 days ago•9 views

CVE-2026-45614

OP-TEE up to version 4.10.x is vulnerable in ECDH shared secret paths where the public key isn’t verified as a valid curve point. An attacker with local access can inject ~30–40 crafted public keys to force key derivation (TEE_DeriveKey) and leak d mod r across calls, enabling recovery of the pri...

Exploits1References1Affected Software1

Tenable Nessus•added 2 days ago•6 views

Linux Distros Unpatched Vulnerability : CVE-2026-45614

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology...

Positive Technologies•added 2 days ago•6 views

Exploits1References2

PT-2026-46045

Name of the Vulnerable Software and Affected Versions OP-TEE versions prior to 4.11.0 Description OP-TEE is a Trusted Execution Environment designed as a companion to a non-secure Linux kernel running on Arm Cortex-A cores using TrustZone technology. In several ECDH shared secret paths, the publi...

RedHat Linux•added 3 days ago•6 views

Exploits1References4

OpenSSH: OpenSSH: Information disclosure due to unintended cryptographic algorithm usage

A flaw was found in OpenSSH. This vulnerability allows the system to use unintended Elliptic Curve Digital Signature Algorithm ECDSA algorithms. This occurs because the configuration for accepted public key algorithms is misinterpreted, leading to the use of weaker cryptographic methods than...

6.5CVSS5.7AI score0.00052EPSS

Exploits0References7

EUVD•added 3 days ago•7 views

EUVD-2026-33817

Cloud Foundry UAA versions v76.12.0 through v78.12.0 are vulnerable to a private key exposure. The server contains a vulnerability where EC Elliptic Curve private keys are inadvertently exposed through the public /tokenkeys endpoint. This endpoint is designed to provide public key material for JW...

NVD•added 4 days ago•9 views

Exploits0References2

CVE-2026-40965

10CVSS0.00042EPSS

ATTACKERKB•added 4 days ago•7 views

CVE-2026-40965

Exploits0References2Affected Software2

Vulnrichment•added 4 days ago•6 views

CVE-2026-40965

Cvelist•added 4 days ago•22 views

CVE-2026-40965

10CVSS0.00042EPSS

RedHat Linux•added 4 days ago•7 views

OpenSSH: OpenSSH: Information disclosure due to unintended cryptographic algorithm usage

6.5CVSS5.7AI score0.00052EPSS

Exploits0References7

CNNVD•added 4 days ago•6 views

Cloud Foundry UAA security vulnerabilities

Cloud Foundry UAA is an identity verification and management service terminal designed for the CloudFoundry platform by the Cloud Foundry Foundation in the United States. There is a security vulnerability in Cloud Foundry UAA, which stems from the exposure of private keys. This vulnerability may...

Positive Technologies•added 4 days ago•9 views

PT-2026-45616

Name of the Vulnerable Software and Affected Versions Cloud Foundry UAA versions v76.12.0 through v78.12.0 CF Deployment versions v30.0.0 through v56.0.0 Description Private key exposure occurs when the server inadvertently reveals Elliptic Curve EC private keys through the public '/token keys'...

RedhatCVE•added 2026/05/28 8:12 p.m.•11 views

Exploits0References6

CVE-2026-44900

epa4all-client is the Java Client for epa4all / ePA 3.0 in the Telematik Infrastruktur. Prior to 1.2.1, in SignedPublicKeysTrustValidatorImpl.isTrusted, the ECDSA signature verification at line 45 discards the boolean return value of Signature.verify. The method performs certificate chain...

8.1CVSS5.8AI score0.00006EPSS