CVE-2026-45614

OP-TEE up to version 4.10.x is vulnerable in ECDH shared secret paths where the public key isn’t verified as a valid curve point. An attacker with local access can inject ~30–40 crafted public keys to force key derivation (TEE_DeriveKey) and leak d mod r across calls, enabling recovery of the pri...

Astra Linux - уязвимость в libsodium

libsodium before ad3004e, in atypical use cases involving certain custom cryptography or untrusted data to cryptocoreed25519isvalidpoint, mishandles checks for whether an elliptic curve point is valid because it sometimes allows points that aren't in the main cryptographic group...

openSUSE 16 Security Update : python-PyNaCl (openSUSE-SU-2026:20650-1)

The remote openSUSE 16 host has a package installed that is affected by a vulnerability as referenced in the openSUSE- SU-2026:20650-1 advisory. Security fixes: - CVE-2025-69277: incorrect validation of elliptic curve points certain custom cryptography or untrusted data to...

PT-2026-36501

An issue was discovered in Vanetza V2X v26.02 allowing remote unauthorized attackers to cause a denial of service. The vulnerability exists in the GeoNetworking packet processing pipeline where OpenSSL exceptions from ECC point validation invalid compressed point, point not on curve are not...

Security update for python-PyNaCl (moderate)

openSUSE security update: security update for python-pynacl ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20650-1 Rating: moderate References: bsc1161557 bsc1199282 bsc1255764 Cross-References: CVE-2025-69277 CVSS scores: CVE-2025-69277 SUSE : 4.4...

OPENSUSE-SU-2026:20642-1 Security update for libsodium

This update for libsodium fixes the following issues: Security fixes: - CVE-2025-15444: Cryptographic bypass via improper elliptic curve point validation bsc1256070. - CVE-2025-69277: incorrect validation of elliptic curve points certain custom cryptography or untrusted data to...

Security update for libsodium (moderate)

openSUSE security update: security update for libsodium ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20399-1 Rating: moderate References: bsc1256070 Cross-References: CVE-2025-15444 CVSS scores: CVE-2025-15444 SUSE : 6.8...

SUSE-SU-2026:20913-1 Security update for libsodium

This update for libsodium fixes the following issues: - CVE-2025-15444: Fixed cryptographic bypass via improper elliptic curve point validation bsc1256070...

Amazon Linux 2 : libsodium, --advisory ALAS2PHP8.2-2026-010 (ALASPHP8.2-2026-010)

The version of libsodium installed on the remote host is prior to 1.0.18-3. It is, therefore, affected by a vulnerability as referenced in the ALAS2PHP8.2-2026-010 advisory. libsodium before ad3004e, in atypical use cases involving certain custom cryptography or untrusted data to...

EUVD-2026-12542

All versions of the package sjcl are vulnerable to Improper Verification of Cryptographic Signature due to missing point-on-curve validation in sjcl.ecc.basicKey.publicKey. An attacker can recover a victim's ECDH private key by sending crafted off-curve public keys and observing ECDH outputs. The...

CVE-2026-4258

All versions of the package sjcl are vulnerable to Improper Verification of Cryptographic Signature due to missing point-on-curve validation in sjcl.ecc.basicKey.publicKey. An attacker can recover a victim's ECDH private key by sending crafted off-curve public keys and observing ECDH outputs. The...

CVE-2026-4258

Affected software: sjcl (Stanford Javascript Crypto Library). Vulnerability: Improper verification of cryptographic signatures due to missing point-on-curve validation in sjcl.ecc.basicKey.publicKey(). This allows an attacker to recover a victim’s ECDH private key by sending crafted off-curve pub...

PT-2026-25873

Name of the Vulnerable Software and Affected Versions sjcl affected versions not specified Description The software is susceptible to an Improper Verification of Cryptographic Signature issue due to missing point-on-curve validation within the sjcl.ecc.basicKey.publicKey function. An attacker can...

Huawei EulerOS: Security Advisory for libsodium (EulerOS-SA-2026-1370)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE-SU-2026:20484-1 Security update for libsodium

This update for libsodium fixes the following issues: - CVE-2025-15444: Fixed cryptographic bypass via improper elliptic curve point validation bsc1256070. - CVE-2025-69277: Fixed incorrect validation of elliptic curve points in cryptocoreed25519isvalidpoint function bsc1255764...

SUSE SLES12 Security Update : libsodium (SUSE-SU-2026:0482-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0482-1 advisory. - CVE-2025-15444: Fixed cryptographic bypass via improper elliptic curve point validation bsc1256070. - CVE-2025-69277: Fixed...

Security update for libsodium

This update for libsodium fixes the following issues: CVE-2025-15444: Fixed cryptographic bypass via improper elliptic curve point validation bsc1256070. CVE-2025-69277: Fixed incorrect validation of elliptic curve points in cryptocoreed25519isvalidpoint function bsc1255764. Patch Instructions: T...

Security update for libsodium

This update for libsodium fixes the following issues: CVE-2025-15444: Fixed cryptographic bypass via improper elliptic curve point validation bsc1256070. CVE-2025-69277: Fixed incorrect validation of elliptic curve points in cryptocoreed25519isvalidpoint function bsc1255764. Patch Instructions: T...

SUSE-SU-2026:0368-1 Security update for libsodium

This update for libsodium fixes the following issues: - CVE-2025-15444: Fixed cryptographic bypass via improper elliptic curve point validation bsc1256070. - CVE-2025-69277: Fixed incorrect validation of elliptic curve points in cryptocoreed25519isvalidpoint function bsc1255764...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : libsodium (SUSE-SU-2026:0223-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:0223-1 advisory. - CVE-2025-15444: fixed cryptographic bypass via improper elliptic curve point validation bsc1256070...