Lucene search
K

1502 matches found

NVD
NVD
added 4 days ago6 views

CVE-2026-54736

Phalcon is a high-performance, full-stack PHP framework. Prior to 5.14.1, Phalcon\Encryption\Crypt::decrypt compares the attacker-supplied HMAC tag against the freshly computed HMAC using PHP/Zephir identity comparison, which lowers to a byte-wise comparison that returns early on the first...

8.2CVSS0.00147EPSS
Exploits0References5
CVE
CVE
added 4 days ago6 views

CVE-2026-54736

Technical details (affected versions, root cause specifics, and remediation beyond what is in the Initial Description) are not publicly available in the provided documents; monitor for updates.

8.2CVSS6.1AI score0.00147EPSS
Exploits0References5
Cvelist
Cvelist
added 4 days ago31 views

CVE-2026-54736 Phalcon: Non-constant-time HMAC verification in `Encryption\Crypt::decrypt` (timing side-channel)

Phalcon is a high-performance, full-stack PHP framework. Prior to 5.14.1, Phalcon\Encryption\Crypt::decrypt compares the attacker-supplied HMAC tag against the freshly computed HMAC using PHP/Zephir identity comparison, which lowers to a byte-wise comparison that returns early on the first...

8.2CVSS0.00147EPSS
Exploits0References5
NVD
NVD
added 5 days ago9 views

CVE-2026-8996

The Backup and Staging by WP Time Capsule plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.22.26 via the downloadrecentdecryptedfilewptc. This makes it possible for authenticated attackers, with subscriber-level access and above, to...

6.5CVSS0.0027EPSS
Exploits0References8
CVE
CVE
added 5 days ago11 views

CVE-2026-8996

The CVE-2026-8996 entry describes a Sensitive Information Exposure in the WordPress plugin “Backup and Staging by WP Time Capsule” up to version 1.22.26. The flaw is exposed via download_recent_decrypted_file_wptc, enabling authenticated users with subscriber-level access (or higher) to obtain th...

6.5CVSS5.8AI score0.0027EPSS
Exploits0References8
EUVD
EUVD
added 5 days ago8 views

EUVD-2026-42527

The Backup and Staging by WP Time Capsule plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.22.26 via the downloadrecentdecryptedfilewptc. This makes it possible for authenticated attackers, with subscriber-level access and above, to...

6.5CVSS5.8AI score0.0027EPSS
Exploits0References8
CVE
CVE
added 5 days ago12 views

CVE-2025-63579

CVE-2025-63579 affects Kyocera devices using Command Center RX for various TASKalfa models (e.g., 2552ci, 3252ci, 2553ci, 3253ci, 3554ci, 4052ci, 5052ci, 6052ci, 7052ci, 8052ci, 7353ci, 8353ci, 2554ci, 3254ci, 505). The description reports that unauthorized access can export all information store...

7.5CVSS5.9AI score0.00199EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 6 days ago4 views

Apache Tomcat: Apache Tomcat: Information disclosure via Padding Oracle vulnerability in EncryptInterceptor

A flaw was found in Apache Tomcat. This Padding Oracle vulnerability, present in the EncryptInterceptor with its default configuration, could allow a remote attacker to decrypt sensitive information. By exploiting weaknesses in the encryption padding, an attacker may be able to gain unauthorized...

7.5CVSS7.2AI score0.0504EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2026/06/30 12:0 a.m.7 views

EulerOS Virtualization 2.13.0 : kernel (EulerOS-SA-2026-2518)

According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : xfrm: esp: avoid in-place decrypt on shared skb fragsCVE-2026-43284 Tenable has extracted the preceding description block directly...

8.8CVSS7AI score0.93235EPSS
Exploits31References2
CVE
CVE
added 2026/06/29 8:42 p.m.15 views

CVE-2026-13758

CVE-2026-13758 affects CryptX for Perl versions before 0.088_001. The vulnerability stems from a non-constant-time comparison of AEAD authentication tags in the streaming decrypt_done path, using memNE (memcmp() != 0). The run time varies with the number of matching leading bytes across all five ...

3.7CVSS5.8AI score0.00295EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.10 views

PT-2026-53736

Name of the Vulnerable Software and Affected Versions CryptX versions prior to 0.088 001 Description CryptX for Perl performs AEAD authentication tag comparisons in non-constant time within the streaming decrypt done path. The decrypt done$tag function utilizes memNE based on memcmp != 0, which...

3.7CVSS6.1AI score0.00295EPSS
Exploits0References7
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/26 9:40 p.m.7 views

Malicious code in express-initial (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a8d292a4664135ed1869f907d62fb6472839ab54a59aedb2f3a88022a0c70095 package.json declares "postinstall": "node index.js", so npm install express-initial automatically runs the package's main script. index.js is heavil...

6AI score
Exploits0References5
OSV
OSV
added 2026/06/26 9:40 p.m.6 views

MAL-2026-6543 Malicious code in express-initial (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a8d292a4664135ed1869f907d62fb6472839ab54a59aedb2f3a88022a0c70095 package.json declares "postinstall": "node index.js", so npm install express-initial automatically runs the package's main script. index.js is heavil...

6AI score
Exploits0References5
OSV
OSV
added 2026/06/26 11:6 a.m.3 views

SUSE-SU-2026:2648-1 Security update for openssl-3

This update for openssl-3 fixes the following issues - CVE-2026-7383: Possible Heap Buffer Overflow in ASN.1 Multibyte String Conversion bsc1266340. - CVE-2026-9076: Out-of-Bounds Read in CMS Password-Based Decryption bsc1266341. - CVE-2026-34180: Heap Buffer Over-read in ASN.1 Content Parsing...

8.8CVSS6.3AI score0.02719EPSS
Exploits0References27
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/25 10:58 p.m.7 views

Malicious code in random-string-64 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9fea72321e7eb57feb094bc31de2393ec2a56903156e1257a062e40541785b96 The package advertises itself as a 5-line random-string generator, but index.js the declared main contains a hardcoded AES-256-CBC ciphertext blob th...

6AI score
Exploits0References3
NVD
NVD
added 2026/06/25 5:16 p.m.13 views

CVE-2026-55411

ToolJet is the open-source foundation am AI-native platform for building and deploying internal tools, workflows and AI agents. Prior to 3.20.1780-lts, the authenticated endpoint POST /api/data-sources/decrypt returns the decrypted plaintext for any credential whose credentialid is supplied in th...

6.8CVSS0.00126EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/25 4:8 p.m.28 views

CVE-2026-55411 ToolJet: Cross-tenant credential decryption (IDOR) in POST /api/data-sources/decrypt — any authenticated user can decrypt any organization's data-source secrets

ToolJet is the open-source foundation am AI-native platform for building and deploying internal tools, workflows and AI agents. Prior to 3.20.1780-lts, the authenticated endpoint POST /api/data-sources/decrypt returns the decrypted plaintext for any credential whose credentialid is supplied in th...

6.8CVSS0.00126EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/25 4:8 p.m.6 views

CVE-2026-55411

ToolJet is the open-source foundation am AI-native platform for building and deploying internal tools, workflows and AI agents. Prior to 3.20.1780-lts, the authenticated endpoint POST /api/data-sources/decrypt returns the decrypted plaintext for any credential whose credentialid is supplied in th...

6.8CVSS5.9AI score0.00126EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/06/24 6:32 p.m.5 views

EUVD-2026-38824

In the Linux kernel, the following vulnerability has been resolved: libceph: Fix potential out-of-bounds access in cephxdecrypt In cephxdecrypt, a part of the buffer p is interpreted as a cephxencryptheader, and the magic field of this struct is accessed. This happens without any guarantee that t...

5.9AI score0.00359EPSS
Exploits0References3
NVD
NVD
added 2026/06/24 5:17 p.m.6 views

CVE-2026-52956

In the Linux kernel, the following vulnerability has been resolved: libceph: Fix potential out-of-bounds access in cephxdecrypt In cephxdecrypt, a part of the buffer p is interpreted as a cephxencryptheader, and the magic field of this struct is accessed. This happens without any guarantee that t...

7.5CVSS0.00359EPSS
Exploits0References2
Rows per page
Query Builder