CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

60 matches found

Tenable Nessus•added 2026/06/10 12:0 a.m.•7 views

EulerOS 2.0 SP10 : kernel (EulerOS-SA-2026-2272)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : xfrm: esp: avoid in-place decrypt on shared skb fragsCVE-2026-43284 crypto: algifaead - Revert to operating out-of-placeCVE-2026-31431 Tenable has...

8.8CVSS7.6AI score0.96775EPSS

Exploits253References3

RedhatCVE•added 2026/06/05 7:36 p.m.•8 views

CVE-2026-41244

Mojic is a CLI tool to transform readable C code into an unrecognizable chaotic stream of emojis. Prior to 2.1.4, the CipherEngine uses a standard equality operator !== to verify the HMAC-SHA256 integrity seal during the decryption phase. This creates an Observable Timing Discrepancy CWE-208,...

4.7CVSS5.5AI score0.00108EPSS

Exploits0References1

RedHat Linux•added 2026/05/26 6:51 a.m.•10 views

guntls: gnutls: Information disclosure via timing side-channel in PKCS#7 padding removal

A flaw was found in gnutls. The PKCS7 padding check, performed during decryption, was not constant-time. This timing side-channel could allow a remote attacker to potentially leak sensitive information about the padding bytes through observable timing differences. This vulnerability is a form of...

3.7CVSS5.8AI score0.00326EPSS

Exploits0References4

Tenable Nessus•added 2026/05/22 12:0 a.m.•8 views

Unity Linux 20.1060e / 20.1070e Security Update: nettle (UTSA-2026-016652)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016652 advisory. A flaw was found in the way nettle's RSA decryption functions handled specially crafted ciphertext. An attacker could use this flaw to provide a manipulated cipherte...

7.5CVSS6.7AI score0.02686EPSS

Exploits0References4

AstraLinux•added 2026/05/03 11:59 p.m.•5 views

Astra Linux – Vulnerability in python-rsa

In Python-RSA before version 4.1, leading '\0' bytes are ignored during the decryption of ciphertext. This could potentially have security-related implications, such as allowing an attacker to infer that an application uses Python-RSA. Alternatively, the length of the accepted ciphertext may affe...

7.5CVSS7.3AI score0.01359EPSS

Exploits1References2

NVD•added 2026/04/24 8:16 p.m.•10 views

CVE-2026-41244

4.7CVSS0.00108EPSS

Exploits0References1

Cvelist•added 2026/04/24 7:11 p.m.•28 views

CVE-2026-41244 Mojic: Observable Timing Discrepancy in HMAC Verification

4.7CVSS0.00108EPSS

Exploits0References1

RedhatCVE•added 2026/04/22 7:22 a.m.•4 views

CVE-2026-5479

In wolfSSL's EVP layer, the ChaCha20-Poly1305 AEAD decryption path in wolfSSLEVPCipherFinal and related EVP cipher finalization functions fails to verify the authentication tag before returning plaintext to the caller. When an application uses the EVP API to perform ChaCha20-Poly1305 decryption,...

8.1CVSS5.7AI score0.00152EPSS

Exploits0References1

AlpineLinux•added 2026/04/10 2:38 a.m.•3 views

CVE-2026-5479

8.1CVSS5.3AI score0.00152EPSS

Exploits0

ATTACKERKB•added 2026/04/03 12:0 a.m.•1 views

CVE-2026-28373

The Stackfield Desktop App before 1.10.2 for macOS and Windows contains a path traversal vulnerability in certain decryption functionality when processing the filePath property. A malicious export can write arbitrary content to any path on the victim's filesystem...

9.6CVSS6AI score0.00421EPSS

Exploits1References4

OSV•added 2026/03/30 9:17 p.m.•3 views

DEBIAN-CVE-2026-32877

Botan is a C++ cryptography library. From version 2.3.0 to before version 3.11.0, during SM2 decryption, the code that checked the authentication code value C3 failed to check that the encoded value was of the expected length prior to comparison. An invalid ciphertext can cause a heap over-read o...

8.2CVSS5.4AI score0.00278EPSS

Exploits0References1

AlpineLinux•added 2026/03/30 8:36 p.m.•2 views

CVE-2026-32877

8.2CVSS5.7AI score0.00278EPSS

Exploits0References1

RedhatCVE•added 2026/03/26 3:2 p.m.•2 views

CVE-2026-32614

Go ShangMi Commercial Cryptography Library GMSM is a cryptographic library that covers the Chinese commercial cryptographic public algorithms SM2/SM3/SM4/SM9/ZUC. Prior to 0.41.1, the current SM9 decryption implementation contains an infinity-point ciphertext forgery vulnerability. The root cause...

7.5CVSS5.8AI score0.00211EPSS

Exploits0References1

SUSE CVE•added 2026/03/25 12:24 a.m.•1 views

SUSE CVE-2026-32614

7.5CVSS5.9AI score0.00211EPSS

Exploits0References3

CNNVD•added 2026/03/16 12:0 a.m.•5 views

gmsm 数据伪造问题漏洞

GMSM is a commercial cryptography algorithm library implemented in Go language by Sun Yimin as a personal development. Versions of GMSM prior to 0.41.1 contained a data forgery vulnerability. This vulnerability stemmed from an infinite point ciphertext forgery flaw in the SM9 decryption...

7.5CVSS7.3AI score0.00211EPSS

Exploits0References1

CVE•added 2026/03/13 8:14 p.m.•16 views

CVE-2026-32614

CVE-2026-32614 concerns the Go ShangMi (GMSM) library’s SM9 decryption, where the ciphertext can be forged if the point C1 is the point at infinity. The root cause is that during decryption, C1 is deserialized and checked for curve membership, but the code does not reject the point at infinity, a...

7.5CVSS5.9AI score0.00211EPSS

Exploits0References1

EUVD•added 2026/03/04 9:31 a.m.•5 views

EUVD-2026-9384

SEPPmail Secure Email Gateway before version 15.0.1 decrypts inline PGP messages without isolating them from surrounding unencrypted content, allowing exposure of sensitive information to an unauthorized actor...

6.9CVSS5.9AI score0.0025EPSS

Exploits0References2

OSV•added 2026/03/04 9:15 a.m.•2 views

CVE-2026-2747

7.5CVSS5.8AI score0.0025EPSS

Exploits0References1

ATTACKERKB•added 2026/03/04 8:46 a.m.•5 views

CVE-2026-2747

6.9CVSS5.9AI score0.0025EPSS

Exploits0References2

Cvelist•added 2026/03/04 8:46 a.m.•24 views

CVE-2026-2747 PGP Mixed Plaintext and Encrypted Content