Lucene search
+L

6049 matches found

Nuclei
Nuclei
added yesterday101 views

Milesight Routers - Information Disclosure

A critical security vulnerability has been identified in Milesight Industrial Cellular Routers, compromising the security of sensitive credentials and permitting unauthorized access. This vulnerability stems from a misconfiguration that results in directory listing being enabled on the router...

7.5CVSS7.7AI score0.59342EPSS
Exploits5References5
OSV
OSV
added 3 days ago6 views

MGASA-2026-0253 Updated openssl packages fix security vulnerabilities

The updated packages fix security vulnerabilities: Possible Heap Buffer Overflow in ASN.1 Multibyte String Conversion. CVE-2026-7383 Out-of-Bounds Read in CMS Password-Based Decryption. CVE-2026-9076 Heap Buffer Over-read in ASN.1 Content Parsing. CVE-2026-34180 PKCS12 Files with PBMAC1 Are...

9.1CVSS6.1AI score0.02719EPSS
Exploits0References8
OSV
OSV
added 3 days ago5 views

JLSEC-2026-761

iPerf3 before 3.17, when used with OpenSSL before 3.2.0 as a server with RSA authentication, allows a timing side channel in RSA decryption operations. This side channel could be sufficient for an attacker to recover credential plaintext. It requires the attacker to send a large number of message...

5.9CVSS6.4AI score0.01098EPSS
Exploits0References5
OSV
OSV
added 4 days ago4 views

JLSEC-2026-741 Integer underflow in wolfSSL packet sniffer <= 5.9.0 allows an attacker to cause a program crash...

Integer underflow in wolfSSL packet sniffer = 5.9.0 allows an attacker to cause a program crash in the AEAD decryption path by injecting a TLS record shorter than the explicit IV plus authentication tag into traffic inspected by sslDecodePacket. The underflow wraps a 16-bit length to a large valu...

6.5CVSS6.1AI score0.00225EPSS
Exploits0References3
OSV
OSV
added 4 days ago4 views

JLSEC-2026-732 A padding oracle exists in wolfSSL's PKCS7 CBC decryption that could allow an attacker to recover...

A padding oracle exists in wolfSSL's PKCS7 CBC decryption that could allow an attacker to recover plaintext through repeated decryption queries with modified ciphertext. In previous versions of wolfSSL the interior padding bytes are not validated...

6.3CVSS6.1AI score0.00111EPSS
Exploits0References3
OSV
OSV
added 4 days ago3 views

JLSEC-2026-752 Integer underflow in wc_PKCS7_DecryptOri when handling crafted Other Recipient Info, leading to...

Integer underflow in wcPKCS7DecryptOri when handling crafted Other Recipient Info, leading to incorrect length handling during decryption...

5.3CVSS6.1AI score0.0019EPSS
Exploits0References6
OSV
OSV
added 4 days ago4 views

JLSEC-2026-728 In wolfSSL's EVP layer, the ChaCha20-Poly1305 AEAD decryption path in wolfSSL_EVP_CipherFinal ...

In wolfSSL's EVP layer, the ChaCha20-Poly1305 AEAD decryption path in wolfSSLEVPCipherFinal and related EVP cipher finalization functions fails to verify the authentication tag before returning plaintext to the caller. When an application uses the EVP API to perform ChaCha20-Poly1305 decryption,...

8.1CVSS6.1AI score0.00152EPSS
Exploits0References3
OSV
OSV
added 4 days ago4 views

JLSEC-2026-692 Integer underflow in wolfSSL packet sniffer <= 5.8.4 allows an attacker to cause a buffer...

Integer underflow in wolfSSL packet sniffer = 5.8.4 allows an attacker to cause a buffer overflow in the AEAD decryption path by injecting a TLS record shorter than the explicit IV plus authentication tag into traffic inspected by sslDecodePacket. The underflow wraps a 16-bit length to a large...

5.3CVSS6.2AI score0.00251EPSS
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 4 days ago10 views

Malicious code in chain-sdk-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cb94ce743d92fe81015db70380ba325e78e4271b78689a9a6998cda4e6bdc038 chain-sdk-js is a typosquat of @thetalabs/theta-js package name, description, author 'Theta Labs', and bundle filenames thetajs.cjs.js/thetajs.umd.js...

6.2AI score
Exploits0References6
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/09 3:55 p.m.12 views

Malicious code in express-router-engine (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 49091d8e8923e3e709cebd14f01ee1617267bf3f9b6be99052603715b7cf9f70 The sole shipped file index.js is a heavily obfuscated RC4 + base64 string-array, 337-entry rotated array, control-flow flattening IIFE that executes...

6.1AI score
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/07/09 8:24 a.m.9 views

Apache Tomcat: Apache Tomcat: Information disclosure via Padding Oracle vulnerability in EncryptInterceptor

A flaw was found in Apache Tomcat. This Padding Oracle vulnerability, present in the EncryptInterceptor with its default configuration, could allow a remote attacker to decrypt sensitive information. By exploiting weaknesses in the encryption padding, an attacker may be able to gain unauthorized...

7.5CVSS7.2AI score0.0504EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/07/09 12:0 a.m.6 views

CVE-2025-63579

Unauthorized use of Kyocera printers, allows all information stored in the Kyocera address book to be exported. The security measure that encrypts incoming data ian be bypassed with this vulnerability, allowing encrypted data to be decrypted. Passwords and other sensitive information can be...

7.5CVSS5.9AI score0.00199EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/07/08 9:53 p.m.6 views

Apache Tomcat: Apache Tomcat: Information disclosure via Padding Oracle vulnerability in EncryptInterceptor

A flaw was found in Apache Tomcat. This Padding Oracle vulnerability, present in the EncryptInterceptor with its default configuration, could allow a remote attacker to decrypt sensitive information. By exploiting weaknesses in the encryption padding, an attacker may be able to gain unauthorized...

7.5CVSS7.2AI score0.0504EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2026/07/08 4:14 p.m.4 views

Apache Tomcat: Apache Tomcat: Information disclosure via Padding Oracle vulnerability in EncryptInterceptor

A flaw was found in Apache Tomcat. This Padding Oracle vulnerability, present in the EncryptInterceptor with its default configuration, could allow a remote attacker to decrypt sensitive information. By exploiting weaknesses in the encryption padding, an attacker may be able to gain unauthorized...

7.5CVSS7.2AI score0.0504EPSS
Exploits1References5
OSV
OSV
added 2026/07/07 11:45 a.m.4 views

PYSEC-2026-1811 PyCryptodome and pycryptodomex side-channel leakage for OAEP decryption

PyCryptodome and pycryptodomex before 3.19.1 allow side-channel leakage for OAEP decryption, exploitable for a Manger attack...

7.1CVSS6.5AI score0.00618EPSS
Exploits0References8
NVD
NVD
added 2026/07/06 8:16 p.m.6 views

CVE-2026-41516

OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 4.5.0 and prior to version 4.11.0, the RSA PKCS1 v1.5 decryption implementation in the Hisilicon HPRE crypto driver...

3.3CVSS0.00099EPSS
Exploits1References1
OSV
OSV
added 2026/07/06 8:16 p.m.2 views

DEBIAN-CVE-2026-41516

OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 4.5.0 and prior to version 4.11.0, the RSA PKCS1 v1.5 decryption implementation in the Hisilicon HPRE crypto driver...

3.3CVSS6AI score0.00099EPSS
Exploits1References1
OSV
OSV
added 2026/07/06 8:16 p.m.12 views

DEBIAN-CVE-2026-41515

OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 3.9.0 and prior to version 4.11.0, the RSA-OAEP decryption implementation in the NXP CAAM crypto driver uses...

3.3CVSS6AI score0.00094EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/06 7:27 p.m.6 views

CVE-2026-41516

OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 4.5.0 and prior to version 4.11.0, the RSA PKCS1 v1.5 decryption implementation in the Hisilicon HPRE crypto driver...

2.5CVSS6AI score0.00099EPSS
Exploits1References2Affected Software1
Debian CVE
Debian CVE
added 2026/07/06 7:27 p.m.6 views

CVE-2026-41516

OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 4.5.0 and prior to version 4.11.0, the RSA PKCS1 v1.5 decryption implementation in the Hisilicon HPRE crypto driver...

3.3CVSS6AI score0.00099EPSS
Exploits1
Rows per page
Query Builder