CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

5907 matches found

AlmaLinux•added 2026/04/16 12:0 a.m.•7 views

Important: .NET 8.0 security update

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK SDKVERSION and .NET Runtime...

7.5CVSS5.8AI score0.0111EPSS

Exploits0References10

AlmaLinux•added 2026/04/16 12:0 a.m.•9 views

Important: .NET 10.0 security update

7.5CVSS5.8AI score0.0111EPSS

Exploits0References10

RedhatCVE•added 2026/04/14 7:23 p.m.•9 views

CVE-2026-5295

A stack buffer overflow exists in wolfSSL's PKCS7 implementation in the wcPKCS7DecryptOri function in wolfcrypt/src/pkcs7.c. When processing a CMS EnvelopedData message containing an OtherRecipientInfo ORI recipient, the function copies an ASN.1-parsed OID into a fixed 32-byte stack buffer...

8CVSS6.2AI score0.00175EPSS

Exploits0References1

RedhatCVE•added 2026/04/14 7:23 p.m.•11 views

CVE-2026-5504

A padding oracle exists in wolfSSL's PKCS7 CBC decryption that could allow an attacker to recover plaintext through repeated decryption queries with modified ciphertext. In previous versions of wolfSSL the interior padding bytes are not validated...

6.3CVSS5.8AI score0.00111EPSS

Exploits0References1

RedhatCVE•added 2026/04/14 6:47 p.m.•7 views

CVE-2026-33116

A flaw was found in .NET. A remote attacker could exploit this vulnerability by crafting a malicious XML document that triggers an infinite recursion within the XmlDecryptionTransform component. This could lead to a Denial of Service DoS, making the affected system unresponsive. Mitigation...

7.5CVSS5.7AI score0.01088EPSS

Exploits0References3

RedhatCVE•added 2026/04/14 6:47 p.m.•4 views

CVE-2026-32203

A flaw was found in .NET. A remote attacker could exploit a stack overflow vulnerability during encrypted key nested decryption, leading to a Denial of Service DoS. This could make the affected system unavailable to legitimate users. Mitigation Mitigation for this issue is either not available or...

7.5CVSS5.7AI score0.00787EPSS

Exploits0References3

IBM Security Bulletins•added 2026/04/14 3:40 a.m.•3 views

Security Bulletin: Security vulnerabilities have been found in IBM Verify Identity Access and IBM Security Verify Access (CVE-2026-5926)

Summary Security vulnerabilities have been addressed in IBM Verify Identity Access and IBM Security Verify Access Vulnerability Details CVEID:CVE-2026-5926 DESCRIPTION: IBM Security Verify Access uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly...

6.5CVSS5.8AI score0.00181EPSS

Exploits0Affected Software2

RedhatCVE•added 2026/04/10 7:7 a.m.•5 views

CVE-2026-29146

A flaw was found in Apache Tomcat. This Padding Oracle vulnerability, present in the EncryptInterceptor with its default configuration, could allow a remote attacker to decrypt sensitive information. By exploiting weaknesses in the encryption padding, an attacker may be able to gain unauthorized...

7.5CVSS5AI score0.03645EPSS

Exploits1References4

EUVD•added 2026/04/10 6:31 a.m.•4 views

EUVD-2026-21292

In wolfSSL's EVP layer, the ChaCha20-Poly1305 AEAD decryption path in wolfSSLEVPCipherFinal and related EVP cipher finalization functions fails to verify the authentication tag before returning plaintext to the caller. When an application uses the EVP API to perform ChaCha20-Poly1305 decryption,...

7.6CVSS5.9AI score0.00152EPSS

Exploits0References2

Snyk•added 2026/04/10 5:8 a.m.•4 views

Improper Validation of Integrity Check Value

Overview Affected versions of this package are vulnerable to Improper Validation of Integrity Check Value in the wolfSSLEVPCipherFinal process. An attacker can obtain unauthorized access to plaintext data by submitting ciphertext with a forged or incorrect authentication tag, as the tag is not...

8.1CVSS5.8AI score0.00152EPSS

Exploits0References2

NVD•added 2026/04/10 4:17 a.m.•1 views

CVE-2026-5479

8.1CVSS0.00152EPSS

Exploits0References1

OSV•added 2026/04/10 4:17 a.m.•1 views

DEBIAN-CVE-2026-5479

8.1CVSS5.3AI score0.00152EPSS

Exploits0References1

ATTACKERKB•added 2026/04/10 2:38 a.m.•2 views

CVE-2026-5479

7.6CVSS5.9AI score0.00152EPSS

Exploits0References2

Vulnrichment•added 2026/04/10 2:38 a.m.•1 views

CVE-2026-5479 wolfSSL EVP ChaCha20-Poly1305 AEAD authentication tag

7.6CVSS5.8AI score0.00152EPSS

Exploits0References1

AlpineLinux•added 2026/04/10 2:38 a.m.•3 views

CVE-2026-5479

8.1CVSS5.3AI score0.00152EPSS

Exploits0

Cvelist•added 2026/04/10 2:38 a.m.•30 views

CVE-2026-5479 wolfSSL EVP ChaCha20-Poly1305 AEAD authentication tag

7.6CVSS0.00152EPSS

Exploits0References1

CVE•added 2026/04/10 2:38 a.m.•30 views

CVE-2026-5479

In wolfSSL, the ChaCha20-Poly1305 AEAD decryption path in the EVP layer (wolfSSL_EVP_CipherFinal and related finalization functions) fails to verify the authentication tag before returning plaintext. As a result, when using the EVP API to decrypt ChaCha20-Poly1305, the tag may be computed or acce...

8.1CVSS5.9AI score0.00152EPSS

Exploits0References1Affected Software1

Debian CVE•added 2026/04/10 2:38 a.m.•2 views

CVE-2026-5479

8.1CVSS5.3AI score0.00152EPSS

Exploits0

UbuntuCve•added 2026/04/10 12:0 a.m.•1 views

CVE-2026-5479

8.1CVSS5.8AI score0.00152EPSS

Exploits0References2

Positive Technologies•added 2026/04/10 12:0 a.m.•3 views

PT-2026-31863

Name of the Vulnerable Software and Affected Versions wolfSSL affected versions not specified Description The software fails to verify the authentication tag during ChaCha20-Poly1305 AEAD decryption, potentially returning plaintext to the caller even with an invalid tag. This occurs in the EVP...

7.6CVSS5.8AI score0.00152EPSS

Exploits0References4

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by