CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

23 matches found

CVE-2026-48930

A flaw was found in Node.js. This vulnerability in the TLS Transport Layer Security hostname handling allows embedded null characters in hostnames. This can lead to silent authority rebinding, potentially enabling an attacker to redirect network traffic to an unintended server and disclose...

9.8CVSS6AI score0.0038EPSS

Exploits0References6

NVD•added 2026/05/17 7:16 p.m.•19 views

CVE-2026-8721

Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl truncates passwords with embedded NULLs. Password parameters in PKCS12.xs are declared char , which routes through Perl's default typemap to SvPVnolen. The Perl length is discarded. The C code or OpenSSL internally calls strlen on the buffer...

9.8CVSS0.00447EPSS

Exploits0References2

OSV•added 2026/05/17 7:16 p.m.•9 views

UBUNTU-CVE-2026-8721

9.8CVSS5.9AI score0.00447EPSS

Exploits0References9

UbuntuCve•added 2026/05/17 7:16 p.m.•9 views

CVE-2026-8721

9.8CVSS5.9AI score0.00447EPSS

Exploits0References8

Vulnrichment•added 2026/05/17 6:51 p.m.•7 views

CVE-2026-8721 Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl truncates passwords with embedded NULLs

5.9AI score0.00447EPSS

Exploits0References1

EUVD•added 2026/05/17 6:51 p.m.•14 views

EUVD-2026-30707

5.9AI score0.00447EPSS

Exploits0References1

ATTACKERKB•added 2026/05/17 6:51 p.m.•6 views

CVE-2026-8721

9.8CVSS5.9AI score0.00447EPSS

Exploits0References2

CVE•added 2026/05/17 6:51 p.m.•28 views

CVE-2026-8721

CVE-2026-8721 affects Crypt::OpenSSL::PKCS12 for Perl up to version 1.94. The root cause is that PKCS12.xs passes password data as char* through Perl’s typemap, discarding length, and the C/OpenSSL code calls strlen() on the buffer, causing any password byte at or after the first NULL to be silen...

9.8CVSS5.9AI score0.00447EPSS

Exploits0References2

Cvelist•added 2026/05/17 6:51 p.m.•42 views

CVE-2026-8721 Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl truncates passwords with embedded NULLs

0.00447EPSS

Exploits0References1

Tenable Nessus•added 2026/05/17 12:0 a.m.•12 views

Linux Distros Unpatched Vulnerability : CVE-2026-8721

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl truncates passwords with embedded NULLs. Password parameters in PKCS12.xs are declared char , which routes...

9.8CVSS5.6AI score0.00447EPSS

Exploits0References3

Positive Technologies•added 2026/05/17 12:0 a.m.•12 views

PT-2026-41583

Name of the Vulnerable Software and Affected Versions Crypt::OpenSSL::PKCS12 versions prior to 1.95 Description The software truncates passwords containing embedded NULL characters. In the PKCS12.xs file, password parameters are declared as char , which utilizes Perl's default typemap SvPV nolen,...

9.8CVSS5.8AI score0.00447EPSS

Exploits0References9

Positive Technologies•added 2026/05/11 12:0 a.m.•16 views

PT-2026-39719

Name of the Vulnerable Software and Affected Versions jq versions 1.8.1 and earlier Description jq accepts embedded NUL bytes in import paths at the jq-language level, but subsequently resolves those paths using C string operations during module and data-file lookup. This results in a mismatch...

7.3CVSS5.9AI score0.00158EPSS

Exploits5References38

Vulnrichment•added 2026/05/01 4:1 p.m.•4 views

CVE-2026-23863

An attachment spoofing issue in WhatsApp for Windows prior to v2.3000.1032164386.258709 could have allowed maliciously formatted documents with embedded NUL bytes in the filename to be shown in the application as one type of file but run as an executable when opened. We have not seen evidence of...

6.5CVSS5.8AI score0.00528EPSS

Exploits0References2

Hacker One•added 2026/04/07 7:53 p.m.•7 views

Node.js: Embedded-nul hostnames can lead to silent authority rebinding due to c-string truncation in resolver bindings

Vulnerability description not provided...

9.8CVSS5.8AI score0.0038EPSS

Exploits0

OSV•added 2024/06/27 3:52 p.m.•9 views

USN-5615-3 sqlite3 vulnerability

USN-5615-1 fixed several vulnerabilities in SQLite. This update provides the corresponding fix for CVE-2020-35525 for Ubuntu 14.04 LTS. Original advisory details: It was discovered that SQLite incorrectly handled INTERSEC query processing. An attacker could use this issue to cause SQLite to crash...

7.5CVSS7AI score0.00894EPSS

Exploits0References2

SUSE CVE•added 2023/02/15 4:5 a.m.•4 views

SUSE CVE-2019-19959

ext/misc/zipfile.c in SQLite 3.30.1 mishandles certain uses of INSERT INTO in situations involving embedded '\0' characters in filenames, leading to a memory-management error that can be detected by for example valgrind...

5.4CVSS8.8AI score0.03244EPSS

Exploits0References80

OSV•added 2022/09/15 4:53 p.m.•5 views

USN-5615-1 sqlite3 vulnerabilities

It was discovered that SQLite incorrectly handled INTERSEC query processing. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. CVE-2020-35525 It was discovered that SQLite incorrectly handled ALTER TABLE for views that...

9.8CVSS7AI score0.01029EPSS

Exploits0References4

CNNVD•added 2022/08/25 12:0 a.m.•3 views

编号撤回

SQLite is a lightweight database that is an ACID-compliant relational database management system. SQLite has a security vulnerability that stems from the fts5UnicodeTokenize function of its ext/fts5/fts5tokenize.c component that handles unicode " control-characters" class Cc of the unicode61...

6.8AI score

Exploits0