Lucene search
K

25566 matches found

RedhatCVE
RedhatCVE
added 2026/02/15 1:19 a.m.12 views

CVE-2026-26334

Calero VeraSMART versions prior to 2026 R1 contain hardcoded static AES encryption keys within Veramark.Framework.dll Veramark.Core.Config class. These keys are used to encrypt the password of the service account stored in C:\\VeraSMART Data\\app.settings. An attacker with local access to the...

8.5CVSS5.6AI score0.00087EPSS
Exploits0References1
NVD
NVD
added 2026/02/14 3:16 p.m.10 views

CVE-2026-23114

In the Linux kernel, the following vulnerability has been resolved: arm64/fpsimd: ptrace: Fix SVE writes on !SME systems When SVE is supported but SME is not supported, a ptrace write to the NTARMSVE regset can place the tracee into an invalid state where non-streaming SVE register data is stored...

5.5CVSS0.001EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/02/14 3:9 p.m.29 views

CVE-2026-23114 arm64/fpsimd: ptrace: Fix SVE writes on !SME systems

In the Linux kernel, the following vulnerability has been resolved: arm64/fpsimd: ptrace: Fix SVE writes on !SME systems When SVE is supported but SME is not supported, a ptrace write to the NTARMSVE regset can place the tracee into an invalid state where non-streaming SVE register data is stored...

0.001EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/02/14 3:9 p.m.5 views

CVE-2026-23114

In the Linux kernel, the following vulnerability has been resolved: arm64/fpsimd: ptrace: Fix SVE writes on !SME systems When SVE is supported but SME is not supported, a ptrace write to the NTARMSVE regset can place the tracee into an invalid state where non-streaming SVE register data is stored...

5.3AI score0.001EPSS
Exploits0References3Affected Software1
RedhatCVE
RedhatCVE
added 2026/02/14 1:27 a.m.7 views

CVE-2026-25922

authentik is an open-source identity provider. Prior to 2025.8.6, 2025.10.4, and 2025.12.4, when using a SAML Source that has the option Verify Assertion Signature under Verification Certificate enabled and not Verify Response Signature, or does not have the Encryption Certificate setting under...

8.8CVSS5.5AI score0.00166EPSS
Exploits0References1
NVD
NVD
added 2026/02/13 9:16 p.m.4 views

CVE-2026-26334

Calero VeraSMART versions prior to 2026 R1 contain hardcoded static AES encryption keys within Veramark.Framework.dll Veramark.Core.Config class. These keys are used to encrypt the password of the service account stored in C:\VeraSMART Data\app.settings. An attacker with local access to the...

8.5CVSS0.00087EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/02/13 8:55 p.m.10 views

rPGP's integrity protection of encrypted data was not always checked

Summary For some messages, rPGP returned incorrectly decrypted data without signaling that integrity protection was invalid. Details When decrypting SEIPD Symmetrically Encrypted and Integrity Protected Data Packet, rPGP previously did not under all circumstances report the absence of valid...

5.5AI score
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/02/13 8:53 p.m.3 views

CVE-2026-26334

Calero VeraSMART versions prior to 2026 R1 contain hardcoded static AES encryption keys within Veramark.Framework.dll Veramark.Core.Config class. These keys are used to encrypt the password of the service account stored in C:\VeraSMART Data\app.settings. An attacker with local access to the...

8.5CVSS5.6AI score0.00087EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/02/13 8:53 p.m.22 views

CVE-2026-26334 Calero VeraSMART < 2026 R1 Hardcoded Static AES Keys Allow Decryption of Service Credentials

Calero VeraSMART versions prior to 2026 R1 contain hardcoded static AES encryption keys within Veramark.Framework.dll Veramark.Core.Config class. These keys are used to encrypt the password of the service account stored in C:\VeraSMART Data\app.settings. An attacker with local access to the...

8.5CVSS0.00087EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/02/13 8:53 p.m.6 views

CVE-2026-26334 Calero VeraSMART < 2026 R1 Hardcoded Static AES Keys Allow Decryption of Service Credentials

Calero VeraSMART versions prior to 2026 R1 contain hardcoded static AES encryption keys within Veramark.Framework.dll Veramark.Core.Config class. These keys are used to encrypt the password of the service account stored in C:\VeraSMART Data\app.settings. An attacker with local access to the...

8.5CVSS5.6AI score0.00087EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/02/13 12:0 a.m.6 views

Calero VeraSMART 信任管理问题漏洞

Calero VeraSMART is a telephone billing software developed by the American company Calero. Versions of Calero VeraSMART prior to 2026 R1 contained a trust management vulnerability. This vulnerability stemmed from the hardcoded static AES encryption key contained in the Veramark.Framework.dll, whi...

8.5CVSS5.8AI score0.00087EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/02/13 12:0 a.m.5 views

PT-2026-8031

Name of the Vulnerable Software and Affected Versions Calero VeraSMART versions prior to 2026 R1 Description The software contains hardcoded static AES encryption keys within the Veramark.Framework.dll module, specifically in the Veramark.Core.Config class. These keys are used to encrypt the...

8.5CVSS5.5AI score0.00087EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/02/13 12:0 a.m.5 views

RHEL 8 : kernel (RHSA-2026:2664)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:2664 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: cifs: fix oops during encrypti...

5.5CVSS7.9AI score0.00211EPSS
Exploits0References23
CNNVD
CNNVD
added 2026/02/13 12:0 a.m.8 views

MetaCPAN WWW::OAuth 安全漏洞

MetaCPAN WWW::OAuth is a Perl authentication library developed by the MetaCPAN Foundation. Versions of MetaCPAN WWW::OAuth 1.000 and earlier contained a security vulnerability. This vulnerability stemmed from using the rand function as the default entropy source for encryption functions, which is...

7.3CVSS5.8AI score0.00255EPSS
Exploits0References4
Debian
Debian
added 2026/02/12 7:46 p.m.10 views

[SECURITY] [DSA 6131-1] nginx security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6131-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff February 12, 2026 https://www.debian.org/security/faq -...

8.2CVSS5.5AI score0.00339EPSS
Exploits0
Cvelist
Cvelist
added 2026/02/12 7:38 p.m.32 views

CVE-2026-25922 authentik has a Signature Verification Bypass via SAML Assertion Wrapping

authentik is an open-source identity provider. Prior to 2025.8.6, 2025.10.4, and 2025.12.4, when using a SAML Source that has the option Verify Assertion Signature under Verification Certificate enabled and not Verify Response Signature, or does not have the Encryption Certificate setting under...

8.8CVSS0.00166EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/02/12 7:38 p.m.5 views

CVE-2026-25922 authentik has a Signature Verification Bypass via SAML Assertion Wrapping

authentik is an open-source identity provider. Prior to 2025.8.6, 2025.10.4, and 2025.12.4, when using a SAML Source that has the option Verify Assertion Signature under Verification Certificate enabled and not Verify Response Signature, or does not have the Encryption Certificate setting under...

8.8CVSS5.6AI score0.00166EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/02/12 7:38 p.m.4 views

CVE-2026-25922

authentik is an open-source identity provider. Prior to 2025.8.6, 2025.10.4, and 2025.12.4, when using a SAML Source that has the option Verify Assertion Signature under Verification Certificate enabled and not Verify Response Signature, or does not have the Encryption Certificate setting under...

8.8CVSS5.4AI score0.00166EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2026/02/12 7:38 p.m.28 views

CVE-2026-25922

The vulnerability CVE-2026-25922 affects authentik (open-source identity provider) prior to versions 2025.8.6, 2025.10.4, and 2025.12.4. When a SAML Source has Verify Assertion Signature enabled and not Verify Response Signature, or when Encryption Certificate is not configured under Advanced Pro...

8.8CVSS5.4AI score0.00166EPSS
Exploits0References4Affected Software1
RedHat Linux
RedHat Linux
added 2026/02/12 3:15 p.m.5 views

kernel: cifs: fix oops during encryption

An out-of-bounds memory access vulnerability exists in the linux kernel, such that A stack-allocated buffer backed by vmalloc was passed into crypto code scatterwalkmapandcopy → memcpy where a cross-page write occurred. This ended up hitting a read-only mapping, causing a page-level fault and...

5.5CVSS7.5AI score0.00096EPSS
Exploits0References5
Rows per page
Query Builder