Lucene search
K

25567 matches found

Cvelist
Cvelist
added 2026/02/06 8:7 p.m.27 views

CVE-2026-25636 calibre has a Path Traversal Leading to Arbitrary File Corruption and Code Execution

calibre is an e-book manager. In 9.1.0 and earlier, a path traversal vulnerability in Calibre's EPUB conversion allows a malicious EPUB file to corrupt arbitrary existing files writable by the Calibre process. During conversion, Calibre resolves CipherReference URI from META-INF/encryption.xml to...

8.2CVSS0.00209EPSS
Exploits1References2
F5 Networks
F5 Networks
added 2026/02/06 8:5 p.m.11 views

K000159887: OpenSSL vulnerability CVE-2025-9230

Security Advisory Description Issue summary: An application trying to decrypt CMS messages encrypted using password based encryption can trigger an out-of-bounds read and write. Impact summary: This out-of-bounds read may trigger a crash which leads to Denial of Service for an application. The...

7.5CVSS5.6AI score0.01744EPSS
Exploits0Affected Software3
OSV
OSV
added 2026/02/06 3:57 p.m.4 views

OESA-2026-1311 openssl security update

OpenSSL is a robust, commercial-grade, and full-featured toolkit for the Transport Layer Security TLS and Secure Sockets Layer SSL protocols. Security Fixes: Issue summary: Parsing CMS AuthEnvelopedData message with maliciously crafted AEAD parameters can trigger a stack buffer overflow. Impact...

9.8CVSS6.4AI score0.47621EPSS
Exploits7References2
OSV
OSV
added 2026/02/06 3:57 p.m.7 views

OESA-2026-1310 openssl security update

OpenSSL is a robust, commercial-grade, and full-featured toolkit for the Transport Layer Security TLS and Secure Sockets Layer SSL protocols. Security Fixes: Issue summary: Parsing CMS AuthEnvelopedData message with maliciously crafted AEAD parameters can trigger a stack buffer overflow. Impact...

9.8CVSS6.4AI score0.47621EPSS
Exploits7References2
CNNVD
CNNVD
added 2026/02/06 12:0 a.m.6 views

Infor SyteLine ERP 安全漏洞

Infor SyteLine ERP is an enterprise resource planning platform developed by Infor Corporation in the United States. There is a security vulnerability in Infor SyteLine ERP, which stems from the use of hardcoded static encryption keys, potentially leading to the decryption of stored credentials...

7.8CVSS5.8AI score0.00097EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/02/05 9:14 p.m.7 views

CVE-2026-25815

Fortinet FortiOS through 7.6.6 allows attackers to decrypt LDAP credentials stored in device configuration files, as exploited in the wild from 2025-12-16 through 2026 by default, the encryption key is the same across all customers' installations. NOTE: the Supplier's position is that the instanc...

3.2CVSS5.4AI score0.00106EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/02/05 9:14 p.m.5 views

CVE-2026-25815

Fortinet FortiOS through 7.6.6 allows attackers to decrypt LDAP credentials stored in device configuration files, as exploited in the wild from 2025-12-16 through 2026 by default, the encryption key is the same across all customers' installations. NOTE: the Supplier's position is that the instanc...

3.2CVSS5.6AI score0.00106EPSS
Exploits0References2
CVE
CVE
added 2026/02/05 9:14 p.m.43 views

CVE-2026-25815

CVE-2026-25815 affects Fortinet FortiOS up to and including 7.6.6. The issue stems from an encryption weakness where the default LDAP encryption key is the same across all installations, enabling attackers to decrypt LDAP credentials stored in device configuration files. Exploitation was observed...

3.2CVSS5.4AI score0.00106EPSS
In wildExploits0References2
OSV
OSV
added 2026/02/05 5:16 p.m.4 views

CVE-2026-0714

A physical attack vulnerability exists in certain Moxa industrial computers using TPM-backed LUKS full-disk encryption on Moxa Industrial Linux 3, where the discrete TPM is connected to the CPU via an SPI bus. Exploitation requires invasive physical access, including opening the device and...

6.8CVSS5.8AI score0.00222EPSS
Exploits0References1
NVD
NVD
added 2026/02/05 5:16 p.m.7 views

CVE-2026-0714

A physical attack vulnerability exists in certain Moxa industrial computers using TPM-backed LUKS full-disk encryption on Moxa Industrial Linux 3, where the discrete TPM is connected to the CPU via an SPI bus. Exploitation requires invasive physical access, including opening the device and...

7CVSS0.00115EPSS
Exploits0References1
CVE
CVE
added 2026/02/05 4:58 p.m.21 views

CVE-2026-0714

CVE-2026-0714 (CISA/Red Hat context included) describes a physical-attack vulnerability in certain Moxa industrial computers running Moxa Industrial Linux 3 with TPM-backed LUKS full-disk encryption. The discrete TPM is connected to the CPU over an SPI bus. Exploitation requires invasive physical...

7CVSS5.3AI score0.00115EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/02/05 4:58 p.m.6 views

EUVD-2026-5533

A physical attack vulnerability exists in certain Moxa industrial computers using TPM-backed LUKS full-disk encryption on Moxa Industrial Linux 3, where the discrete TPM is connected to the CPU via an SPI bus. Exploitation requires invasive physical access, including opening the device and...

7CVSS5.3AI score0.00222EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/05 4:58 p.m.7 views

CVE-2026-0714

A physical attack vulnerability exists in certain Moxa industrial computers using TPM-backed LUKS full-disk encryption on Moxa Industrial Linux 3, where the discrete TPM is connected to the CPU via an SPI bus. Exploitation requires invasive physical access, including opening the device and...

7CVSS5.3AI score0.00222EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/05 4:58 p.m.5 views

CVE-2026-0714

A physical attack vulnerability exists in certain Moxa industrial computers using TPM-backed LUKS full-disk encryption on Moxa Industrial Linux 3, where the discrete TPM is connected to the CPU via an SPI bus. Exploitation requires invasive physical access, including opening the device and...

7CVSS5.3AI score0.00115EPSS
Exploits0References1
OSV
OSV
added 2026/02/05 12:0 p.m.6 views

RUSTSEC-2026-0071 Nonce Reuse in HPKE Context

The sequence number that is used to compute the AEAD nonce when using a re-usable HPKE context is incremented after each seal or open operation. This sequence number was stored as a u32 and used regular addition on u32 for the increment, meaning in release mode it would silently wrap around to 0...

9.3CVSS5.8AI score
Exploits0References3
RustSec
RustSec
added 2026/02/05 12:0 p.m.7 views

Nonce Reuse in HPKE Context

The sequence number that is used to compute the AEAD nonce when using a re-usable HPKE context is incremented after each seal or open operation. This sequence number was stored as a u32 and used regular addition on u32 for the increment, meaning in release mode it would silently wrap around to 0...

5.8AI score
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/05 12:0 a.m.8 views

PT-2026-6632

Name of the Vulnerable Software and Affected Versions Fortinet FortiOS versions through 7.6.6 Description Fortinet FortiOS through version 7.6.6 allows attackers to decrypt LDAP credentials stored in device configuration files. This issue was exploited in the wild between December 16, 2025, and...

3.2CVSS5.5AI score0.00106EPSS
Exploits0References9
Amazon
Amazon
added 2026/02/05 12:0 a.m.8 views

Medium: containerd

Issue Overview: net/http: memory exhaustion in Request.ParseForm CVE-2025-61726 archive/zip: denial of service when parsing arbitrary ZIP archives CVE-2025-61728 crypto/tls: handshake messages may be processed at the incorrect encryption level CVE-2025-61730 crypto/tls: Config.Clone copies...

10CVSS6.7AI score0.01945EPSS
Exploits2
Positive Technologies
Positive Technologies
added 2026/02/05 12:0 a.m.7 views

PT-2026-6598

Name of the Vulnerable Software and Affected Versions Moxa Industrial Linux 3 affected versions not specified Description A physical attack is possible on certain Moxa industrial computers utilizing TPM-backed LUKS full-disk encryption. The discrete TPM is connected to the CPU via an SPI bus...

7.2CVSS5.1AI score0.00115EPSS
Exploits0References24
CNNVD
CNNVD
added 2026/02/05 12:0 a.m.10 views

Moxa Industrial Linux 安全漏洞

Moxa Industrial Linux is an industrial-grade Linux system developed by Moxa Corporation in Taiwan, China. Moxa Industrial Linux has a security vulnerability, which stems from the physical attack vulnerability present in LUKS full-disk encryption supported by TPM. This vulnerability could lead to...

7CVSS5.8AI score0.00222EPSS
Exploits0References1
Rows per page
Query Builder