CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

19 matches found

OSV•added 2026/04/14 1:10 p.m.•0 views

JLSEC-2026-114 Deno node:crypto doesn't finalize cipher

Summary The vulnerability allows an attacker to have infinite encryptions. This can lead to naive attempts at brute forcing, as well as more refined attacks with the goal to learn the server secrets. PoC js import crypto from "node:crypto"; const key = crypto.randomBytes32; const iv =...

9.2CVSS5.8AI score0.0001EPSS

Exploits1References4

SUSE CVE•added 2026/01/17 12:24 a.m.•1 views

SUSE CVE-2026-22863

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Before 2.6.0, node:crypto doesn't finalize cipher. The vulnerability allows an attacker to have infinite encryptions. This can lead to naive attempts at brute forcing, as well as more refined attacks with the goal to learn the server...

9.2CVSS6.9AI score0.0001EPSS

Exploits1References3

RedhatCVE•added 2026/01/16 11:31 p.m.•2 views

CVE-2026-22863

9.2CVSS6.8AI score0.0001EPSS

Exploits1References1

Github Security Blog•added 2026/01/16 3:49 p.m.•7 views

Deno node:crypto doesn't finalize cipher

9.2CVSS7AI score0.0001EPSS

Exploits1References4Affected Software1

OSV•added 2026/01/16 3:49 p.m.•6 views

GHSA-5379-F5HF-W38V Deno node:crypto doesn't finalize cipher

9.2CVSS6.8AI score0.0001EPSS

Exploits1References4

NVD•added 2026/01/15 11:15 p.m.•4 views

CVE-2026-22863

9.2CVSS0.0001EPSS

Exploits1References2

Cvelist•added 2026/01/15 10:53 p.m.•21 views

CVE-2026-22863 Deno node:crypto doesn't finalize cipher

9.2CVSS0.0001EPSS

Exploits1References2

CVE•added 2026/01/15 10:53 p.m.•11 views

CVE-2026-22863

Deno before 2.6.0 is affected: node:crypto does not finalize the cipher, enabling an attacker to generate an unlimited number of encryptions and potentially mount brute‑force/secret‑learning attempts. The issue impacts cryptographic operations that could reveal server secrets; exploitation is des...

9.2CVSS6.5AI score0.0001EPSS

Exploits1References2Affected Software1

ATTACKERKB•added 2026/01/15 10:53 p.m.•2 views

CVE-2026-22863

9.2CVSS5.6AI score0.0001EPSS

Exploits1References3Affected Software1

AlpineLinux•added 2026/01/15 10:53 p.m.•4 views

CVE-2026-22863

9.2CVSS6.9AI score0.0001EPSS

Exploits1References2

OSV•added 2026/01/15 10:53 p.m.•3 views

CVE-2026-22863 Deno node:crypto doesn't finalize cipher

9.2CVSS6.7AI score0.0001EPSS

Exploits1References4

Vulnrichment•added 2026/01/15 10:53 p.m.•1 views

CVE-2026-22863 Deno node:crypto doesn't finalize cipher

9.2CVSS6.5AI score0.0001EPSS

Exploits1References2

Positive Technologies•added 2026/01/15 12:0 a.m.•2 views

PT-2026-3145

Name of the Vulnerable Software and Affected Versions Deno versions prior to 2.6.0 Description Deno is a JavaScript, TypeScript, and WebAssembly runtime. A flaw in the node:crypto polyfill allows cryptographic handles to persist beyond their intended lifespan. This results in the possibility of...

9.2CVSS5.3AI score0.0001EPSS

Exploits1References16

RedHat Linux•added 2025/05/13 1:53 p.m.•1 views

go-jose: Go JOSE's Parsing Vulnerable to Denial of Service

A flaw was found in GO-JOSE. In affected versions, when parsing compact JWS or JWE input, Go JOSE could use excessive memory. The code uses strings.Splittoken, "." to split JWT tokens, which is vulnerable to excessive memory consumption when processing maliciously crafted tokens with a large numb...

8.7CVSS6.8AI score0.00101EPSS

Exploits0References7

Talos Blog•added 2023/03/17 7:52 p.m.•24 views

Threat Roundup for March 10 to March 17

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between March 10 and March 17. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral...

7.1AI score

Exploits0

ThreatPost•added 2018/10/23 4:0 p.m.•568 views

StrongPity APT Changes Tactics to Stay Stealthy

The APT group behind the sophisticated malware known as StrongPity a.k.a. Promethium has changed its tactics, after various research groups analyzed the malware and exposed its methods of deployment. The efforts have allowed the group to return to hidden status, even after being labeled a known...

7.2AI score

Exploits0References6

Kitploit•added 2017/08/23 9:41 p.m.•56 views

Posh-SSH - PowerShell Module for automating tasks on remote systems using SSH

Windows Powershell module that leverages a custom version of the SSH.NET Library http://sshnet.codeplex.com/ to provide basic SSH functionality in Powershell. The main purpose of the module is to facilitate automating actions against one or multiple SSH enabled servers. This module is for Windows...

7.7AI score

Exploits0References1

Vulnerability Lab•added 2011/06/11 12:0 a.m.•10 views

Basic Codebreaking Lesson - Number, ENIGMA, ROT13

Document Title: =============== Basic Codebreaking Lesson - Number, ENIGMA, ROT13 References: =========== Download: http://www.vulnerability-lab.com/resources/videos/13.wmv View: http://www.youtube.com/watch?v=jOsYWvWTBA Release Date: ============= 2011-06-11 Vulnerability Laboratory ID VL-ID:...

7.4AI score

Exploits0

OSV•added 2009/08/31 8:30 p.m.•6 views

CVE-2009-3026

protocols/jabber/auth.c in libpurple in Pidgin 2.6.0, and possibly other versions, does not follow the "require TLS/SSL" preference when connecting to older Jabber servers that do not follow the XMPP specification, which causes libpurple to connect to the server without the expected encryption an...

6.5AI score

Exploits0References9

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by