Lucene search
K

19620 matches found

CVE
CVE
added yesterday6 views

CVE-2026-42546

OP-TEE (Trusted Execution Environment for Arm TrustZone) prior to version 4.11.0 contains a resource leak in the shared memory cleanup path. Specifically, cleanup_shm_refs() in core/tee/entry_std.c fails to apply the OPTEE_MSG_ATTR_TYPE_MASK to parameter attributes when processing non-contiguous ...

3.8CVSS6AI score
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added yesterday4 views

CVE-2026-41516

OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 4.5.0 and prior to version 4.11.0, the RSA PKCS1 v1.5 decryption implementation in the Hisilicon HPRE crypto driver...

2.5CVSS6AI score
Exploits1References2Affected Software1
CVE
CVE
added yesterday5 views

CVE-2026-41516

OP-TEE (Trusted Execution Environment for Arm Cortex-A TrustZone) contains a vulnerability in the Hisilicon HPRE PKCS#1 v1.5 RSA decryption path. From version 4.5.0 up to, but not including, 4.11.0, the RSA PKCS#1 v1.5 decryption implementation uses non-constant-time memcmp() for label hash verif...

3.3CVSS6AI score
Exploits1References1Affected Software1
ATTACKERKB
ATTACKERKB
added yesterday3 views

CVE-2026-41515

OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 3.9.0 and prior to version 4.11.0, the RSA-OAEP decryption implementation in the NXP CAAM crypto driver uses...

2.5CVSS6AI score
Exploits0References2Affected Software1
CVE
CVE
added yesterday7 views

CVE-2026-41515

OP-TEE (Trusted Execution Environment for Arm Cortex-A TrustZone) has a vulnerability in the RSA-OAEP decryption path within the NXP CAAM crypto driver. From version 3.9.0 up to, but not including, 4.11.0, the driver uses non-constant-time memcmp() for label hash verification, exposing a Manger-s...

3.3CVSS6AI score
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added yesterday3 views

CVE-2026-41514

OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 4.5.0 and prior to version 4.11.0, the RSA-OAEP decryption implementation in the Hisilicon HPRE crypto driver uses...

2.5CVSS6AI score
Exploits0References2Affected Software1
Cvelist
Cvelist
added yesterday27 views

CVE-2026-41514 OP-TEE: RSA-OAEP padding oracle in Hisilicon HPRE driver enables plaintext recovery

OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 4.5.0 and prior to version 4.11.0, the RSA-OAEP decryption implementation in the Hisilicon HPRE crypto driver uses...

2.5CVSS
Exploits0References1
Debian CVE
Debian CVE
added yesterday4 views

CVE-2026-41514

OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 4.5.0 and prior to version 4.11.0, the RSA-OAEP decryption implementation in the Hisilicon HPRE crypto driver uses...

2.5CVSS6AI score
Exploits0
NVD
NVD
added yesterday6 views

CVE-2026-41434

OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 3.10.0 and prior to version 4.11.0, an unbounded recursion can crash the PKCS11 TA. Version 4.11.0 contains a patch. ...

3.3CVSS
Exploits0References1
Cvelist
Cvelist
added yesterday28 views

CVE-2026-41434 OP-TEE has unbounded recursion in sanitize_client_object()

OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 3.10.0 and prior to version 4.11.0, an unbounded recursion can crash the PKCS11 TA. Version 4.11.0 contains a patch. ...

3.3CVSS
Exploits0References1
Debian CVE
Debian CVE
added yesterday4 views

CVE-2026-41434

OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 3.10.0 and prior to version 4.11.0, an unbounded recursion can crash the PKCS11 TA. Version 4.11.0 contains a patch. ...

3.3CVSS6AI score
Exploits0
Cvelist
Cvelist
added yesterday33 views

CVE-2026-40257 OP-TEE has SHA-3 accelerated finalize heap overflow

OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 3.21.0 and prior to version 4.11.0, the ARM Crypto Extensions accelerated SHA-3 implementation has an off-by-one erro...

5.5CVSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added yesterday5 views

CVE-2026-40257

OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 3.21.0 and prior to version 4.11.0, the ARM Crypto Extensions accelerated SHA-3 implementation has an off-by-one erro...

5.5CVSS6AI score
Exploits0References2Affected Software1
Cvelist
Cvelist
added yesterday32 views

CVE-2026-59195 pnpm: Path traversal in configDependencies env lockfile allows symlink creation outside node_modules/.pnpm-config

pnpm is a package manager. Prior to 10.34.4 and 11.8.0, pnpm accepts package names from the env lockfile configDependencies section and uses those names directly when creating config dependency symlinks under nodemodules/.pnpm-config. A malicious repository can commit a crafted pnpm-lock.yaml who...

8.2CVSS
Exploits1References1
RedhatCVE
RedhatCVE
added yesterday4 views

CVE-2026-55180

A flaw was found in pnpm and pacquet. A malicious repository could exploit this vulnerability by crafting specific .npmrc or pnpm-workspace.yaml files. When these package managers process these files, they improperly expand environment variable placeholders, leading to the disclosure of sensitive...

6.5CVSS5.8AI score0.00212EPSS
Exploits1References4
NVD
NVD
added yesterday7 views

CVE-2026-55994

Improper Input Validation, Exposure of Sensitive Information to an Unauthorized Actor, Server-Side Request Forgery SSRF vulnerability in Apache Camel in Iggy component. The camel-iggy consumer mapped the user-headers of inbound Iggy messages into the Camel Exchange header map without applying any...

7.5CVSS0.00152EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added yesterday4 views

CVE-2026-55994

Improper Input Validation, Exposure of Sensitive Information to an Unauthorized Actor, Server-Side Request Forgery SSRF vulnerability in Apache Camel in Iggy component. The camel-iggy consumer mapped the user-headers of inbound Iggy messages into the Camel Exchange header map without applying any...

6AI score0.00152EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added yesterday5 views

EUVD-2026-41850

Improper Input Validation, Exposure of Sensitive Information to an Unauthorized Actor, Server-Side Request Forgery SSRF vulnerability in Apache Camel in Iggy component. The camel-iggy consumer mapped the user-headers of inbound Iggy messages into the Camel Exchange header map without applying any...

7.5CVSS6AI score0.00152EPSS
Exploits0References1
EUVD
EUVD
added yesterday7 views

EUVD-2026-41837

Improper Input Validation, Exposure of Sensitive Information to an Unauthorized Actor, Server-Side Request Forgery SSRF vulnerability in Apache Camel in Vertx Websocket component. The camel-vertx-websocket consumer mapped inbound WebSocket query and path parameters into the Camel Exchange header...

7.5CVSS6AI score0.0024EPSS
Exploits0References1
CVE
CVE
added yesterday7 views

CVE-2026-46726

Apache Camel Vertx Websocket: the inbound WebSocket consumer maps external query/path parameters into the Exchange header map without HeaderFilterStrategy, enabling injection of Camel headers (e.g., CamelHttpUri) and potential server-side request forgery (SSRF) to attacker-controlled URIs. The HT...

7.5CVSS6AI score0.0024EPSS
Exploits0References2
Rows per page
Query Builder