CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

273 matches found

Vulnrichment•added 2026/03/20 5:25 a.m.•2 views

CVE-2026-33037 WWBN AVideo has predictable default admin credentials in official Docker deployment path

WWBN AVideo is an open source video platform. In versions 25.0 and below, the official Docker deployment files docker-compose.yml, env.example ship with the admin password set to "password", which is automatically used to seed the admin account during installation, meaning any instance deployed...

8.1CVSS6.5AI score0.00192EPSS

Exploits1References2

NVD•added 2026/03/05 10:16 p.m.•4 views

CVE-2026-28479

OpenClaw versions prior to 2026.2.15 use SHA-1 to hash sandbox identifier cache keys for Docker and browser sandbox configurations, which is deprecated and vulnerable to collision attacks. An attacker can exploit SHA-1 collisions to cause cache poisoning, allowing one sandbox configuration to be...

9.1CVSS0.00019EPSS

Exploits0References3

SUSE Linux•added 2026/03/05 3:17 p.m.•6 views

Security update for gnutls

This update for gnutls fixes the following issues: Security issue: CVE-2025-14831: excessive resource consumption when verifying specially crafted malicious certificates containing a large number of name constraints and subject alternative names bsc1257960. Other updates and bugfixes: update...

6.9CVSS5.9AI score0.00059EPSS

Exploits1References10

OSV•added 2026/02/19 7:41 p.m.•4 views

GHSA-FH3F-Q9QW-93J9 OpenClaw replaced a deprecated sandbox hash algorithm

Affected Packages / Versions - npm package: openclaw - Affected versions: = 2026.2.14 - Fixed version pre-set: 2026.2.15 Description The sandbox identifier cache key for Docker/browser sandbox configuration used SHA-1 to hash normalized configuration payloads. SHA-1 is deprecated for cryptographi...

8.7CVSS5.7AI score0.00019EPSS

Exploits0References6

Github Security Blog•added 2026/02/19 7:41 p.m.•5 views

OpenClaw replaced a deprecated sandbox hash algorithm

9.1CVSS5.7AI score0.00019EPSS

Exploits0References6Affected Software1

OSV•added 2026/02/17 6:9 p.m.•1 views

GO-2026-4434 EVE Seals Vault Key With SHA1 PCRs in github.com/lf-edge/eve

EVE Seals Vault Key With SHA1 PCRs in github.com/lf-edge/eve...

8.8CVSS5.4AI score0.00014EPSS

Exploits0References4

OSV•added 2026/02/04 8:43 p.m.•2 views

GHSA-PHCG-H58R-GMCQ EVE Doesn't Measure Config Partition From 2 Fronts

Impact PCR14 is not included in the list of PCRs that seal/unseal the vault key. Additionally, the vault key uses SHA1 PCRs instead of SHA256. Thus an attacker with physical access can take out the disk, use a different computer to modify the files in the /config partition, and re-insert the disk...

5.2CVSS5.5AI score0.00011EPSS

Exploits0References7

Packet Storm News•added 2026/01/29 12:0 a.m.•3 views

Libgcrypt 1.12.0

Libgcrypt is a general-purpose cryptographic library based on the code from GnuPG. It provides functions for all cryptographic building blocks: symmetric ciphers AES, DES, Blowfish, CAST5, Twofish, and Arcfour, hash algorithms MD4, MD5, RIPE-MD160, SHA-1, and TIGER-192, MACs HMAC for all hash...

6AI score

Exploits0

Tenable Nessus•added 2026/01/16 12:0 a.m.•3 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001027)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001027 advisory. The crypto API in the Linux kernel through 3.9-rc8 does not initialize certain length variables, which allows local users to obtain sensitive information from kernel...

4.9CVSS6.5AI score0.00078EPSS

Exploits0References10

OSV•added 2026/01/13 7:26 p.m.•1 views

CVE-2025-68702 Jervis has a SHA-256 Hex String Padding Bug

Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, Jervis uses padLeft32, '0' when it should use padLeft64, '0' because SHA-256 produces 32 bytes which equates to 64 hex characters. This vulnerability is fixed in 2.2...

8.7CVSS6.8AI score0.00023EPSS

Exploits0References4

Tenable Nessus•added 2026/01/13 12:0 a.m.•2 views

MiracleLinux 8 : kernel-4.18.0-553.66.1.el8_10 (AXSA:2025-10755:54)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-10755:54 advisory. kernel: HID: intel-ish-hid: Fix use-after-free issue in ishtphidremove CVE-2025-21928 kernel: memstick: rtsxusbms: Fix slab-use-after-free in...

7.8CVSS6.9AI score0.00082EPSS

Exploits0References7

Positive Technologies•added 2025/12/10 12:0 a.m.•2 views

PT-2025-50524

Screen SFT DAB 1.9.3 contains an authentication bypass vulnerability that allows attackers to change the admin password without providing the current credentials. Attackers can exploit the userManager.cgx endpoint by sending a crafted JSON request with a new MD5-hashed password to directly modify...

8.6CVSS7.2AI score0.00439EPSS

Exploits1References8

Github Security Blog•added 2025/12/04 5:24 p.m.•5 views

libcrux incorrectly calculates on aarch64

On platforms without the core::arch::aarch64::vxarqu64 intrinsic, an unverified fallback in libcrux-intrinsics v0.0.3 passed incorrect arguments and produced wrong results. This corrupted SHA-3 digests and caused libcrux-ml-kem and libcrux-ml-dsa to sample incorrectly, yielding incorrect shared...

7AI score

Exploits0References5Affected Software3