CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

56136 matches found

vulnersOsv•added 2026/04/15 10:13 a.m.•4 views

org.bouncycastle:bcmail-debug-jdk14 (>=1.81 <=1.83) potentially affected by CVE-2026-5588 via org.bouncycastle:bcpkix-debug-jdk14 (>=1.81 <=1.83)

org.bouncycastle:bcpkix-debug-jdk14 MAVEN version =1.81, =1.81, =1.83 Source cves: CVE-2026-5588 Source advisory: SNYK:JAVA-ORGBOUNCYCASTLE-16075255...

6.3CVSS5.8AI score0.00013EPSS

Exploits0

Snyk•added 2026/04/15 10:13 a.m.•4 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the AEADEncDataPacket parser in AEADEncDataPacket.java. An attacker can crash packet parsing by supplying an AEAD-encrypted OpenPGP packet with an out-of-range chunk size valu...

8.7CVSS5.7AI score0.00019EPSS

Exploits0References2

Vulnrichment•added 2026/04/15 9:6 a.m.•0 views

CVE-2026-3505 Unbounded PGP AEAD chunk size leads to pre-auth resource exhaustion.

Allocation of resources without limits or throttling, Uncontrolled Resource Consumption vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcpg on all pg modules. This vulnerability is associated with program files AEADEncDataPacket.Java, BcAEADUtil.Java, JceAEADUtil.Java,...

8.7CVSS5.8AI score0.00019EPSS

Exploits0References2

Cvelist•added 2026/04/15 9:6 a.m.•27 views

CVE-2026-3505 Unbounded PGP AEAD chunk size leads to pre-auth resource exhaustion.

8.7CVSS0.00019EPSS

Exploits0References2

Debian CVE•added 2026/04/15 9:6 a.m.•5 views

CVE-2026-3505

8.7CVSS5.8AI score0.00019EPSS

Exploits0

ATTACKERKB•added 2026/04/15 9:6 a.m.•3 views

CVE-2026-3505

8.7CVSS5.8AI score0.00019EPSS

Exploits0References3Affected Software1

CVE•added 2026/04/15 9:6 a.m.•16 views

CVE-2026-3505

CVE-2026-3505 describes an Uncontrolled Resource Consumption vulnerability in Legion of the Bouncy Castle BC-JAVA bcpg modules. The issue affects the BC-JAVA package (all pg modules) and is tied to specific code paths including AEADEncDataPacket.java, BcAEADUtil.java, JceAEADUtil.java, and Operat...

8.7CVSS5.8AI score0.00019EPSS

Exploits0References2

ATTACKERKB•added 2026/04/15 9:6 a.m.•0 views

CVE-2026-5588

Use of a Broken or Risky Cryptographic Algorithm vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcpkix on all pkix modules, Legion of the Bouncy Castle Inc. BCPKIX-FIPS bcpkix on All pkix modules, Legion of the Bouncy Castle Inc. BCPIX-LTS bcpkix on All pkix modules. This vulnerability...

6.3CVSS5.8AI score0.00013EPSS

Exploits0References3Affected Software3

CVE•added 2026/04/15 9:6 a.m.•30 views

CVE-2026-5588

CVE-2026-5588 is a PKIX validation flaw in the Bouncy Castle libraries (BC-JAVA, BCPKIX-FIPS, BCPIX-LTS) where CompositeVerifier could accept an empty signature sequence. Affects BC-JAVA 1.67–1.83 (fixed in 1.84); BCPKIX-FIPS 2.0.6–2.0.10 (fixed in 2.0.11) and 2.1.7–2.1.10 (fixed in 2.1.11); BCPI...

6.3CVSS5.8AI score0.00013EPSS

Exploits0References2

Vulnrichment•added 2026/04/15 9:6 a.m.•0 views

CVE-2026-5588 PKIX draft CompositeVerifier accepts empty signature sequence as valid.

6.3CVSS5.8AI score0.00013EPSS

Exploits0References2

Cvelist•added 2026/04/15 9:6 a.m.•27 views

CVE-2026-5588 PKIX draft CompositeVerifier accepts empty signature sequence as valid.

6.3CVSS0.00013EPSS

Exploits0References2

Debian CVE•added 2026/04/15 9:6 a.m.•5 views

CVE-2026-5588

6.3CVSS5.8AI score0.00013EPSS

Exploits0

Cvelist•added 2026/04/15 9:5 a.m.•24 views

CVE-2026-5598 Non-constant time comparisons risk private key leakage in FrodoKEM.

Covert timing channel vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA core on all core modules. This vulnerability is associated with program files FrodoEngine.Java. This issue affects BC-JAVA: from 1.71 before 1.80.2, from 1.81 before 1.80.1, from 1.82 before 1.84...

9.9CVSS0.00022EPSS

Exploits0References3

ATTACKERKB•added 2026/04/15 9:5 a.m.•1 views

CVE-2026-5598

9.9CVSS5.8AI score0.00022EPSS

Exploits0References5Affected Software1

Debian CVE•added 2026/04/15 9:5 a.m.•3 views

CVE-2026-5598

9.9CVSS5.8AI score0.00022EPSS

Exploits0

CVE•added 2026/04/15 9:5 a.m.•10 views

CVE-2026-5598

CVE-2026-5598 affects BC-JAVA (Legion of the BC) where non-constant time comparisons in FrodoKEM can create a covert timing channel that risks private-key leakage. Affected line: BC-JAVA from 2.17.3 before 1.84. The issue is rated as CRITICAL (CVSSv4-like metrics shown: NETWORK, LOW ATTACK, no us...

9.9CVSS5.8AI score0.00022EPSS

Exploits0References3

Vulnrichment•added 2026/04/15 9:5 a.m.•0 views

CVE-2026-5598 Non-constant time comparisons risk private key leakage in FrodoKEM.

9.9CVSS5.8AI score0.00022EPSS

Exploits0References3

Debian CVE•added 2026/04/15 8:59 a.m.•6 views

CVE-2026-0636

Improper neutralization of special elements used in an LDAP query 'LDAP injection' vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcprov on all prov modules. This vulnerability is associated with program files LDAPStoreHelper. This issue affects BC-JAVA: from 1.74 before 1.80.2, from...

6.9CVSS5.8AI score0.00022EPSS

Exploits0

CVE•added 2026/04/15 8:59 a.m.•14 views

CVE-2026-0636

CVE-2026-0636 affects BC-JAVA:bcprov libraries from Legion of the Bouncy Castle Inc. Affected versions are 1.49 up to but not including 1.84. The issue is an LDAP injection in LDAPStoreHelper.java caused by improper neutralization of special LDAP query elements. This results in a high-impact vuln...

6.9CVSS5.8AI score0.00022EPSS

Exploits0References2

Cvelist•added 2026/04/15 8:59 a.m.•24 views

CVE-2026-0636 LDAP Injection Vulnerability in LDAPStoreHelper.java

6.9CVSS0.00022EPSS

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by