CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

370 matches found

CVE-2026-8720

CVE-2026-8720 affects wolfSSL’s HMAC-BLAKE2 APIs introduced in version 5.9.0. When the input key length exceeds the BLAKE2 block size, the implementation reinitializes the running hash state in the key-hashing branch, discarding accumulated message data. As a result, the produced MAC may become i...

5.9CVSS5.9AI score

Exploits0References2

ATTACKERKB•added 4 hours ago•3 views

CVE-2026-12340

Out-of-bounds heap read during SM2/SM3 certificate signature verification. When parsing a certificate with an SM3wSM2 signature, the Subject Key Identifier computation reads the trailing 65 bytes of the public key without checking that the key is at least that long. A public key shorter than 65...

6.3CVSS5.8AI score

Exploits0References3Affected Software1

AstraLinux•added 6 days ago•4 views

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: virtionet: Added a check for hashkeylength. A check for hashkeylength was added in virtnetprobe to avoid possible out-of-bounds errors when setting/read the hash key...

7.1CVSS6.2AI score0.00236EPSS

Exploits0References2

AstraLinux•added 6 days ago•5 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: libceph: Defined and enforced the CEPHMAXKEYLEN. When decoding the key, verify that the key material fits into a fixed-size buffer in processauthdone, and that its length is reasonable. The new CEPHMAXKEYLEN check replaces the...

9.8CVSS5.8AI score0.00502EPSS

Exploits0References1

AstraLinux•added 6 days ago•8 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: Staging: ks7010 – potential buffer overflow in kswlansetencodeext. “exc-keylen” is a u16 value provided by the user. If this value exceeds IWENCODINGTOKENMAX 64, it could lead to memory corruption...

7.8CVSS5.6AI score0.00166EPSS

Exploits0References2

Tenable Nessus•added 2026/06/08 12:0 a.m.•7 views

Amazon Linux 2023 : containerd, containerd-stress (ALAS2023-2026-1784)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1784 advisory. An authenticated SSH client that repeatedly opened channels which were rejected by the server caused unbounded memory growth, eventually crashing the server process and affecting all connected...

10CVSS7AI score0.00466EPSS

Exploits0References28

Microsoft CVE•added 2026/05/29 8:6 a.m.•8 views

RDMA/mana: Validate rx_hash_key_len

...

7.8CVSS5.4AI score0.00138EPSS

Exploits0

NVD•added 2026/05/28 10:16 a.m.•11 views

CVE-2026-46145

In the Linux kernel, the following vulnerability has been resolved: RDMA/mana: Validate rxhashkeylen Sashiko points out that rxhashkeylen comes from a uAPI structure and is blindly passed to memcpy, allowing the userspace to trash kernel memory. Bounds check it so the memcpy cannot overflow...

7.8CVSS0.00138EPSS

Exploits0References5

OSV•added 2026/05/28 10:16 a.m.•4 views

UBUNTU-CVE-2026-46145

7.8CVSS5.8AI score0.00138EPSS

Exploits0References8

Cvelist•added 2026/05/28 9:36 a.m.•32 views

CVE-2026-46145 RDMA/mana: Validate rx_hash_key_len

7.8CVSS0.00138EPSS

Exploits0References5

Debian CVE•added 2026/05/28 9:36 a.m.•8 views

CVE-2026-46145

7.8CVSS5.8AI score0.00138EPSS

Exploits0

AstraLinux•added 2026/05/20 5:53 a.m.•6 views

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: rxrpc: Fixed the issue of loading RxGK tokens to check bounds. The rxrpcpreparsexdryfsrxgk function reads the raw key length and ticket length from the XDR token as u32 values. It rounds each value up by 4 before using the...

7.8CVSS5.7AI score0.0014EPSS

Exploits0References1

Snyk•added 2026/05/18 5:24 p.m.•8 views

Improper Authentication

Overview Affected versions of this package are vulnerable to Improper Authentication in the signing and verification logic before applying JWT.decode. An attacker can forge valid JWTs by supplying a crafted token that passes signature verification due to the acceptance of empty keys. Note: This i...

8.2CVSS5.8AI score0.00018EPSS

Exploits0References3

SUSE CVE•added 2026/05/13 3:35 a.m.•7 views

SUSE CVE-2026-43304

In the Linux kernel, the following vulnerability has been resolved: libceph: define and enforce CEPHMAXKEYLEN When decoding the key, verify that the key material would fit into a fixed-size buffer in processauthdone and generally has a sane length. The new CEPHMAXKEYLEN check replaces the existin...

9.8CVSS5.8AI score0.00502EPSS

Exploits0References3

EUVD•added 2026/05/08 3:31 p.m.•9 views

EUVD-2026-28574

5.8AI score0.00502EPSS

Exploits0References8

NVD•added 2026/05/08 2:16 p.m.•7 views

CVE-2026-43304

9.8CVSS0.00502EPSS

Exploits0References7

UbuntuCve•added 2026/05/08 2:16 p.m.•7 views

CVE-2026-43304

9.8CVSS5.8AI score0.00502EPSS

Exploits0References9

OSV•added 2026/05/08 2:16 p.m.•9 views

UBUNTU-CVE-2026-43304

9.8CVSS5.8AI score0.00502EPSS

Exploits0References10

Cvelist•added 2026/05/08 1:11 p.m.•27 views

CVE-2026-43304 libceph: define and enforce CEPH_MAX_KEY_LEN

9.8CVSS0.00502EPSS

Exploits0References7

CVE•added 2026/05/08 1:11 p.m.•28 views

CVE-2026-43304

CVE-2026-43304 affects the Linux kernel libceph component. The flaw arises when decoding key material in process_auth_done(), where the code failed to enforce an upper bound on key length. The fix defines and enforces CEPH_MAX_KEY_LEN and clamps key material to a fixed-size buffer, addressing a v...

9.8CVSS5.8AI score0.00502EPSS

Exploits0References7Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by