CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

97 matches found

AstraLinux•added 2026/05/20 5:53 a.m.•5 views

Astra Linux - уязвимость в ceph

An authentication flaw was discovered in Ceph versions prior to 14.2.20. When the monitor processes CEPHXGETAUTHSESSIONKEY requests, it does not sanitize otherkeys, allowing for key reuse. An attacker who can request a globalid can exploit the ability of any user to request a globalid that has...

7.2CVSS6.6AI score0.00195EPSS

Exploits0References1

Cvelist•added 2026/04/21 11:38 p.m.•25 views

CVE-2026-41131 OpenFGA has Improper Policy Enforcement

OpenFGA is an authorization/permission engine built for developers. Prior to version 1.14.1, in specific scenarios, models using conditions with caching enabled can result in two different check requests producing the same cache key. This could result in OpenFGA reusing an earlier cached result f...

5CVSS0.00046EPSS

Exploits0References2

Snyk•added 2026/04/15 10:16 a.m.•1 views

Use of a Broken or Risky Cryptographic Algorithm

Overview Affected versions of this package are vulnerable to Use of a Broken or Risky Cryptographic Algorithm due to the generateCTR process in G3413CTRBlockCipher. An attacker can recover relationships between encrypted plaintext blocks by driving the cipher past its counter range and causing th...

9.3CVSS5.7AI score0.00004EPSS

Exploits0References2

GithubExploit•added 2026/04/07 4:37 a.m.•86 views

Exploit for CVE-2025-1242

CERT/CC VU653116 | CISA Advisory ICSA-26-055-03https:/...

9.3CVSS7.5AI score0.00086EPSS

Exploits2

OSV•added 2026/03/20 9:5 a.m.•0 views

BIT-CEPH-2021-20288

An authentication flaw was found in ceph in versions before 14.2.20. When the monitor handles CEPHXGETAUTHSESSIONKEY requests, it doesn't sanitize otherkeys, allowing key reuse. An attacker who can request a globalid can exploit the ability of any user to request a globalid previously associated...

7.2CVSS6.7AI score0.00195EPSS

Exploits0References7

RedhatCVE•added 2026/02/12 9:13 a.m.•4 views

CVE-2026-26014

A vulnerability has been identified in the Pion DTLS implementation where the use of random nonce generation with AES-GCM ciphers does not adhere to recommended cryptographic practices. Under certain conditions, this may allow remote attackers to more easily derive or reuse encryption...

5.9CVSS5.5AI score0.00059EPSS

Exploits0References7

RedhatCVE•added 2026/01/29 3:26 a.m.•5 views

CVE-2026-24785

Clatter is a nostd compatible, pure Rust implementation of the Noise protocol framework with post-quantum support. Versiosn prior to2.2.0 have a protocol compliance vulnerability. The library allowed post-quantum handshake patterns that violated the PSK validity rule Noise Protocol Framework...

9.3CVSS5.8AI score0.00014EPSS

Exploits0References1

CNNVD•added 2026/01/28 12:0 a.m.•4 views

Clatter encryption issue vulnerabilities

Clatter is a Rust library developed by Joni Lepistö. Versions of Clatter prior to 2.2.0 had an encryption-related vulnerability. This vulnerability stemmed from a handshake mode that allowed violations of PSK validity rules, potentially leading to key reuse...

9.3CVSS5.8AI score0.00014EPSS

Exploits0References3

Packet Storm News•added 2025/11/25 12:0 a.m.•1 views

Hey There! You Are Using WhatsApp: Enumerating Three Billion Accounts for Security and Privacy

WhatsApp, with 3.5 billion active accounts as of early 2025, is the world's largest instant messaging platform. Given its massive user base, WhatsApp plays a critical role in global communication. To initiate conversations, users must first discover whether their contacts are registered on the...

6.8AI score

Exploits0

NVD•added 2025/11/21 10:16 p.m.•2 views

CVE-2025-11935

With TLS 1.3 pre-shared key PSK a malicious or faulty server could ignore the request for PFS perfect forward secrecy and the client would continue on with the connection using PSK without PFS. This happened when a server responded to a ClientHello containing pskdheke without a keyshare...

7.5CVSS0.00013EPSS

Exploits0References2

Debian CVE•added 2025/11/21 10:4 p.m.•4 views

CVE-2025-11935

7.5CVSS5.4AI score0.00013EPSS

Exploits0

Veracode•added 2025/11/11 6:44 a.m.•4 views

Cache Poisoning

get-jwks is vulnerable to cache poisoning. The vulnerability is due to a design flaw where the iss issuer claim may be validated only after keys are retrieved from a shared JWKS cache, which allows an attacker to push a chosen public key into the cache with one crafted JWT and then reuse that...

9.4CVSS9AI score0.00063EPSS

Exploits0References2Affected Software1

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2006-2710

Malware in sbrugna...

5CVSS6.4AI score0.02731EPSS

Exploits0References7

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2018-17159

Malware in sbrugna...

5.9CVSS5.9AI score0.01072EPSS

Exploits1References7

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2021-27306

Malware in sbrugna...

10CVSS9.3AI score0.07643EPSS

Exploits0References2

CNNVD•added 2025/10/04 12:0 a.m.•2 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the blkcryptoevictkey function failing to unlink a key from the key slot management structure upon failure,...

5.6AI score0.00017EPSS

Exploits0References7

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2025-13235

Malicious code in bioql PyPI...

8.8CVSS6.3AI score0.01746EPSS

Exploits1References3

EUVD•added 2025/10/03 8:7 p.m.•4 views

EUVD-2023-30910

Malicious code in bioql PyPI...

4.6CVSS5.2AI score0.002EPSS

Exploits1References3