CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Certain crafted MIME email messages that claimed to contain an encrypted OpenPGP message, which instead contained an OpenPGP signed message, were wrongly shown as being encrypted. This vulnerability was fixed in Thunderbird 136 and Thunderbird 128.8...

7CVSS0.00146EPSS

Exploits0References3

Cvelist•added 2025/03/10 6:41 p.m.•11 views

CVE-2025-26696 Crafted email message incorrectly shown as being encrypted

0.00146EPSS

Exploits0References3

Debian CVE•added 2025/03/10 6:41 p.m.•12 views

CVE-2025-26696

7CVSS6.2AI score0.00146EPSS

Exploits0

CVE•added 2025/03/10 6:41 p.m.•87 views

CVE-2025-26696

CVE-2025-26696 affects Mozilla Thunderbird and is triggered by certain crafted MIME messages that claim to contain an encrypted OpenPGP message but actually contain an OpenPGP signed message, causing the UI to mis-display the content as encrypted. Public references in connected documents corrobor...

7CVSS6.5AI score0.00146EPSS

Exploits0References3Affected Software1

Positive Technologies•added 2025/02/13 12:0 a.m.•2 views

PT-2025-10626 · Mozilla +5 · Thunderbird +5

Name of the Vulnerable Software and Affected Versions: Thunderbird versions prior to 136 Thunderbird versions prior to 128.8 Description: The issue arises from certain crafted MIME email messages that claim to contain an encrypted OpenPGP message but actually contain an OpenPGP signed message,...

9.8CVSS5.1AI score0.29275EPSS

Exploits3References290

Debian•added 2024/11/15 9:47 p.m.•7 views

[SECURITY] [DSA 5814-1] thunderbird security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5814-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff November 15, 2024 https://www.debian.org/security/faq -...

5.3CVSS6.2AI score0.00127EPSS

Exploits0

OSV•added 2023/04/15 7:3 p.m.•7 views

MGASA-2023-0147 Updated thunderbird packages fix security vulnerability

Fullscreen notification obscured. CVE-2023-29533 Double-free in libwebp. MFSA-TMP-2023-0001 Potential Memory Corruption following Garbage Collector compaction. CVE-2023-29535 Invalid free from JavaScript code. CVE-2023-29536 Revocation status of S/Mime recipient certificates was not checked...

8.8CVSS7.4AI score0.00338EPSS

Exploits0References4

Github Security Blog•added 2022/05/24 4:46 p.m.•36 views

Golang/x/crypto message forgery vulnerability

A message-forgery issue was discovered in crypto/openpgp/clearsign/clearsign.go in supplementary Go cryptography libraries 2019-03-25. According to the OpenPGP Message Format specification in RFC 4880 chapter 7, a cleartext signed message can contain one or more optional "Hash" Armor Headers. The...

5.9CVSS5.4AI score0.00397EPSS

Exploits2References12Affected Software1

Cvelist•added 2019/05/22 12:0 a.m.•22 views

CVE-2019-11841

6.2AI score0.00397EPSS

Exploits2References7

Tenable Nessus•added 2016/02/22 12:0 a.m.•34 views

F5 Networks BIG-IP : GnuPG vulnerability (SOL40131068)

The compressed packet parser in GnuPG 1.4.x before 1.4.15 and 2.0.x before 2.0.22 allows remote attackers to cause a denial of service infinite recursion via a crafted OpenPGP message. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from F5...

5CVSS7.8AI score0.04702EPSS

Exploits0References2

Tenable Nessus•added 2015/01/19 12:0 a.m.•27 views

Oracle Solaris Third-Party Patch Update : gnupg (cve_2013_4351_cryptographic_issues)

The remote Solaris system is missing necessary patches to address security updates : - GnuPG 1.4.x, 2.0.x, and 2.1.x treats a key flags subpacket with all bits cleared no usage permitted as if it has all bits set all usage permitted, which might allow remote attackers to bypass intended...

5.8CVSS7.8AI score0.04702EPSS

Exploits0References5

OSV•added 2013/10/28 10:55 p.m.•2 views

DEBIAN-CVE-2013-4402