CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

AstraLinux•added 2026/06/19 11:10 a.m.•3 views

Astra Linux – Vulnerability in Thunderbird

An attacker may carry out a DoS attack to prevent a user from sending encrypted emails to a correspondent. If an attacker creates a crafted OpenPGP key with a subkey that has an invalid self-signature, and the Thunderbird user imports the crafted key, then Thunderbird may attempt to use the inval...

6.5CVSS6.8AI score0.00427EPSS

AstraLinux•added 2026/06/19 11:10 a.m.•5 views

Astra Linux – Vulnerability in Thunderbird

OpenPGP secret keys that were imported using Thunderbird versions 78.8.1 up to 78.10.1 were stored unencrypted on the user’s local disk. The master password protection was inactive for those keys. Version 78.10.2 will restore the protection mechanism for newly imported keys, and will automaticall...

4.3CVSS5.5AI score0.0081EPSS

Exploits1References1

AstraLinux•added 2026/06/19 11:10 a.m.•2 views

Astra Linux – Vulnerability in opensc

A heap-based buffer overflow vulnerability was discovered in the libopensc OpenPGP driver. A specially crafted USB device or smart card, containing malicious responses to APDUs during the card enrollment process using the pkcs15-init tool, may lead to unauthorized access, potentially resulting in...

2.9CVSS7.2AI score0.0031EPSS

AstraLinux•added 2026/06/19 11:10 a.m.•9 views

Astra Linux – Vulnerability in Thunderbird

Certain crafted MIME email messages that claimed to contain encrypted OpenPGP messages actually contained an OpenPGP-signed message. These messages were incorrectly displayed as encrypted. This vulnerability was fixed in Thunderbird 136 and Thunderbird 128.8...

7CVSS5.9AI score0.00331EPSS

AstraLinux•added 2026/06/19 11:10 a.m.•4 views

Astra Linux – Vulnerability in Thunderbird

When a user explicitly requested Thunderbird to decrypt an inline OpenPGP message that was embedded in a text section of an email, which was formatted and styled using HTML and CSS, the decrypted contents were displayed in a context where the CSS styles from the outer messages remained active. If...

4.3CVSS6.9AI score0.00159EPSS

OSV•added 2026/06/12 12:25 p.m.•9 views

OESA-2026-2637 libsolv security update

A free package dependency solver using a satisfiability algorithm. The library is based on two major, but independent, blocks: Security Fixes: A flaw was found in libsolv. A stack-based buffer overflow vulnerability exists in the PGP verification component due to incorrect length handling when...

5.7AI score

Fedora•added 2026/06/05 4:27 a.m.•25 views

[SECURITY] Fedora 44 Update: rust-sequoia-sop-0.37.3-4.fc44

An implementation of the Stateless OpenPGP Interface using Sequoia...

OSV•added 2026/06/04 8:52 p.m.•4 views

ROOT-APP-NPM-CVE-2025-47934 CVE-2025-47934 in @rootio/openpgp - Patched by Root

Root has patched CVE-2025-47934 in the @rootio/openpgp package for Root:npm. Multiple fixed versions available...

8.7CVSS5.4AI score0.00642EPSS

Fedora•added 2026/05/27 1:27 a.m.•7 views

[SECURITY] Fedora 43 Update: rust-sequoia-openpgp-2.3.0-1.fc43

OpenPGP data types and associated machinery...

Fedora•added 2026/05/27 1:12 a.m.•9 views

[SECURITY] Fedora 42 Update: rust-sequoia-sop-0.37.3-3.fc42

An implementation of the Stateless OpenPGP Interface using Sequoia...

5.5CVSS5.8AI score0.00085EPSS

Fedora•added 2026/05/27 1:12 a.m.•7 views

[SECURITY] Fedora 42 Update: rust-sequoia-openpgp-2.3.0-1.fc42

OpenPGP data types and associated machinery...

5.5CVSS5.8AI score0.00085EPSS

Tenable Nessus•added 2026/05/27 12:0 a.m.•8 views

Fedora 43 : rust-rpm-sequoia / rust-sequoia-chameleon-gnupg / rust-sequoia-git / etc (2026-38d57d2e7a)

The remote Fedora 43 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2026-38d57d2e7a advisory. Update sequoia-openpgp to version 2.3.0. This includes three security relevant fixes assigned CVE-2026-42783, CVE-2026-42784, and CVE-not-...

Tenable Nessus•added 2026/05/27 12:0 a.m.•6 views

Exploits0References3

Fedora 42 : rust-rpm-sequoia / rust-sequoia-chameleon-gnupg / rust-sequoia-git / etc (2026-8df732be8a)

The remote Fedora 42 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2026-8df732be8a advisory. Update sequoia-openpgp to version 2.3.0. This includes three security relevant fixes assigned CVE-2026-42783, CVE-2026-42784, and CVE-not-...

5.5CVSS5.8AI score0.00085EPSS

Exploits0References4

OSV•added 2026/05/22 12:0 a.m.•5 views

UBUNTU-CVE-2026-42784

openpgp: Dont imply missing key flags from key type...

UbuntuCve•added 2026/05/22 12:0 a.m.•10 views

CVE-2026-42784

openpgp: Dont imply missing key flags from key type...

Tenable Nessus•added 2026/05/22 12:0 a.m.•11 views

Linux Distros Unpatched Vulnerability : CVE-2026-42783

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian Linux - rust-sequoia-openpgp - None Ubuntu Linux - openpgp: Don't imply missing key flags from key type CVE-2026-42783 Note that Nessus relies on the...

Tenable Nessus•added 2026/05/22 12:0 a.m.•12 views

Exploits0References3

Linux Distros Unpatched Vulnerability : CVE-2026-42784

UbuntuCve•added 2026/05/21 12:0 a.m.•11 views

Exploits0References3

CVE-2026-42783

openpgp: Dont imply missing key flags from key type...