Lucene search
K

1338 matches found

NVD
NVD
added 2026/06/20 7:16 p.m.12 views

CVE-2026-56346

AVideo through version 25.0 contains an authentication bypass vulnerability in the decryptMessage.json.php endpoint that allows unauthenticated users to decrypt PGP messages. Remote attackers can submit private keys, ciphertext, and passphrases to perform server-side decryption without credential...

6.9CVSS0.00392EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/20 6:27 p.m.9 views

CVE-2026-56346

AVideo through version 25.0 contains an authentication bypass vulnerability in the decryptMessage.json.php endpoint that allows unauthenticated users to decrypt PGP messages. Remote attackers can submit private keys, ciphertext, and passphrases to perform server-side decryption without credential...

6.9CVSS5.9AI score0.00392EPSS
Exploits0References3
CVE
CVE
added 2026/06/20 6:27 p.m.22 views

CVE-2026-56346

CVE-2026-56346 affects AVideo up to version 25.0, with an authentication bypass in the decryptMessage.json.php endpoint that lets unauthenticated users decrypt PGP messages. Remote attackers can submit private keys, ciphertext, and passphrases to trigger server-side decryption without credentials...

6.9CVSS5.9AI score0.00392EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.10 views

Astra Linux – Vulnerability in Thunderbird

When receiving an email message signed with OpenPGP/MIME and containing an additional outer MIME message layer, such as a message footer added by a mailing list gateway, Thunderbird only considers the signed inner message for signature validity. This creates the false impression that the addition...

6.5CVSS6.6AI score0.00432EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.9 views

Astra Linux – Vulnerability in Thunderbird

If a MIME-encoded email contains an OpenPGP inline signed or encrypted message part, but also contains an additional unprotected part, Thunderbird did not indicate that only certain parts of the message are protected. This vulnerability affects Thunderbird versions earlier than 78.10.2...

4.3CVSS5.5AI score0.0094EPSS
Exploits1References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in Thunderbird

When requesting an OpenPGP key from a WKD server, an incorrect padding size was used, which could allow a network observer to determine the length of the requested email address. This vulnerability was fixed in Thunderbird 136 and Thunderbird 128.8...

5.3CVSS5.5AI score0.00145EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.7 views

Astra Linux – Vulnerability in libgcrypt20

The ElGamal implementation in Libgcrypt before version 1.9.4 allows plaintext recovery. This occurs because, during interaction between two cryptographic libraries, a dangerous combination of elements arises—specifically, the prime number defined by the receiver’s public key, the generator define...

5.9CVSS6.6AI score0.01423EPSS
Exploits1References2
OSV
OSV
added 2026/06/12 12:25 p.m.7 views

OESA-2026-2636 libsolv security update

A free package dependency solver using a satisfiability algorithm. The library is based on two major, but independent, blocks: Security Fixes: A flaw was found in libsolv. A stack-based buffer overflow vulnerability exists in the PGP verification component due to incorrect length handling when...

5.7AI score
Exploits0References2
OSV
OSV
added 2026/06/12 12:25 p.m.6 views

OESA-2026-2635 libsolv security update

A free package dependency solver using a satisfiability algorithm. The library is based on two major, but independent, blocks: Security Fixes: A flaw was found in libsolv. A stack-based buffer overflow vulnerability exists in the PGP verification component due to incorrect length handling when...

5.8AI score
Exploits0References2
OSV
OSV
added 2026/06/12 12:25 p.m.7 views

OESA-2026-2634 libsolv security update

A free package dependency solver using a satisfiability algorithm. The library is based on two major, but independent, blocks: Security Fixes: A flaw was found in libsolv. A stack-based buffer overflow vulnerability exists in the PGP verification component due to incorrect length handling when...

6.5CVSS5.9AI score0.00399EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/06/08 12:0 a.m.16 views

Amazon Linux 2023 : libsolv, libsolv-demo, libsolv-devel (ALAS2023-2026-1798)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1798 advisory. A flaw was found in libsolv. A stack-based buffer overflow vulnerability exists in the PGP verification component due to incorrect length handling when copying EdDSA 's' MPI into a stack buffe...

7.8CVSS6AI score0.00399EPSS
Exploits1References10
Tenable Nessus
Tenable Nessus
added 2026/06/08 12:0 a.m.12 views

TencentOS Server 4: libsolv (TSSA-2026:0423)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2026:0423 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

5.7AI score
Exploits0References2
Fedora
Fedora
added 2026/06/05 4:27 a.m.18 views

[SECURITY] Fedora 44 Update: rust-sequoia-wot-0.15.2-1.fc44

An implementation of OpenPGP's web of trust...

5.8AI score
Exploits0
Fedora
Fedora
added 2026/06/05 4:9 a.m.16 views

[SECURITY] Fedora 43 Update: rust-sequoia-sop-0.37.3-4.fc43

An implementation of the Stateless OpenPGP Interface using Sequoia...

5.8AI score
Exploits0
Fedora
Fedora
added 2026/05/27 1:27 a.m.12 views

[SECURITY] Fedora 43 Update: rust-sequoia-sqv-1.3.0-6.fc43

A simple OpenPGP signature verification program...

5.8AI score
Exploits0
Fedora
Fedora
added 2026/05/27 1:12 a.m.13 views

[SECURITY] Fedora 42 Update: rust-sequoia-sqv-1.3.0-6.fc42

A simple OpenPGP signature verification program...

5.5CVSS5.8AI score0.00085EPSS
Exploits0
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.9 views

Astra Linux - уязвимость в thunderbird

Thunderbird unprotects a secret OpenPGP key before using it for decryption, signing, or key import tasks. If the task fails, the secret key may remain in memory in an unprotected state. This vulnerability affects Thunderbird versions earlier than 78.8.1...

7.5CVSS6.9AI score0.00853EPSS
Exploits1References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Thunderbird

If a Thunderbird user has previously imported Alice’s OpenPGP key, and Alice has extended the validity period of her key, but Alice’s updated key has not yet been imported, an attacker may send an email containing a crafted version of Alice’s key with an invalid subkey. In this case, Thunderbird...

6.8CVSS6.6AI score0.01035EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2026/05/18 12:21 p.m.16 views

bouncycastle: BC-JAVA: unbounded PGP AEAD chunk size leads to pre-auth resource exhaustion

A flaw was found in Legion of the Bouncy Castle Inc. BC-JAVA bcpg. A specially crafted PGP AEAD Authenticated Encryption with Associated Data message with an unbounded chunk size can lead to an excessive consumption of memory. This issue allows an unauthenticated remote attacker to cause memory...

8.7CVSS5.8AI score0.00758EPSS
Exploits0References5
Fedora
Fedora
added 2026/05/15 2:34 a.m.14 views

[SECURITY] Fedora 44 Update: rust-sequoia-sop-0.37.3-3.fc44

An implementation of the Stateless OpenPGP Interface using Sequoia...

5.8AI score
Exploits0
Rows per page
Query Builder