CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 2 days ago•6 views

CVE-2026-55599

phpseclib (versions 0.1.1 through 1.0.30, 2.0.55, and 3.0.54) vulnerability: X509::validateSignature() reads a URL from the certificate's Authority Information Access extension and connects to it, enabling an attacker supplying a cert to fully control the outbound connection (host, port, path). T...

5.8CVSS5.9AI score0.00128EPSS

Cvelist•added 2 days ago•17 views

CVE-2026-55599 phpseclib: X.509 certificate validation sends attacker-controlled outbound requests (server-side request forgery) via Authority Information Access

5.8CVSS0.00128EPSS

Debian CVE•added 2 days ago•4 views

CVE-2026-55599

5.8CVSS5.9AI score0.00128EPSS

Exploits0

ATTACKERKB•added 2 days ago•3 views

CVE-2026-55599

5.8CVSS5.9AI score0.00128EPSS

Exploits0References2Affected Software1

OPENSUSE Linux•added 2026/06/05 12:0 a.m.•5 views

Security update for cacti (moderate)

openSUSE Security Update: Security update for cacti Announcement ID: openSUSE-SU-2026:0189-1 Rating: moderate References: Cross-References: CVE-2024-27355 Affected Products: openSUSE Backports SLE-15-SP7 An update that fixes one vulnerability is now available. Description: This update for cacti...

SUSE CVE•added 2026/06/03 2:36 a.m.•8 views

Exploits0

SUSE CVE-2024-27355

An issue was discovered in phpseclib 1.x before 1.0.23, 2.x before 2.0.47, and 3.x before 3.0.36. When processing the ASN.1 object identifier of a certificate, a sub identifier may be provided that leads to a denial of service CPU consumption for decodeOID...

7.5CVSS7AI score0.00564EPSS

Tenable Nessus•added 2026/05/13 12:0 a.m.•5 views

Linux Distros Unpatched Vulnerability : CVE-2026-44167

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - phpseclib is a PHP secure communications library. Prior to 1.0.29, 2.0.54, and 3.0.52, anyone loading untrusted ASN1 files eg. X509 certificates, RSA PKCS8...

7.5CVSS5.5AI score0.00201EPSS

Exploits0References3

RedhatCVE•added 2026/05/12 7:27 p.m.•6 views

CVE-2026-44167

A flaw was found in phpseclib, a PHP secure communications library. This vulnerability allows a remote attacker to trigger a denial of service by providing specially crafted, untrusted ASN.1 Abstract Syntax Notation One files, such as X.509 certificates or RSA private/public keys. This issue is a...

NVD•added 2026/05/12 6:17 p.m.•30 views

CVE-2026-44167

phpseclib is a PHP secure communications library. Prior to 1.0.29, 2.0.54, and 3.0.52, anyone loading untrusted ASN1 files eg. X509 certificates, RSA PKCS8 private or public keys, etc. This is a bypass of CVE-2024-27355. This vulnerability is fixed in 1.0.29, 2.0.54, and 3.0.52...

7.5CVSS0.00201EPSS

OSV•added 2026/05/12 6:17 p.m.•3 views

DEBIAN-CVE-2026-44167

Cvelist•added 2026/05/12 5:22 p.m.•41 views

CVE-2026-44167 phpseclib: CVE-2024-27355 mitigation bypass — OID amplification DoS in ASN1::decodeOID()

7.5CVSS0.00201EPSS

CVE•added 2026/05/12 5:22 p.m.•39 views

CVE-2026-44167

phpseclib contains a mitigation bypass for CVE-2024-27355 in the OID handling path (ASN1::decodeOID). Prior to versions 1.0.29, 2.0.54, and 3.0.52, loading untrusted ASN.1 data (e.g., X.509 certificates, RSA keys) could trigger a denial-of-service. The vulnerability is fixed in 1.0.29, 2.0.54, an...

Debian CVE•added 2026/05/12 5:22 p.m.•11 views

CVE-2026-44167

ATTACKERKB•added 2026/05/12 5:22 p.m.•5 views

Exploits0

CVE-2026-44167

Exploits0References3Affected Software1

Vulnrichment•added 2026/05/12 5:22 p.m.•17 views

CVE-2026-44167 phpseclib: CVE-2024-27355 mitigation bypass — OID amplification DoS in ASN1::decodeOID()

CNNVD•added 2026/05/12 12:0 a.m.•6 views

phpseclib 资源管理错误漏洞

phpseclib is an open-source PHP security communication library developed by phpseclib. Versions prior to 1.0.29, 2.0.54, and 3.0.52 contained a resource management vulnerability. This vulnerability stemmed from an issue where bypassing CVE-2024-27355 was possible when loading untrusted ASN1 files...