Lucene search
K

250 matches found

NVD
NVD
added 4 days ago7 views

CVE-2026-56254

In @capgo/capacitor-updater Cap-go/capgo before 12.128.2, the end-to-end encryption scheme distributes the private key to each device that downloads the app. Because the public key can be derived from the private key, an attacker performing a man-in-the-middle attack or compromising the Capgo...

8.3CVSS0.00151EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/15 12:0 a.m.34 views

CVE-2026-50892

Incorrect access control in the "Let's Encrypt" certificate download endpoint of Nginx Proxy Manager v2.14.0 allows authenticated attackers to obtain the TLS private key material via a crafted GET request...

0.00171EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/06/11 1:24 p.m.14 views

openssl: FFC-DH Peer Validation Uses Attacker-Supplied q

A flaw was found in OpenSSL. A malicious peer can exploit this vulnerability by presenting a specially crafted DHX X9.42 peer key. Due to improper validation of the peer key's subgroup membership, an attacker can recover the victim's private key after a small number of key exchange attempts. This...

3.7CVSS5.4AI score0.00259EPSS
Exploits0References4
GithubExploit
GithubExploit
added 2026/06/09 5:19 p.m.67 views

Exploit for CVE-2026-46395

CVE-2026-46395 - HAXcms Node.js Private Key Disclosure via Bro...

9.3CVSS5.6AI score0.00295EPSS
Exploits1
NVD
NVD
added 2026/06/05 7:16 p.m.17 views

CVE-2026-46395

HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0, the hmacBase64 function in the HAXcms Node.js backend contains two critical cryptographic implementation errors that together allow any unauthenticated attacker to extract the system’s private signing ke...

9.3CVSS0.00295EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:13 p.m.13 views

CVE-2026-40965

Cloud Foundry UAA versions v76.12.0 through v78.12.0 are vulnerable to a private key exposure. The server contains a vulnerability where EC Elliptic Curve private keys are inadvertently exposed through the public /tokenkeys endpoint. This endpoint is designed to provide public key material for JW...

10CVSS5.4AI score0.00346EPSS
Exploits0References1
CVE
CVE
added 2026/06/05 6:27 p.m.32 views

CVE-2026-46395

HAX CMS Node.js backend (before 26.0.0) exposes a critical cryptographic flaw in the hmacBase64() function. It uses a hardcoded signing key of the string "0" and then appends the real key (this.privateKey + this.salt) to the output, producing tokens that reveal the private key when decoded. An un...

9.3CVSS5.9AI score0.00295EPSS
Exploits1References1
EUVD
EUVD
added 2026/06/02 12:31 a.m.25 views

EUVD-2026-33817

Cloud Foundry UAA versions v76.12.0 through v78.12.0 are vulnerable to a private key exposure. The server contains a vulnerability where EC Elliptic Curve private keys are inadvertently exposed through the public /tokenkeys endpoint. This endpoint is designed to provide public key material for JW...

10CVSS5.8AI score0.00346EPSS
Exploits0References2
NVD
NVD
added 2026/06/01 10:16 p.m.15 views

CVE-2026-40965

Cloud Foundry UAA versions v76.12.0 through v78.12.0 are vulnerable to a private key exposure. The server contains a vulnerability where EC Elliptic Curve private keys are inadvertently exposed through the public /tokenkeys endpoint. This endpoint is designed to provide public key material for JW...

10CVSS0.00346EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/01 9:22 p.m.10 views

CVE-2026-40965

Cloud Foundry UAA versions v76.12.0 through v78.12.0 are vulnerable to a private key exposure. The server contains a vulnerability where EC Elliptic Curve private keys are inadvertently exposed through the public /tokenkeys endpoint. This endpoint is designed to provide public key material for JW...

10CVSS5.8AI score0.00346EPSS
Exploits0References2Affected Software2
Vulnrichment
Vulnrichment
added 2026/06/01 9:22 p.m.10 views

CVE-2026-40965

Cloud Foundry UAA versions v76.12.0 through v78.12.0 are vulnerable to a private key exposure. The server contains a vulnerability where EC Elliptic Curve private keys are inadvertently exposed through the public /tokenkeys endpoint. This endpoint is designed to provide public key material for JW...

10CVSS5.8AI score0.00346EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.24 views

PT-2026-45616

Name of the Vulnerable Software and Affected Versions Cloud Foundry UAA versions v76.12.0 through v78.12.0 CF Deployment versions v30.0.0 through v56.0.0 Description Private key exposure occurs when the server inadvertently reveals Elliptic Curve EC private keys through the public '/token keys'...

10CVSS5.8AI score0.00346EPSS
Exploits0References8
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.10 views

Cloud Foundry UAA 安全漏洞

Cloud Foundry UAA is an identity verification and management service terminal designed for the CloudFoundry platform by the Cloud Foundry Foundation in the United States. There is a security vulnerability in Cloud Foundry UAA, which stems from the exposure of private keys. This vulnerability may...

10CVSS5.3AI score0.00346EPSS
Exploits0References1
Snyk
Snyk
added 2026/05/26 6:40 p.m.8 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the uploadedFileSaveIn function, which uses filepath.Join with user-supplied directory input but does not validate the resulting path boundaries. An attacker can write files outside the intended web root by...

8.7CVSS6.3AI score0.00344EPSS
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/21 12:0 a.m.22 views

Malicious code in wallet-security-checker (npm)

A coordinated supply-chain attack comprising 10 npm packages published by maintainer ddjidd5640 [email protected] within a 48-hour window 2026-05-19T03:55Z – 2026-05-21T04:31Z. All packages masquerade as legitimate Web3/DeFi developer security tools MCP servers while silently exfiltrating...

5.8AI score
Exploits0References14
Snyk
Snyk
added 2026/05/19 3:38 p.m.7 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal due to improper path validation in the repository checkout process. An attacker can modify files outside the intended target directory, including .git directories, by supplying a maliciously crafted repository payloa...

5.4CVSS6.3AI score0.00297EPSS
Exploits0References2
OSV
OSV
added 2026/05/19 2:44 p.m.8 views

GHSA-6C8G-9HFH-PQ5H HAXcms: Private Key Disclosure via Broken HMAC Implementation

Summary The hmacBase64 function in the HAXcms Node.js backend contains two critical cryptographic implementation errors that together allow any unauthenticated attacker to extract the system’s private signing key and forge arbitrary admin-level JSON Web Tokens JWTs allowing them to get full admin...

9.3CVSS6.1AI score0.00295EPSS
Exploits1References3
Cloud Foundry
Cloud Foundry
added 2026/05/14 12:0 a.m.8 views

CVE-2026-40965 - UAA EC Private Key Disclosure via token_keys JSON Response | Cloud Foundry

10.0 / Critical CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:H/SI:H/SA:L 10.0 / Critical CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L Vendor CloudFoundry Foundation Description Cloud Foundry UAA versions v76.12.0 through v78.12.0 are vulnerable to a private key exposure. The server contain...

10CVSS5.8AI score0.00346EPSS
Exploits0
Packet Storm
Packet Storm
added 2026/04/30 12:0 a.m.164 views

📄 SAP HANA Cockpit / Database Explorer Private Key Disclosure

SAP HANA Cockpit and SAP HANA Database Explorer expose the private key of their X.509 certificate. SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Exposed Private Key of X.509 Certificate product: SAP HANA...

5CVSS5.3AI score0.00304EPSS
Exploits2
Github Security Blog
Github Security Blog
added 2026/04/25 11:39 p.m.18 views

Cillium exposes sensitive information included in the cilium-bugtool debug archive

Impact The output of cilium-bugtool can contain sensitive data when the tool is run against Cilium deployments with WireGuard encryption enabled. Users of WireGuard Transparent Encryption are affected. The sensitive data is the WireGuard private key ciliumwg0.key used for node-to-node encrypted...

7.9CVSS5.5AI score0.00077EPSS
Exploits0References7Affected Software1
Rows per page
Query Builder