CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

51 matches found

RedHat Linux•added 2026/06/11 1:24 p.m.•8 views

openssl: NULL Pointer Dereference in CRMF EncryptedValue Decryption

A flaw was found in OpenSSL. An attacker controlling a Certificate Management Protocol CMP server, or acting as a man-in-the-middle, could craft a malicious CMP response. This response, containing a Certificate Request Message Format CRMF CertRepMessage with a specific malformed EncryptedValue...

5.9CVSS5.4AI score0.00349EPSS

Exploits0References4

RedhatCVE•added 2026/06/10 1:34 p.m.•7 views

CVE-2026-42767

5.9CVSS5.4AI score0.00349EPSS

Exploits0References3

EUVD•added 2026/06/09 6:30 p.m.•12 views

EUVD-2026-35484

Issue summary: An attacker-controlled CMP Certificate Management Protocol server could trigger a NULL pointer dereference in a CMP client application. Impact summary: A NULL pointer dereference causes a crash of the application and a Denial of Service. An attacker controlling a CMP server or acti...

5.9CVSS5.5AI score0.00349EPSS

Exploits0References7

OSV•added 2026/06/09 5:17 p.m.•4 views

ALPINE-CVE-2026-42767

5.9CVSS5.5AI score0.00349EPSS

Exploits0References1

AlpineLinux•added 2026/06/09 4:3 p.m.•8 views

CVE-2026-42767

5.9CVSS5.5AI score0.00349EPSS

Exploits0

Cvelist•added 2026/06/09 4:3 p.m.•33 views

CVE-2026-42767 NULL Pointer Dereference in CRMF EncryptedValue Decryption

0.00349EPSS

Exploits0References6

CVE•added 2026/06/09 4:3 p.m.•38 views

CVE-2026-42767

The CVE-2026-42767 issue affects the OpenSSL CMP client: processing a CRMF CertRepMessage with EncryptedValue where symmAlg has an OID but no parameters can trigger a NULL pointer dereference, crashing the CMP client and enabling DoS. The vulnerability is due to improper handling during CMP respo...

5.9CVSS5.6AI score0.00349EPSS

Exploits0References6Affected Software1

Positive Technologies•added 2026/06/09 12:0 a.m.•12 views

PT-2026-47837

Name of the Vulnerable Software and Affected Versions OpenSSL affected versions not specified Description A NULL pointer dereference can occur in a CMP client application when processing a crafted CMP response. An attacker controlling a CMP server or acting as a man-in-the-middle can send a CRMF...

9.1CVSS5.5AI score0.02268EPSS

Exploits0References79

Github Security Blog•added 2026/03/19 4:27 p.m.•7 views

step-ca has Unauthenticated Certificate Issuance via SCEP UpdateReq (MessageType=18)

Summary An attacker can force a Step CA SCEP provisioner to create certificates without completing certain protocol authorization checks. Details SCEP requests carry a message type. On receipt of a SCEP request, Step CA starts processing it by parsing its contents. Message types that were...

10CVSS6.4AI score0.00296EPSS

Exploits0References5Affected Software1

OSV•added 2025/12/01 12:0 a.m.•4 views

PUB-A-422442679

In ssDecodeLcsAssistDataReqMsgvoid of ssLcsManagement.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote proximal/adjacent escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

8CVSS7.3AI score0.00104EPSS

Exploits1References1

Cvelist•added 2025/11/10 12:0 a.m.•7 views

CVE-2025-63288

In Open5GS 2.7.6, AMF crashes when receiving an abnormal NGSetupRequest message, resulting in denial of service...

0.00277EPSS

Exploits0References2

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2015-5357

Malware in sbrugna...

7.5CVSS7.6AI score0.02311EPSS

Exploits1References4

RedhatCVE•added 2025/02/06 3:13 a.m.•6 views

CVE-2021-35074

Possible integer overflow due to improper fragment datatype while calculating number of fragments in a request message in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile...

8.4CVSS7.3AI score0.00185EPSS

Exploits0References1

OSV•added 2024/09/23 9:15 p.m.•0 views

UBUNTU-CVE-2024-42861

An issue in IEEE 802.1AS linuxptp v.4.2 and before allowing a remote attacker to cause a denial of service via a crafted PdelayReq message to the time synchronization function...

7.5CVSS5.8AI score0.01494EPSS

Exploits0References6

CNNVD•added 2023/08/10 12:0 a.m.•3 views

Callback Widget Cross-Site Scripting Vulnerability

PHPJabbers Callback Widget is a simple PHP script that places a discreet callback button on a website. A cross-site scripting vulnerability exists in PHPJabbers Callback Widget version v1.0, which stems from cross-site scripting XSS in the value-text-osmsemailrequestmessage parameter of ndex.php...

6.1CVSS6AI score0.00388EPSS

Exploits0References3

Positive Technologies•added 2023/08/10 12:0 a.m.•5 views

PT-2023-25530 · Phpjabbers · Phpjabbers Callback Widget

Name of the Vulnerable Software and Affected Versions: PHPJabbers Callback Widget version 1.0 Description: There is a Cross Site Scripting XSS issue in the value-text-o sms email request message parameters of index.php. This allows for potential malicious script execution. Recommendations: For...

6.1CVSS6.1AI score0.00388EPSS

Exploits0References7