CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

AstraLinux•added 2026/05/03 11:59 p.m.•6 views

Astra Linux – Vulnerability in opensc

The TCOS smart card software driver in OpenSC before version 0.21.0-rc1 has a stack-based buffer overflow in the tcosdecipher function...

5.5CVSS6.8AI score0.00051EPSS

NVD•added 2026/04/23 1:16 p.m.•1 views

CVE-2025-13763

Multiple uses of uninitialized variables were found in libopensc that may lead to information disclosure or application crash. An attack requires a crafted USB device or smart card that would present the system with specially crafted responses to the APDUs...

5.7CVSS0.00026EPSS

Cvelist•added 2026/04/23 12:27 p.m.•25 views

CVE-2025-13763 Libopensc: opensc: multiple uses of uninitialized variable

5.7CVSS0.00026EPSS

EUVD•added 2026/04/23 12:27 p.m.•1 views

EUVD-2025-209564

5.7CVSS5.7AI score0.00026EPSS

Vulnrichment•added 2026/04/23 12:27 p.m.•0 views

CVE-2025-13763 Libopensc: opensc: multiple uses of uninitialized variable

5.7CVSS5.7AI score0.00026EPSS

OSV•added 2026/04/20 10:8 a.m.•0 views

SUSE-SU-2026:1477-1 Security update for opensc

This update for opensc fixes the following issues: - CVE-2025-49010: specially crafted smart card or USB device can lead to a stack buffer overflow write in GET RESPONSE bsc1261214. - CVE-2025-66037: specially crafted input processed by the fuzzpkcs15reader harness can lead to an out-of-bounds he...

6.8CVSS6.1AI score0.00032EPSS

Exploits2References9

Tenable Nessus•added 2026/03/31 12:0 a.m.•5 views

Linux Distros Unpatched Vulnerability : CVE-2025-66215

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, an attacker with physical access to the computer at the time user or...

6.8CVSS5.3AI score0.00023EPSS

RedhatCVE•added 2026/03/30 8:48 p.m.•1 views

CVE-2025-66215

A flaw was found in OpenSC, an open-source smart card tool and middleware. An attacker with physical access to the computer can exploit this vulnerability when a user or administrator uses a smart card token. By presenting a specially crafted USB device or smart card, the attacker can trigger a...

6.8CVSS5.8AI score0.00023EPSS

Exploits0References7

NVD•added 2026/03/30 6:16 p.m.•1 views

CVE-2025-66215

OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, an attacker with physical access to the computer at the time user or administrator uses a token can cause a stack-buffer-overflow WRITE in card-oberthur. The attack requires crafted USB device or smart card that...

6.8CVSS0.00023EPSS

NVD•added 2026/03/30 6:16 p.m.•3 views

CVE-2025-49010

OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, an attacker with physical access to the computer at the time user or administrator uses a token can cause a stack-buffer-overflow write in GET RESPONSE. The attack requires crafted USB device or smart card that wou...

6.8CVSS0.00021EPSS

OSV•added 2026/03/30 6:16 p.m.•2 views

DEBIAN-CVE-2025-49010

OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, an attacker with physical access to the computer at the time user or administrator uses a token can cause a stack-buffer-overflow write in GET RESPONSE. The attack requires crafted USB device or smart card that wou...

6.8CVSS5.1AI score0.00021EPSS

UbuntuCve•added 2026/03/30 6:16 p.m.•0 views

CVE-2025-66215

6.8CVSS5.7AI score0.00023EPSS

UbuntuCve•added 2026/03/30 6:16 p.m.•0 views

CVE-2025-66037

OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, feeding a crafted input to the fuzzpkcs15reader harness causes OpenSC to perform an out-of-bounds heap read in the X.509/SPKI handling path. Specifically, scpkcs15pubkeyfromspkifields allocates a zero-length buffer...

6.8CVSS5.9AI score0.00011EPSS

Exploits1References1

OSV•added 2026/03/30 6:16 p.m.•0 views

UBUNTU-CVE-2025-66215

6.8CVSS5.7AI score0.00023EPSS

OSV•added 2026/03/30 6:16 p.m.•1 views

UBUNTU-CVE-2025-49010

OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, an attacker with physical access to the computer at the time user or administrator uses a token can cause a stack-buffer-overflow write in GET RESPONSE. The attack requires crafted USB device or smart card that wou...

6.8CVSS5.7AI score0.00021EPSS

Cvelist•added 2026/03/30 5:6 p.m.•16 views

CVE-2025-66215 OpenSC: Stack-buffer-overflow WRITE in card-oberthur

3.8CVSS0.00023EPSS

Cvelist•added 2026/03/30 4:59 p.m.•20 views

CVE-2025-49010 OpenSC: Stack-buffer-overflow WRITE in GET RESPONSE

OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, an attacker with physical access to the computer at the time user or administrator uses a token can cause a stack-buffer-overflow write in GET RESPONSE. The attack requires crafted USB device or smart card that wou...

3.8CVSS0.00021EPSS

CVE•added 2026/03/30 4:59 p.m.•9 views

CVE-2025-49010

OpenSC is affected prior to 0.27.0 by a stack-buffer-overflow in GET RESPONSE triggered by a crafted USB device or smart card presenting specially crafted APDU responses. The issue requires physical access and user interaction, with a low impact per the CVSS vector. A fix is available in OpenSC 0...

6.8CVSS5.8AI score0.00021EPSS

Exploits0References2Affected Software1

Vulnrichment•added 2026/03/30 4:59 p.m.•3 views

CVE-2025-49010 OpenSC: Stack-buffer-overflow WRITE in GET RESPONSE

OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, an attacker with physical access to the computer at the time user or administrator uses a token can cause a stack-buffer-overflow write in GET RESPONSE. The attack requires crafted USB device or smart card that wou...

3.8CVSS5.8AI score0.00021EPSS