CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

145 matches found

EUVD-2026-39565

HMAC zero-length tag forgery in EVPDigestVerifyFinal, where a zero-length tag could be accepted as valid during HMAC verification. In the OpenSSL-compatibility HMAC verify path the supplied signature length was only checked as not exceeding the MAC length, so a zero-length or otherwise truncated...

2.1CVSS5.8AI score

Exploits0References3

RedhatCVE•added yesterday•4 views

CVE-2026-57062

A flaw in GnuPG's gpgsm component improperly handles the Cryptographic Message Syntax CMS format for AES-GCM. By accepting an authentication tag length of 4 bytes instead of the required 12 bytes, this vulnerability allows for a low-impact data integrity issue where the cryptographic validity of...

2.9CVSS5.7AI score0.0011EPSS

Exploits0References5

AstraLinux•added last week•3 views

Astra Linux – Vulnerability in nss

A flaw was discovered in the implementation of CHACHA20-POLY1305 in NSS versions prior to 3.55. When using multi-part Chacha20, it could lead to out-of-bounds reads. This issue was addressed by explicitly disabling multi-part ChaCha20 which was not functioning correctly and enforcing strict tag...

9.1CVSS7.3AI score0.01541EPSS

Exploits0References1

SUSE CVE•added 2026/06/13 2:21 a.m.•8 views

SUSE CVE-2026-34182

Issue Summary: Cryptographic Message Services CMS processing fails to perform sufficient input validation on the cipher and tag length fields of AuthEnvelopedData containers, leading to various potential compromises. Impact Summary: Attackers making use of these vulnerabilities may achieve...

5.9CVSS5.3AI score0.00237EPSS

Exploits0References8

RedHat Linux•added 2026/06/11 1:9 p.m.•7 views

openssl: CMS AuthEnvelopedData Processing May Accept Forged Messages

A flaw was found in OpenSSL's Cryptographic Message Services CMS AuthEnvelopedData processing. An on-path attacker can exploit insufficient input validation on cipher and tag length fields by sending specially crafted CMS messages. This can lead to the forging of messages or bypassing integrity...

9.1CVSS5.4AI score0.00237EPSS

Exploits0References4

Packet Storm News•added 2026/06/10 12:0 a.m.•5 views

CLDAP Analyzer with ASN.1 BER Encoding and Basic TLV Response Parser

This Python script implements a CLDAP Connectionless LDAP analyzer that builds and sends LDAP CLDAP discovery requests and parses responses using ASN.1 BER encoding and a basic TLV parser. It constructs a structured LDAP search request including DnsDomain, User, and NtVer filters, sends it over U...

5.5AI score

Exploits0

Snyk•added 2026/06/09 6:33 p.m.•11 views

Improper Validation of Integrity Check Value

Overview Affected versions of this package are vulnerable to Improper Validation of Integrity Check Value when processing cipher and tag-length fields of CMS AuthEnvelopedData containers. An attacker can bypass message integrity via replay attack. A non AEAD cipher is permitted in...

9.1CVSS5.3AI score0.00237EPSS

Exploits0References2

EUVD•added 2026/06/09 6:30 p.m.•10 views

EUVD-2026-35478

5.4AI score0.00237EPSS

Exploits0References7

NVD•added 2026/06/09 5:17 p.m.•26 views

CVE-2026-34182

9.1CVSS0.00237EPSS

Exploits0References6

OSV•added 2026/06/09 5:17 p.m.•5 views

ALPINE-CVE-2026-34182

9.1CVSS5.4AI score0.00237EPSS

Exploits0References1

CVE•added 2026/06/09 4:3 p.m.•185 views

CVE-2026-34182

CVE-2026-34182 describes a vulnerability in CMS AuthEnvelopedData processing in OpenSSL where insufficient input validation on cipher and tag length can allow forged or manipulated messages. Attack scenarios include selecting non-AEAD ciphers (e.g., AES-256-OFB) that bypasses integrity checks and...

9.1CVSS5.5AI score0.00237EPSS

Exploits0References6Affected Software1

AlpineLinux•added 2026/06/09 4:3 p.m.•17 views

CVE-2026-34182

9.1CVSS5.4AI score0.00237EPSS

Exploits0

Positive Technologies•added 2026/06/09 12:0 a.m.•10 views

PT-2026-47831

Name of the Vulnerable Software and Affected Versions OpenSSL affected versions not specified Description Cryptographic Message Services CMS processing fails to perform sufficient input validation on the cipher and tag length fields of AuthEnvelopedData containers. This allows attackers to achiev...

9.1CVSS5.5AI score0.00511EPSS

Exploits0References110

CNNVD•added 2026/06/09 12:0 a.m.•10 views

OpenSSL 加密问题漏洞

OpenSSL is an open-source encryption library developed by the OpenSSL team that enables the implementation of Secure Sockets Layer SSLv2/v3 and Secure Transport Layer TLSv1 protocols. This product supports various encryption algorithms, including symmetric ciphers, hash algorithms, and secure has...

9.1CVSS5.8AI score0.00237EPSS

Exploits0References6

SUSE CVE•added 2026/05/30 2:7 a.m.•11 views

SUSE CVE-2026-41565

CryptX versions before 0.088001 for Perl have a stack buffer overflow in four AEAD decryptverify helpers. The gcmdecryptverify, ccmdecryptverify, chacha20poly1305decryptverify and eaxdecryptverify XS routines copied the caller-supplied authentication tag into a fixed 144-byte stack buffer...

7.5CVSS6.1AI score0.00469EPSS

Exploits0References3

RedhatCVE•added 2026/05/28 5:20 p.m.•12 views

CVE-2026-41565

A flaw was found in perl-CryptX. A stack buffer overflow vulnerability exists in the AEAD Authenticated Encryption with Associated Data decryptverify helper routines. An attacker who can control the length of the authentication tag provided to these routines can cause a buffer overflow, potential...

9.8CVSS6.5AI score0.00469EPSS

Exploits0References6

NVD•added 2026/05/28 4:16 p.m.•16 views

CVE-2026-41565

7.5CVSS0.00469EPSS

Exploits0References4

OSV•added 2026/05/28 4:16 p.m.•8 views

UBUNTU-CVE-2026-41565

7.5CVSS6.1AI score0.00469EPSS

Exploits0References7

EUVD•added 2026/05/28 2:13 p.m.•10 views

EUVD-2026-32906