CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 2026/03/31 3:15 a.m.•4 views

CVE-2026-34054

vcpkg is a free and open-source C/C++ package manager. Prior to version 3.6.13, vcpkg's Windows builds of OpenSSL set openssldir to a path on the build machine, making that path be attackable later on customer machines. This issue has been patched in version 3.6.13...

7.8CVSS0.00055EPSS

Vulnrichment•added 2026/03/31 1:56 a.m.•2 views

CVE-2026-34054 openssl on Windows built with openssldir set from the build machine (Uncontrolled Search Path Element)

ATTACKERKB•added 2026/03/31 1:56 a.m.•1 views

CVE-2026-34054

Cvelist•added 2026/03/31 1:56 a.m.•18 views

Exploits0References4

CVE-2026-34054 openssl on Windows built with openssldir set from the build machine (Uncontrolled Search Path Element)

7.8CVSS0.00055EPSS

CVE•added 2026/03/31 1:56 a.m.•57 views

CVE-2026-34054

The CVE-2026-34054 issue affects vcpkg’s Windows OpenSSL builds, where openssldir was set from the build machine. This exposed a path on customer machines that could be attackable. The vulnerability is addressed in vcpkg 3.6.1#3. Affected component: OpenSSL builds within vcpkg’s Windows workflow;...

EUVD•added 2026/03/31 1:56 a.m.•0 views

EUVD-2026-17285

CNNVD•added 2026/03/31 12:0 a.m.•2 views

vcpkg 代码问题漏洞

vcpkg is an open-source C/C++ cross-platform package management tool developed by Microsoft. Versions of vcpkg prior to vcpkg 3.6.1 contained code vulnerabilities. These vulnerabilities stemmed from the Windows version of OpenSSL, where the path to openssldir was set to the path on the build...

7.8CVSS7.2AI score0.00055EPSS

Positive Technologies•added 2026/03/31 12:0 a.m.•1 views

PT-2026-29186

Name of the Vulnerable Software and Affected Versions vcpkg versions prior to 3.6.13 Description vcpkg, a C/C++ package manager, exhibited a configuration issue in its Windows builds of OpenSSL. Specifically, the openssldir setting was configured to a path on the build machine. This configuration...

Kaspersky•added 2022/11/02 12:0 a.m.•65 views

Exploits0References9

KLA20037 Multiple vulnerabilities in Microsoft Open Source Software

Multiple vulnerabilities were found in Microsoft Open Source Software. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code. Below is a complete list of vulnerabilities: 1. Heap buffer overflow vulnerability in X.509 certificate verification can be...

7.5CVSS9.1AI score0.83506EPSS

Exploits6References5

OSV•added 2022/06/20 8:21 p.m.•8 views

MAL-2022-6900 Malicious code in vcpkg-cmake-config (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e8ecf4f4a2a5acb298dbaab7c776bc3d8828d32d341cf921e890baa970f010e5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score

OSSF Malicious Packages•added 2022/06/20 8:21 p.m.•2 views

Malicious code in vcpkg-cmake-config (npm)

6.9AI score

OSSF Malicious Packages•added 2022/06/20 8:21 p.m.•2 views

Malicious code in vcpkg-cmake (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 80593ffd7d75714d0af2374df6c55cdee9641b04d9d96f9d909d1417f6384604 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score

OSV•added 2022/06/20 8:21 p.m.•8 views

MAL-2022-6899 Malicious code in vcpkg-cmake (npm)

7AI score