CVE-2026-5460

Vulnerability summary (CVE-2026-5460) : A heap use-after-free exists in wolfSSL’s TLS 1.3 post-quantum cryptography (PQC) hybrid KeyShare processing. In the error path of TLSX_KeyShare_ProcessPqcHybridClient() (src/tls.c), TLSX_KeyShare_ProcessPqcClient_ex() frees a KyberKey object on error. The ...

EUVD-2020-4077

Malware in sbrugna...

EUVD-2024-47107

Malicious code in bioql PyPI...

EUVD-2023-59134

Malicious code in bioql PyPI...

CVE-2025-7396

In wolfSSL release 5.8.2 blinding support is turned on by default for Curve25519 in applicable builds. The blinding configure option is only for the base C implementation of Curve25519. It is not needed, or available with; ARM assembly builds, Intel assembly builds, and the small Curve25519...

CVE-2025-5025

libcurl supports pinning of the server certificate public key for HTTPS transfers. Due to an omission, this check is not performed when connecting with QUIC for HTTP/3, when the TLS backend is wolfSSL. Documentation says the option works with wolfSSL, failing to specify that it does not for QUIC...

CVE-2025-5025

libcurl supports pinning of the server certificate public key for HTTPS transfers. Due to an omission, this check is not performed when connecting with QUIC for HTTP/3, when the TLS backend is wolfSSL. Documentation says the option works with wolfSSL, failing to specify that it does not for QUIC...

CVE-2022-25640

In wolfSSL before 5.2.0, a TLS 1.3 server cannot properly enforce a requirement for mutual authentication. A client can simply omit the certificateverify message from the handshake, and never present a certificate...

curl: CVE-2025-5025: No QUIC certificate pinning with wolfSSL

Summary: When using wolfSSL as the TLS backend, certificate pinning does not work when using HTTP/3. The code should invoke wsslverifypinned, but it has not been implemented. Affected version curl -V WARNING: this libcurl is Debug-enabled, do not use in production curl 8.13.0 x8664-pc-linux-gnu...

Azure Linux 3.0 Security Update: mariadb (CVE-2024-1543)

The version of mariadb installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-1543 advisory. - The side-channel protected T-Table implementation in wolfSSL up to version 5.6.5 protects against a side-...

CBL Mariner 2.0 Security Update: mariadb (CVE-2024-1545)

The version of mariadb installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-1545 advisory. - Fault Injection vulnerability in RsaPrivateDecryption function in wolfssl/wolfcrypt/src/rsa.c in WolfSSL...

CVE-2014-2904

wolfssl before 3.2.0 has a server certificate that is not properly authorized for server authentication...

CVE-2016-7438

The C software implementation of ECC in wolfSSL formerly CyaSSL before 3.9.10 makes it easier for local users to discover RSA keys by leveraging cache-bank hit differences...