Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

CVE
CVEadded 2 hours ago7 views

CVE-2026-41207

The CVE concerns the netty-incubator-codec-ohttp project. Before version 0.0.21.Final, HKDF_expand could return a non-NULL failure result and fill the output byte[] with zeros, making HKDF key material indistinguishable from a legitimate output. This zeroed material feeds directly into OHttpCrypt...

6.9CVSS5.8AI score
Exploits0References2
Positive Technologies
Positive Technologiesadded 2026/05/26 12:0 a.m.6 views

PT-2026-43441

Name of the Vulnerable Software and Affected Versions netty incubator codec.bhttp versions prior to 0.0.21.Final Description The HKDF expand function returns a non-NULL byte array filled with zeros upon failure, making it impossible to distinguish between a successful operation and a failure. Thi...

6.9CVSS5.8AI score
Exploits0References5
RedHat Linux
RedHat Linuxadded 2024/10/02 6:24 p.m.5 views

golang-fips: Golang FIPS zeroed buffer

A vulnerability was found in Golang FIPS OpenSSL. This flaw allows a malicious user to randomly cause an uninitialized buffer length variable with a zeroed buffer to be returned in FIPS mode. It may also be possible to force a false positive match between non-equal hashes when comparing a trusted...

6.5CVSS5.8AI score0.0007EPSS
Exploits0References5
OSV
OSVadded 2024/10/01 7:15 p.m.2 views

CVE-2024-9355

A vulnerability was found in Golang FIPS OpenSSL. This flaw allows a malicious user to randomly cause an uninitialized buffer length variable with a zeroed buffer to be returned in FIPS mode. It may also be possible to force a false positive match between non-equal hashes when comparing a trusted...

6.5CVSS7.2AI score0.0007EPSS
Exploits0References14
OSV
OSVadded 2022/11/21 10:15 a.m.0 views

UBUNTU-CVE-2022-45146

An issue was discovered in the FIPS Java API of Bouncy Castle BC-FJA before 1.0.2.4. Changes to the JVM garbage collector in Java 13 and later trigger an issue in the BC-FJA FIPS modules where it is possible for temporary keys used by the module to be zeroed out while still in use by the module,...

5.5CVSS7.1AI score0.00148EPSS
Exploits1References4
RedHat Linux
RedHat Linuxadded 2018/03/07 10:33 a.m.0 views

OpenJDK: unsynchronized access to encryption key data (Libraries, 8172525)

It was discovered that multiple encryption key classes in the Libraries component of OpenJDK did not properly synchronize access to their internal data. This could possibly cause a multi-threaded Java application to apply weak encryption to data because of the use of a key that was zeroed out...

4.3CVSS7.3AI score0.0013EPSS
Exploits0References4
RedHat Linux
RedHat Linuxadded 2018/01/17 5:33 p.m.3 views

OpenJDK: unsynchronized access to encryption key data (Libraries, 8172525)

It was discovered that multiple encryption key classes in the Libraries component of OpenJDK did not properly synchronize access to their internal data. This could possibly cause a multi-threaded Java application to apply weak encryption to data because of the use of a key that was zeroed out...

4.3CVSS7.3AI score0.0013EPSS
Exploits0References4
Rows per page
Query Builder