Lucene search
K
CvelistRecent

364119 matches found

Cvelist
Cvelist
added 2026/06/24 5:33 a.m.36 views

CVE-2026-12416 Invoice Generator <= 1.0.0 - Unauthenticated Account Takeover via Weak Password Reset Validation via 'reset_user_id' Parameter

The Invoice Generator plugin for WordPress is vulnerable to Account Takeover via Password Reset in all versions up to, and including, 1.0.0. This is due to the pravelinvoicechangepassword function being registered as a nopriv AJAX handler with no nonce verification and no authorization check, and...

9.8CVSS0.00364EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/06/24 5:33 a.m.36 views

CVE-2026-12417 SignUp & SignIn <= 1.0.0 - Unauthenticated Privilege Escalation via Weak Password Reset Validation via 'reset_activation_code' Leading to Account Takeover

The SignUp & SignIn plugin for WordPress is vulnerable to Authentication Bypass via Weak Password Reset Validation leading to Account Takeover in versions up to, and including, 1.0.0. This is due to the pravelchangepassword AJAX handler — registered via wpajaxnoprivpravelchangepassword and...

9.8CVSS0.00454EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/06/24 5:33 a.m.34 views

CVE-2026-9172 Devs Accounting <= 1.2.0 - Missing Authorization to Unauthenticated Account Deletion via /delete-account/ REST Endpoint

The Devs Accounting – Simple Accounting and Invoicing Solution plugin for WordPress is vulnerable to unauthorized modification/deletion of data due to a missing capability check on the deletesingleaccount function in versions up to, and including, 1.2.0. The REST route...

5.3CVSS0.00227EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/24 5:33 a.m.51 views

CVE-2026-9643 WP Meta SEO <= 4.5.18 - Unauthenticated Stored Cross-Site Scripting via REQUEST_URI in 404 Logging

The WP Meta SEO plugin for WordPress is vulnerable to Unauthenticated Stored Cross-Site Scripting via the REQUESTURI server variable in all versions up to, and including, 4.5.18. When the plugin's wpmsTemplateRedirect hook detects a 404, it concatenates $SERVER'HTTPHOST' with the raw...

7.2CVSS0.00241EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/24 5:33 a.m.33 views

CVE-2026-6292 MP Customize Login Page <= 1.0 - Cross-Site Request Forgery to Settings Update

The MP Customize Login Page plugin for WordPress is vulnerable to Cross-Site Request Forgery CSRF in all versions up to and including 1.0. This is due to a completely broken nonce validation in the entermpclploginoptions function, which contains an inverted check if wpverifynonce... return false;...

4.3CVSS0.00176EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/24 5:33 a.m.33 views

CVE-2026-9616 Generate Security.txt <= 1.0.12 - Missing Authorization to Authenticated (Subscriber+) Security.txt Deletion via delete_securitytxt AJAX Action

The Generate Security.txt plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.0.12. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with...

4.3CVSS0.0024EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/06/24 5:33 a.m.32 views

CVE-2026-8617 SearchPlus <= 1.7.1 - Missing Authorization to Unauthenticated Settings Modification and Deletion via searchplus_save_token & searchplus_reset_token AJAX Actions

The SearchPlus plugin for WordPress is vulnerable to unauthorized modification and deletion of data in versions up to, and including, 1.7.1. This is due to a missing capability check and missing nonce validation on the searchplussavetokenactioncallback and searchplusresettokenactioncallback...

5.3CVSS0.00228EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/24 5:33 a.m.38 views

CVE-2026-8705 ClearSale Total <= 3.4.2 - Unauthenticated SQL Injection

The ClearSale Total plugin for WordPress is vulnerable to SQL Injection via the pagsegurometodo POST parameter of the clearsaletotalpush AJAX action in all versions up to, and including, 3.4.2. The handler is registered for unauthenticated users wpajaxnoprivclearsaletotalpush, and although a...

7.5CVSS0.00505EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/24 5:33 a.m.31 views

CVE-2026-9184 24liveblog <= 2.2 - Missing Authorization to Authenticated (Author+) Settings Modification via update_lb24_token AJAX action

The 24liveblog - live blog tool plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the updatelb24token AJAX function in versions up to, and including, 2.2. The handler only verifies the 'lb24' nonce which is generated and localized to any...

4.3CVSS0.00215EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/24 5:33 a.m.32 views

CVE-2026-12095 Kargo Takip <= 1.2 - Unauthenticated Server-Side Request Forgery via 'api_url' Parameter

The Kargo Takip plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.2 via the 'apiurl' parameter. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be...

7.2CVSS0.0029EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/24 5:33 a.m.32 views

CVE-2026-10552 Blue Captcha <= 2.0.1 - Cross-Site Request Forgery via 'blcap_action' Parameter

The Blue Captcha plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to and including 2.0.1. This is due to missing or incorrect nonce validation on the main admin panel blcapmainpage and on the Hall of Shame and Log subpages, which accept a 'blcapaction' / 'action'...

4.3CVSS0.00146EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/24 5:33 a.m.30 views

CVE-2026-8628 EntreDroppers <= 1.1.2 - Reflected Cross-Site Scripting via PHP_SELF Parameter

The EntreDroppers plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via PHPSELF Parameter in all versions up to, and including, 1.1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts...

6.1CVSS0.00205EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/24 5:33 a.m.32 views

CVE-2026-7617 Secufor_OAuth <= 1.0.7 - Missing Authorization to Unauthenticated Account Logout via 'secuforoauth_unregister_action' AJAX Action

The SecuforOAuth plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 1.0.7. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to disconnect the WordPress...

5.3CVSS0.00295EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/24 5:33 a.m.30 views

CVE-2026-8614 Assistio <= 1.1.2 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Deletion via assistio_plugin_delete_assistio_settings AJAX Action

The Assistio plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check and missing nonce verification on the assistioplugindeleteassistiosettings function in versions up to, and including, 1.1.2. This makes it possible for authenticated attackers,...

4.3CVSS0.00238EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/24 5:33 a.m.35 views

CVE-2026-9619 Reviews and Rating <= 1.1.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Modification via sync_reviews AJAX Action

The Reviews and Rating – Docplanner plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.1.4. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with...

4.3CVSS0.00307EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/24 5:33 a.m.31 views

CVE-2026-4297 Welcome Software Publishing <= 0.0.31 - Authenticated (Subscriber+) Arbitrary Options Update to Privilege Escalation via 'nc.setOption' XML-RPC Method

The Welcome Software Publishing plugin for WordPress is vulnerable to Arbitrary Options Update in all versions up to and including 0.0.31. This is due to a missing capability check in the ncsetOption function, which is exposed via the nc.setOption XML-RPC method. The function authenticates the us...

8.8CVSS0.00463EPSS
Exploits0References9
Cvelist
Cvelist
added 2026/06/24 5:33 a.m.31 views

CVE-2026-9724 MotorDesk <= 1.1.2 - Cross-Site Request Forgery to Settings Update

The MotorDesk plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the motordeskadminhome function. This makes it possible for unauthenticated attackers to update the plugin's...

4.3CVSS0.00145EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/24 5:33 a.m.36 views

CVE-2026-12094 Advanced Contact Form 7 <= 1.0.0 - Missing Authorization to Unauthenticated Arbitrary Contact Form Submission Deletion via 'form_id' Parameter

The Advanced Contact Form 7 - Compact DB plugin for WordPress is vulnerable to unauthorized deletion of data due to a missing capability check on the cf7cdbajaxdeleteuser function in versions up to, and including, 1.0.0. The handler is registered against both wpajaxcf7cdbdelete and...

5.3CVSS0.00295EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/24 5:33 a.m.33 views

CVE-2026-10092 Cincopa video and media plug-in <= 1.163 - Unauthenticated Stored Cross-Site Scripting via cincopa Shortcode in Post Comments

The Cincopa video and media plug-in plugin for WordPress is vulnerable to Stored Cross-Site Scripting via cincopa Shortcode in Post Comments in all versions up to, and including, 1.163 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers...

7.2CVSS0.00297EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/24 5:33 a.m.30 views

CVE-2026-9179 WP Forms Connector <= 1.8 - Unauthenticated SQL Injection via 'order' Parameter

The WP Forms Connector plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter of the /wp-json/wp/v3/post/list REST endpoint in versions up to and including 1.8. This is due to insufficient escaping on the user-supplied 'order' parameter read directly from $GET'order' into...

7.5CVSS0.00376EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/24 5:33 a.m.32 views

CVE-2026-11370 WP Meta SEO <= 4.5.18 - Authenticated (Contributor+) Server-Side Request Forgery via 'new_link' Parameter

The WP Meta SEO plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.5.18 via the 'newlink' parameter. This makes it possible for authenticated attackers, with contributor-level access and above, to make web requests to arbitrary locations...

6.4CVSS0.00242EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/24 5:33 a.m.31 views

CVE-2026-10091 Email JavaScript Cloak <= 1.03 - Unauthenticated Stored Cross-Site Scripting

The Email JavaScript Cloak plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'email' shortcode in all versions up to, and including, 1.03 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticat...

7.2CVSS0.00264EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/24 5:33 a.m.33 views

CVE-2026-9721 Book a Room Event Calendar <= 1.9 - Cross-Site Request Forgery to Settings Update

The Book a Room Event Calendar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.9. This is due to missing or incorrect nonce validation on the settingsform/updatesettings functionality. The plugin's options page handler dispatches on the...

4.3CVSS0.00103EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/24 5:33 a.m.33 views

CVE-2026-9175 Devs Accounting <= 1.2.0 - Missing Authorization to Unauthenticated Sensitive Information Exposure via 'id' Parameter

The Devs Accounting – Simple Accounting and Invoicing Solution plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.2.0. This is due to the getsingleaccount REST API callback being registered with a permissioncallback that unconditionally returns tru...

5.3CVSS0.00348EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/24 5:33 a.m.31 views

CVE-2026-8905 Osiris Signature Banner <= 0.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting via 'prepend_text' Parameter

The Osiris Signature Banner plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.5. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious...

6.1CVSS0.00135EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/24 5:33 a.m.33 views

CVE-2026-12100 URL Preview <= 1.0 - Unauthenticated Server-Side Request Forgery via 'url' Parameter

The URL Preview plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.0 via the 'url' parameter. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be use...

7.2CVSS0.00281EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/24 4:37 a.m.34 views

CVE-2026-9539 libslirp TCP URG OOB Read Information Leak

An out-of-bounds heap read and integer underflow in the TCP urgent data handling sosendoob in freedesktop.org libslirp version before v4.9.2 on hypervisor host environments e.g., QEMU allows a privileged guest VM attacker root or CAPNETRAW to leak gigabytes of sensitive host-process heap memory v...

6.5CVSS0.00106EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/24 3:40 a.m.32 views

CVE-2026-12851 GeoVision GV-I/O Box 4E libNetSetObj.so OS command injection vulnerability

Multiple OS command injection vulnerabilities exist in the libNetSetObj.so functionality of GeoVision GV-I/O Box 4E 2.09. A specially crafted network packet can lead to command execution. An attacker can send a network request to trigger this vulnerability. libNetSetObj.so is an internal library...

9.1CVSS0.01684EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/24 3:40 a.m.33 views

CVE-2026-12850 GeoVision GV-I/O Box 4E libNetSetObj.so OS command injection vulnerability

Multiple OS command injection vulnerabilities exist in the libNetSetObj.so functionality of GeoVision GV-I/O Box 4E 2.09. A specially crafted network packet can lead to command execution. An attacker can send a network request to trigger this vulnerability. libNetSetObj.so is an internal library...

9.1CVSS0.0172EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/24 3:40 a.m.35 views

CVE-2026-12849 GeoVision GV-I/O Box 4E libNetSetObj.so OS command injection vulnerability

Multiple OS command injection vulnerabilities exist in the libNetSetObj.so functionality of GeoVision GV-I/O Box 4E 2.09. A specially crafted network packet can lead to command execution. An attacker can send a network request to trigger this vulnerability. libNetSetObj.so is an internal library...

9.1CVSS0.01684EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/24 3:40 a.m.33 views

CVE-2026-12486 GeoVision GV-I/O Box 4E libNetSetObj.so OS command injection vulnerability

Multiple OS command injection vulnerabilities exist in the libNetSetObj.so functionality of GeoVision GV-I/O Box 4E 2.09. A specially crafted network packet can lead to command execution. An attacker can send a network request to trigger this vulnerability. libNetSetObj.so is an internal library...

9.1CVSS0.0172EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/24 3:34 a.m.34 views

CVE-2026-12848 GeoVision GV-I/O Box DVRSearch buffer overflow vulnerabilities in CMD_IP_SET command

GV-I/O Box 4E is a smart embedded device with 4 input and 4 relays output that can be controlled over Ethernet and RS-485. DVRSearch is a service running by default on the IOBox listening for UDP messages on port 10001. Any user on the network can send messages to this service and interact with i...

10CVSS0.00427EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/24 3:34 a.m.33 views

CVE-2026-12847 GeoVision GV-I/O Box DVRSearch buffer overflow vulnerabilities in CMD_IP_SET command

GV-I/O Box 4E is a smart embedded device with 4 input and 4 relays output that can be controlled over Ethernet and RS-485. DVRSearch is a service running by default on the IOBox listening for UDP messages on port 10001. Any user on the network can send messages to this service and interact with i...

10CVSS0.00427EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/24 3:34 a.m.34 views

CVE-2026-12846 GeoVision GV-I/O Box DVRSearch buffer overflow vulnerabilities in CMD_IP_SET command

GV-I/O Box 4E is a smart embedded device with 4 input and 4 relays output that can be controlled over Ethernet and RS-485. DVRSearch is a service running by default on the IOBox listening for UDP messages on port 10001. Any user on the network can send messages to this service and interact with i...

10CVSS0.00427EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/24 3:34 a.m.32 views

CVE-2026-12485 GeoVision GV-I/O Box DVRSearch buffer overflow vulnerabilities in CMD_IP_SET command

GV-I/O Box 4E is a smart embedded device with 4 input and 4 relays output that can be controlled over Ethernet and RS-485. DVRSearch is a service running by default on the IOBox listening for UDP messages on port 10001. Any user on the network can send messages to this service and interact with i...

10CVSS0.00436EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/24 3:34 a.m.31 views

CVE-2026-12488 GeoVision GV-VMS V20 GV-Cloud memory corruption vulnerability

A memory corruption vulnerability exists in the GV-Cloud functionality of GeoVision GV-VMS V20 20.0.2. A specially crafted network request can lead to a denial of service. An attacker can impersonate the legitimate server to trigger this vulnerability...

6.2CVSS0.00197EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/24 2:29 a.m.32 views

CVE-2026-11614 Xpro Addons <= 1.7.2 - Authenticated (Author+) Stored Cross-Site Scripting via 'custom_attributes' Parameter of Multiple Widgets

The Xpro Addons — 140+ Widgets for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'customattributes' parameter in all versions up to, and including, 1.7.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS0.00256EPSS
Exploits0References19
Cvelist
Cvelist
added 2026/06/24 2:29 a.m.36 views

CVE-2026-3652 ARForms <= 7.1.3 - Unauthenticated Stored Cross-Site Scripting via 'value' Parameter

The ARForms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the value parameter of the arfsaveincompleteformdata AJAX action in all versions up to, and including, 7.1.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

7.2CVSS0.0019EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/24 12:49 a.m.31 views

CVE-2026-12681

Improper Validation of Specified Index, Position, or Offset in Input vulnerability in Google go-attestation. parseEfiSignatureList does not advance the buffer past vendor bytes before reading entries. For hashSHA256SigGUID lists, this allows attacker-controlled vendor header bytes to be appended ...

8.9CVSS0.00191EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/24 12:17 a.m.32 views

CVE-2026-54639 Style Dictionary - Prototype Pollution in convertTokenData utility function

Style Dictionary, a build system for creating cross-platform styles, has a prototype pollution vulnerability starting in version 4.3.0 and prior to version 5.4.4. Impact users have: direct usage of convertTokenDatatokens, output: 'object' ;; indirect usage, via using Expand API; and/or indirect...

8.8CVSS0.00132EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/24 12:0 a.m.28 views

CVE-2025-60473

A NULL pointer dereference in the gffilterinparentchain function /filtercore/filterpid.c of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service DoS via supplying a crafted file...

0.00141EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/06/24 12:0 a.m.26 views

CVE-2025-60466

A use-after-free in the gffilterpidgetpacket function /filtercore/filterpid.c of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service DoS via supplying a crafted media file...

0.00121EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/06/24 12:0 a.m.32 views

CVE-2026-49269

Apple M1 GPUs retain register file data between compute shader dispatches from different processes. A sandboxed Metal attacker app can run a GPU reader shader that reads stale register values left by a separate sandboxed victim app. In the proof of concept, GPUVictim.app generates a fresh random...

0.00303EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/24 12:0 a.m.17 views

CVE-2025-60468

GPAC Multimedia Open Source Project GPAC Project/MP4Box 2.5-DEV-rev1593-gfe88c3545-master is affected by: Buffer Overflow. The impact is: cause a denial of service local. The component is: filtercore/filterpid.c L:574-580: function gffilterpidinstswapdeletetask improperly accesses freed objects...

0.0013EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/06/24 12:0 a.m.16 views

CVE-2025-60474

A buffer overflow in the gfmediaimport function /mediatools/avparsers.c of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service DoS via supplying a crafted input...

0.00579EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/06/24 12:0 a.m.16 views

CVE-2025-60467

A use-after-free in the gffilterpidinstswapdeletetask function /filtercore/filterpid.c of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service DoS via supplying a crafted media file...

0.0051EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/06/24 12:0 a.m.28 views

CVE-2025-60471

A use-after-free in the gffilterpidreconfiguretaskdiscard function /filtercore/filterpid.c of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service DoS via supplying a crafted media file...

0.00136EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/06/23 11:54 p.m.30 views

CVE-2026-7574 Anthropic Claude Desktop Cowork VM Image Contents Not Validated Before Use

Anthropic Claude Desktop Cowork VM image handling confirmed across v1.1348.0 through v1.2278.0, including v1.1348.0, v1.1617.0, and v1.2278.0 validates only file presence and a version marker string before booting rootfs.img, but does not verify image content integrity at time-of-use. A local...

8.7CVSS0.00103EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/06/23 11:50 p.m.29 views

CVE-2026-5818 MCU Firmware Update Authentication Bypass on Caliptra Core

Incorrect check of function return value in Caliptra Core Runtime Firmware ActivateFirmwareCmd::activatefw modules allows bypass of Caliptra Core's verification of the MCU FW during a hitless update. This issue affects Core Runtime Firmware: from 2.0.0 through 2.0.1, 2.1.0...

7.2CVSS0.00155EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/23 11:49 p.m.33 views

CVE-2026-6458 AES-256-GCM Authentication Tag Does Not Cover First Ciphertext Blocks When AAD Is Empty

Missing cryptographic step in Caliptra Core Firmware aes256gcmupdate module results in an incorrect GCM authentication tag. When the streaming AES-256-GCM API is used with empty AAD, the hardware GHASH accumulator state is not saved after the first update call, causing the final tag to exclude th...

5.1CVSS0.00128EPSS
Exploits0References1
Total number of security vulnerabilities364119