| CVE-2026-48480 |
2026-06-04 |
The netty incubator codec.bhttp is a java language binary http parser. Prior to version 0.0.22.FInal, the codec-ohttp implementation of draft-ietf-ohai-chunked-ohttp does not verify that a cryptograph… |
| CVE-2026-41395 |
2026-04-28 |
OpenClaw before 2026.3.28 contains a webhook replay vulnerability in Plivo V3 signature verification that canonicalizes query ordering for signatures but hashes raw URLs for replay detection. Attacker… |
| CVE-2026-29142 |
2026-04-02 |
SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to forge a GINA-encrypted email. |
| CVE-2026-4601 |
2026-03-23 |
Versions of the package jsrsasign before 11.1.1 are vulnerable to Missing Cryptographic Step via the KJUR.crypto.DSA.signWithMessageHash process in the DSA signing implementation. An attacker can reco… |
| CVE-2026-4258 |
2026-03-17 |
All versions of the package sjcl are vulnerable to Improper Verification of Cryptographic Signature due to missing point-on-curve validation in sjcl.ecc.basicKey.publicKey(). An attacker can recover a… |
| CVE-2025-47383 |
2026-03-02 |
Weak configuration may lead to cryptographic issue when a VoWiFi call is triggered from UE. |
| CVE-2025-69418 |
2026-01-27 |
Issue summary: When using the low-level OCB API directly with AES-NI or<br>other hardware-accelerated code paths, inputs whose length is not a multiple<br>of 16 bytes can leave the final partial block… |
| CVE-2026-22863 |
2026-01-15 |
Deno is a JavaScript, TypeScript, and WebAssembly runtime. Before 2.6.0, node:crypto doesn't finalize cipher. The vulnerability allows an attacker to have infinite encryptions. This can lead to naive … |
| CVE-2025-60704 |
2025-11-11 |
Missing cryptographic step in Windows Kerberos allows an unauthorized attacker to elevate privileges over a network. |
| CVE-2025-59339 |
2025-09-17 |
The Bastion provides authentication, authorization, traceability and auditability for SSH accesses. Session-recording ttyrec files, may be handled by the provided osh-encrypt-rsync script that is a he… |
| CVE-2025-58359 |
2025-09-05 |
ZF FROST is a Rust implementation of FROST (Flexible Round-Optimised Schnorr Threshold signatures). In versions 2.0.0 through 2.1.0, refresh shares with smaller min_signers will reduce security of gro… |
| CVE-2025-49600 |
2025-07-04 |
In MbedTLS 3.3.0 before 3.6.4, mbedtls_lms_verify may accept invalid signatures if hash computation fails and internal errors go unchecked, enabling LMS (Leighton-Micali Signature) forgery in a fault … |
| CVE-2015-20112 |
2025-06-29 |
RLPx 5 has two CTR streams based on the same key, IV, and nonce. This can facilitate decryption on a private network. |
| CVE-2025-5323 |
2025-05-29 |
A vulnerability, which was classified as problematic, has been found in fossasia open-event-server 1.19.1. This issue affects the function send_email_change_user_email of the file /fossasia/open-event… |
| CVE-2025-3938 |
2025-05-22 |
Missing Cryptographic Step vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Cryptanalysis. This issue affects Niagar… |
| CVE-2025-30147 |
2025-05-07 |
Besu Native contains scripts and tooling that is used to build and package the native libraries used by the Ethereum client Hyperledger Besu. Besu 24.7.1 through 25.2.2, corresponding to besu-native v… |
| CVE-2024-55655 |
2024-12-10 |
sigstore-python is a Python tool for generating and verifying Sigstore signatures. Versions of sigstore-python newer than 2.0.0 but prior to 3.6.0 perform insufficient validation of the "integration t… |
| CVE-2022-20793 |
2024-11-15 |
A vulnerability in pairing process of Cisco TelePresence CE Software and RoomOS Software for Cisco Touch 10 Devices could allow an unauthenticated, remote attacker to impersonate a legitimat… |
| CVE-2024-43547 |
2024-10-08 |
Windows Kerberos Information Disclosure Vulnerability |
| CVE-2023-39199 |
2023-11-14 |
Cryptographic issues with In-Meeting Chat for some Zoom clients may allow a privileged user to conduct an information disclosure via network access. |