| CVE-2026-6458 |
2026-06-23 |
Missing cryptographic step in Caliptra Core Firmware (aes_256_gcm_update module) results in an incorrect GCM authentication tag. When the streaming AES-256-GCM API is used with empty AAD, the hardware… |
| CVE-2026-49440 |
2026-06-23 |
Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.8.1, node:crypto.checkPrime(candidate[, options][, callback]) and crypto.checkPrimeSync(candidate[, options]) ran no Miller-Rabin … |
| CVE-2026-9266 |
2026-06-12 |
A Missing Required Cryptographic Step vulnerability has been identified in Moxa's embedded Linux firmware for industrial computers and controllers. This vulnerability represents an incomplete remediat… |
| CVE-2026-45446 |
2026-06-09 |
Issue summary: The implementations of AES-SIV (RFC 5297) and AES-GCM-SIV
(RFC 8452) mishandle the authentication of AAD (Additional Authenticated
Data) with an empty ciphertext allowing a forgery of s… |
| CVE-2026-45445 |
2026-06-09 |
Issue summary: When an application drives an AES-OCB context through the
public EVP_Cipher() one-shot interface, the application-supplied
initialisation vector (IV) is silently discarded.
Impact summ… |
| CVE-2026-42770 |
2026-06-09 |
Issue summary: When EVP_PKEY_derive_set_peer() is called with a DHX (X9.42)
peer key, the peer key is not properly checked for the subgroup membership.
Impact summary: A malicious peer which presents… |
| CVE-2026-0420 |
2026-06-09 |
An improper implementation of TLS certificate validation vulnerability found in NETGEAR's ReadyCloud client app which could allow an attacker to perform attacker-in-the-middle (MiTM) style attacks imp… |
| CVE-2026-48480 |
2026-06-04 |
The netty incubator codec.bhttp is a java language binary http parser. Prior to version 0.0.22.FInal, the codec-ohttp implementation of draft-ietf-ohai-chunked-ohttp does not verify that a cryptograph… |
| CVE-2026-42246 |
2026-05-09 |
Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to versions 0.3.10, 0.4.24, 0.5.14, and 0.6.4, a man-in-the-middle attacker can cause Net::IMAP#starttl… |
| CVE-2026-41395 |
2026-04-28 |
OpenClaw before 2026.3.28 contains a webhook replay vulnerability in Plivo V3 signature verification that canonicalizes query ordering for signatures but hashes raw URLs for replay detection. Attacker… |
| CVE-2026-40542 |
2026-04-22 |
Missing critical step in authentication in Apache HttpClient 5.6 allows an attacker to cause the client to accept SCRAM-SHA-256 authentication without proper mutual authentication verification. Users … |
| CVE-2026-29142 |
2026-04-02 |
SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to forge a GINA-encrypted email. |
| CVE-2026-4601 |
2026-03-23 |
Versions of the package jsrsasign before 11.1.1 are vulnerable to Missing Cryptographic Step via the KJUR.crypto.DSA.signWithMessageHash process in the DSA signing implementation. An attacker can reco… |
| CVE-2026-4258 |
2026-03-17 |
All versions of the package sjcl are vulnerable to Improper Verification of Cryptographic Signature due to missing point-on-curve validation in sjcl.ecc.basicKey.publicKey(). An attacker can recover a… |
| CVE-2026-28498 |
2026-03-16 |
Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.9, a library-level vulnerability was identified in the Authlib Python library concerning the validation … |
| CVE-2025-47383 |
2026-03-02 |
Weak configuration may lead to cryptographic issue when a VoWiFi call is triggered from UE. |
| CVE-2025-69418 |
2026-01-27 |
Issue summary: When using the low-level OCB API directly with AES-NI or<br>other hardware-accelerated code paths, inputs whose length is not a multiple<br>of 16 bytes can leave the final partial block… |
| CVE-2026-22863 |
2026-01-15 |
Deno is a JavaScript, TypeScript, and WebAssembly runtime. Before 2.6.0, node:crypto doesn't finalize cipher. The vulnerability allows an attacker to have infinite encryptions. This can lead to naive … |
| CVE-2025-60704 |
2025-11-11 |
Missing cryptographic step in Windows Kerberos allows an unauthorized attacker to elevate privileges over a network. |
| CVE-2025-59339 |
2025-09-17 |
The Bastion provides authentication, authorization, traceability and auditability for SSH accesses. Session-recording ttyrec files, may be handled by the provided osh-encrypt-rsync script that is a he… |