openssl
298 tracked vulnerabilities.
CVE-2026-9076
HIGH
Out-of-Bounds Read in CMS Password-Based Decryption
Jun 09, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-7383
HIGH
Possible Heap Buffer Overflow in ASN.1 Multibyte String Conversion
Jun 09, 2026
CVSS 8.1
EPSS 0.00
CVE-2026-45447
HIGH
Heap Use-After-Free in the PKCS7_verify() Function
Jun 09, 2026
CVSS 8.8
EPSS 0.03
CVE-2026-45446
MEDIUM
Incorrect Tag Processing for Empty Messages in AES-GCM-SIV and AES-SIV modes
Jun 09, 2026
CVSS 4.8
EPSS 0.00
CVE-2026-45445
HIGH
OpenSSL - AES-OCB IV Ignored on EVP_Cipher() Path
Jun 09, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-42771
MEDIUM
Possible Out of Bounds Read in X509_VERIFY_PARAM_set1_email()
Jun 09, 2026
CVSS 6.2
EPSS 0.00
CVE-2026-42770
LOW
OpenSSL - FFC-DH Peer Validation Uses Attacker-Supplied Q
Jun 09, 2026
CVSS 3.7
EPSS 0.00
CVE-2026-42769
MEDIUM
Trust-Anchor Substitution via cert/issuer Typo in CMP rootCaKeyUpdate
Jun 09, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-42768
LOW
Multi-RecipientInfo Bleichenbacher Oracle in CMS_decrypt() and PKCS7_decrypt()
Jun 09, 2026
CVSS 3.7
EPSS 0.00
CVE-2026-42767
MEDIUM
OpenSSL - NULL Pointer Dereference in CRMF EncryptedValue Decryption
Jun 09, 2026
CVSS 5.9
EPSS 0.00
CVE-2026-42766
MEDIUM
OpenSSL - Possible NULL Dereference in Password-Based CMS Decryption
Jun 09, 2026
CVSS 5.9
EPSS 0.01
CVE-2026-42765
HIGH
OpenSSL - NULL Dereference in Certificate Verification with OCSP Checking
Jun 09, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-42764
HIGH
NULL Pointer Dereference in QUIC Server Initial Packet Handling
Jun 09, 2026
CVSS 7.5
EPSS 0.01
CVE-2026-35188
MEDIUM
OpenSSL - Double-Free When Checking OCSP Stapled Response
Jun 09, 2026
CVSS 5.0
EPSS 0.00
CVE-2026-34183
HIGH
Unbounded Memory Growth in the QUIC PATH_CHALLENGE Handler
Jun 09, 2026
CVSS 7.5
EPSS 0.01
CVE-2026-34182
CRITICAL
CMS AuthEnvelopedData Processing May Accept Forged Messages
Jun 09, 2026
CVSS 9.1
EPSS 0.00
CVE-2026-34181
HIGH
PKCS#12 Files with PBMAC1 Are Accepted with Short HMAC Keys
Jun 09, 2026
CVSS 7.4
EPSS 0.00
CVE-2026-34180
HIGH
Heap Buffer Over-read in ASN.1 Content Parsing
Jun 09, 2026
CVSS 7.5
EPSS 0.01
CVE-2026-31790
HIGH
Incorrect Failure Handling in RSA KEM RSASVE Encapsulation
Apr 07, 2026
CVSS 7.5
EPSS 0.01
CVE-2026-31789
CRITICAL
Heap Buffer Overflow in Hexadecimal Conversion
Apr 07, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-28390
HIGH
Possible NULL Dereference When Processing CMS KeyTransportRecipientInfo
Apr 07, 2026
CVSS 7.5
EPSS 0.01
CVE-2026-28389
HIGH
Possible NULL Dereference When Processing CMS KeyAgreeRecipientInfo
Apr 07, 2026
CVSS 7.5
EPSS 0.01
CVE-2026-28388
HIGH
NULL Pointer Dereference When Processing a Delta CRL
Apr 07, 2026
CVSS 7.5
EPSS 0.01
CVE-2026-28387
HIGH
Potential Use-after-free in DANE Client Code
Apr 07, 2026
CVSS 8.1
EPSS 0.01
CVE-2026-28386
HIGH
OpenSSL 3.6.0-3.6.1 - Denial of Service via AES-CFB128 Partial Block Processing
Apr 07, 2026
CVSS 7.5
EPSS 0.00
Products
Quick Filters