Vulnerabilities in OpenSSL
117 resultsCVE-2026-28390HIGHPossible NULL Dereference When Processing CMS KeyTransportRecipientInfoEPSS 0.8%CVE-2026-28389HIGHPossible NULL Dereference When Processing CMS KeyAgreeRecipientInfoEPSS 0.8%CVE-2025-69420HIGHMissing ASN1_TYPE validation in TS_RESP_verify_response() functionEPSS 0.8%CVE-2025-15468MEDIUMNULL dereference in SSL_CIPHER_find() function on unknown cipher IDEPSS 0.7%CVE-2026-42764HIGHNULL Pointer Dereference in QUIC Server Initial Packet HandlingEPSS 0.7%CVE-2019-1552—Windows builds with insecure path defaultsEPSS 0.7%CVE-2026-28387HIGHPotential Use-after-free in DANE Client CodeEPSS 0.6%CVE-2024-13176MEDIUMTiming side-channel in ECDSA signature computationEPSS 0.6%CVE-2026-42766MEDIUMPossible NULL Dereference in Password-Based CMS DecryptionEPSS 0.6%CVE-2023-2975MEDIUMAES-SIV implementation ignores empty associated data entriesEPSS 0.5%CVE-2025-11187MEDIUMImproper validation of PBMAC1 parameters in PKCS#12 MAC verificationEPSS 0.5%CVE-2026-34180HIGHHeap Buffer Over-read in ASN.1 Content ParsingEPSS 0.5%CVE-2026-34183HIGHUnbounded Memory Growth in the QUIC PATH_CHALLENGE HandlerEPSS 0.5%CVE-2026-22796MEDIUMASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() functionEPSS 0.5%CVE-2025-69419HIGHOut of bounds write in PKCS12_get_friendlyname() UTF-8 conversionEPSS 0.4%CVE-2026-2673MEDIUMOpenSSL TLS 1.3 server may choose unexpected key agreement groupEPSS 0.4%CVE-2026-42765HIGHNULL Dereference in Certificate Verification with OCSP CheckingEPSS 0.4%CVE-2025-66199MEDIUMTLS 1.3 CompressedCertificate excessive memory allocationEPSS 0.4%CVE-2026-7383HIGHPossible Heap Buffer Overflow in ASN.1 Multibyte String ConversionEPSS 0.4%CVE-2026-42768LOWMulti-RecipientInfo Bleichenbacher Oracle in CMS_decrypt() and PKCS7_decrypt()EPSS 0.4%