CVE-2025-15638

Daily digests

The Perl module Net::Dropbear (before 0.14) ships a bundled copy of libtomcrypt v1.18.1 or older, which carries known crypto bugs from 2016 and 2018. An attacker could exploit weaknesses in the crypto library to undermine authentication or key exchange. The CVSS 10.0 score reflects worst-case impact, but real-world risk depends on whether your app exposes Dropbear's SSH interface directly.

• Daily Digest · Apr 21, 2026

  4 CVSS 10.0s today, Spinnaker RCE tops the list