CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedHat Linux•added 2 days ago•3 views

Important: Red Hat Security Advisory: OpenShift File Integrity Operator bug fix and enhancement update

An updated OpenShift File Integrity Operator image that fixes various bugs and adds new enhancements is now available for the Red Hat OpenShift Enterprise 4 catalog. The OpenShift File Integrity Operator v1.4.0 is now available. See the documentation for bug fix information:...

10CVSS7.2AI score0.00045EPSS

Exploits1References4

IBM Security Bulletins•added 2 days ago•2 views

Security Bulletin: Due to use of node-forge-1.3.1.tgz, IBM Sterling Connect:Direct Web Services is affected by Denial of Service (DoS).

Summary node-forge-1.3.1.tgz is used by IBM Sterling Connect:Direct Web Services CVE-2026-33891, CVE-2026-33894, CVE-2026-33895, CVE-2026-33896. Vulnerability Details CVEID:CVE-2026-33891 DESCRIPTION: Forge also called node-forge is a native implementation of Transport Layer Security in JavaScrip...

9.1CVSS5.7AI score0.00081EPSS

Exploits2Affected Software1

CBLMariner•added 5 days ago•9 views

CVE-2026-39824 affecting package azurelinux-image-tools for versions less than 1.4.0-1

CVE-2026-39824 affecting package azurelinux-image-tools for versions less than 1.4.0-1. An upgraded version of the package is available that resolves this issue...

3.3CVSS5.8AI score0.00013EPSS

Exploits0

Tenable Product Security Advisories•added 2026/05/21 8:0 p.m.•4 views

[R1] Sensor Proxy Version 1.4.0 Fixes Multiple Vulnerabilities

R1 Sensor Proxy Version 1.4.0 Fixes Multiple Vulnerabilities Jason Schavel Thu, 05/21/2026 - 16:00 Sensor Proxy leverages third-party software to help provide underlying functionality. Several of the third-party components openresty, openresty - nginx were found to contain vulnerabilities, and...

5.8AI score

Exploits0

Github Security Blog•added 2026/05/21 7:38 p.m.•3 views

nimiq-primitives: BlockInclusionProof interlink issue when hops are empty

Impact A logic flaw in BlockInclusionProof::isblockproven causes the function to return true without performing any cryptographic verification when getinterlinkhops yields an empty hop list. This occurs when the target block is at the election block position immediately preceding the election...

5.8AI score

Exploits0References5Affected Software1

Positive Technologies•added 2026/05/21 12:0 a.m.•4 views

PT-2026-42602

Impact A logic flaw in BlockInclusionProof::is block proven causes the function to return true without performing any cryptographic verification when get interlink hops yields an empty hop list. This occurs when the target block is at the election block position immediately preceding the election...

5.9CVSS5.8AI score

Exploits0References6

NVD•added 2026/05/20 10:16 p.m.•7 views

CVE-2026-40092

nimiq-blockchain provides persistent block storage for Nimiq's Rust implementation. In versions 1.3.0 and below, a malicious network peer can crash any Nimiq full node by publishing a crafted Kademlia DHT record. The maliciously crafted record would contain a TaggedSigned with a signature field...

7.5CVSS0.00026EPSS

NVD•added 2026/05/20 10:16 p.m.•7 views

CVE-2026-40094

nimiq-blockchain provides persistent block storage for Nimiq's Rust implementation. In versions 1.3.0 and prior, network-libp2p discovery accepts signed PeerContact updates from untrusted peers and stores them in a peer contact book, eventually leading to address book crash. A PeerContact can...

4.3CVSS0.00034EPSS

Cvelist•added 2026/05/20 9:27 p.m.•26 views

CVE-2026-40094 nimiq-blockchain: network-libp2p untrusted peer can crash address book via empty peer contact addresses

4.3CVSS0.00034EPSS

ATTACKERKB•added 2026/05/20 9:27 p.m.•3 views

CVE-2026-40094

Exploits0References4Affected Software1

EUVD•added 2026/05/20 9:27 p.m.•3 views

EUVD-2026-31195

CVE•added 2026/05/20 9:27 p.m.•11 views

CVE-2026-40094

The CVE affects nimiq-blockchain (Rust). In versions up to 1.3.0, network-libp2p discovery accepts signed PeerContact updates from untrusted peers and stores them in a peer contact book; a PeerContact can have an empty addresses list. PeerContactBook::known_peers then builds the address book usin...

CVE•added 2026/05/20 9:16 p.m.•12 views

CVE-2026-40092

Summary: In Nimiq’s Rust-based stack, versions ≤ 1.3.0 of the nimiq-blockchain component are vulnerable to a crafted Kademlia DHT record containing a TaggedSigned with a signature field not exactly 64 bytes. When a victim node processes the record, the Ed25519 signature is parsed via Ed25519Signa...

7.5CVSS5.9AI score0.00026EPSS

EUVD•added 2026/05/20 9:16 p.m.•6 views

EUVD-2026-31197

7.5CVSS5.9AI score0.00026EPSS

AstraLinux•added 2026/05/20 5:53 a.m.•5 views

Astra Linux - уязвимость в waitress

Waitress version 1.3.1 allows for the smuggling of requests by sending the Content-Length header twice. Waitress would fold the two Content-Length headers together, and since it cannot convert the now comma-separated values into integers, it internally sets the Content-Length to 0. If two...

7.5CVSS6.6AI score0.00851EPSS

Exploits0References2

Positive Technologies•added 2026/05/20 12:0 a.m.•4 views

PT-2026-42268