CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

150 matches found

OSV•added 2026/06/03 2:18 p.m.•3 views

SUSE-SU-2026:2254-1 Security update 5.0.8 for Multi-Linux Manager Client Tools

This update fixes the following issues: golang-github-QubitProducts-exporterexporter: - Security Fixes: - CVE-2022-21698: Fixed denial of service using InstrumentHandlerCounter bsc1248707 golang-github-prometheus-nodeexporter was updated from version 1.5.0 to 1.10.2: - Security Fixes: - Version...

7.5CVSS5.8AI score0.69905EPSS

Exploits3References14

OSV•added 2026/05/26 3:5 p.m.•3 views

ROOT-APP-GOBINARY-CVE-2025-22870 CVE-2025-22870 in rootio-golang.org/x/net - Patched by Root

Root has patched CVE-2025-22870 in the rootio-golang.org/x/net package for Root:Go. Multiple fixed versions available...

4.4CVSS6.7AI score0.00032EPSS

Exploits2

IBM Security Bulletins•added 2026/03/04 10:31 a.m.•13 views

Security Bulletin: IBM Event Streams is vulnerable to proxy bypass

Summary IBM Event Streams is vulnerable to proxy bypass due to improper handling of IPv6 zoneID CVE-2025-22870 Vulnerability Details CVEID:CVE-2025-22870 DESCRIPTION: Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NOPRO...

4.4CVSS6AI score0.00032EPSS

Exploits2Affected Software1

OSV•added 2026/02/20 2:27 p.m.•2 views

SUSE-SU-2026:0592-1 Security update for vexctl

This update for vexctl fixes the following issues: - Update to version 0.4.1+git78.f951e3a: - CVE-2025-22868: Unexpected memory consumption during token parsing in golang.org/x/oauth2. bsc1239186 - CVE-2024-45337: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in...

9.1CVSS8.6AI score0.3863EPSS

Exploits5References19

Tenable Nessus•added 2026/02/12 12:0 a.m.•3 views

SUSE SLES15 / openSUSE 15 Security Update : apptainer (SUSE-SU-2026:0439-1)

The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0439-1 advisory. Security fixes: - CVE-2024-45310: Fixed runc being tricked into creating empty files/directories on host bsc1257432 -...

8.7CVSS8.3AI score0.00591EPSS

Exploits3References30

IBM Security Bulletins•added 2026/01/23 1:26 p.m.•6 views

Security Bulletin: Vulnerability in golang.org/x/net affect IBM® Db2® Big SQL on IBM Cloud Pak for Data.

Summary Vulnerability in golang.org/x/net affect IBM® Db2® Big SQL 7.8 on IBM Cloud Pak for Data 5.1 and earlier. Vulnerability Details CVEID:CVE-2025-22870 DESCRIPTION: Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the...

4.4CVSS5.8AI score0.00032EPSS

Exploits2Affected Software1

Circl•added 2026/01/13 10:18 p.m.•3 views

CVE-2026-22870

creationtimestamp| type| source ---|---|--- 2026-01-13 22:18:36+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mcdljqce3h2x 2026-01-24 21:25:24+00:00| seen| https://gist.github.com/alon710/1704fe210c52be7ed4098a296bff9e33 2026-01-24 22:40:51+00:00| seen|...

7.5CVSS5.7AI score0.00038EPSS

Exploits1References3

NVD•added 2026/01/13 9:15 p.m.•4 views

CVE-2026-22870

GuardDog is a CLI tool to identify malicious PyPI packages. Prior to 2.7.1, GuardDog's safeextract function does not validate decompressed file sizes when extracting ZIP archives wheels, eggs, allowing attackers to cause denial of service through zip bombs. A malicious package can consume gigabyt...

7.5CVSS0.00038EPSS

Exploits1References2

OpenVAS•added 2025/11/17 12:0 a.m.•2 views

Fedora: Security Advisory (FEDORA-2025-80ed98504b)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.8AI score0.00044EPSS

Exploits2References10

IBM Security Bulletins•added 2025/10/31 6:27 p.m.•4 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a misinterpretation of Input in golang.org/x/net/proxy [CVE-2025-22870]

Summary IBM Watson Speech Services Cartridge is vulnerable to a misinterpretation of Input in golang.org/x/net/proxy, due to matching of hosts against proxy patterns which can improperly treat an IPv6 zone ID as a hostname component CVE-2025-22870. Golang is used in our speech utilities. This...

4.4CVSS6.5AI score0.00032EPSS

Exploits2Affected Software1

Tenable Nessus•added 2025/10/29 12:0 a.m.•2 views

Fedora 41 : git-lfs (2025-5872b9ec46)

The remote Fedora 41 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-5872b9ec46 advisory. Update to latest version 2404637 Fix CVE-2025-22870, CVE-2025-47910, CVE-2025-47906, CVE-2025-26625 Tenable has extracted the preceding description...

8.6CVSS7.3AI score0.0007EPSS

Exploits3References5

OpenVAS•added 2025/10/28 12:0 a.m.•1 views

Fedora: Security Advisory (FEDORA-2025-3d0ada20e1)

8.7CVSS6.8AI score0.00591EPSS

Exploits2References10

OpenVAS•added 2025/10/28 12:0 a.m.•1 views

Fedora: Security Advisory (FEDORA-2025-ae934d102c)

8.1CVSS6.8AI score0.00135EPSS

Exploits2References10

OpenVAS•added 2025/10/28 12:0 a.m.•3 views

Fedora: Security Advisory (FEDORA-2025-59acaa6bd9)