CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

68 matches found

Tenable Nessus•added 2026/03/06 12:0 a.m.•3 views

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : cosign (SUSE-SU-2026:0777-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0777-1 advisory. Update to version 3.0.5 jscSLE-23879. Security issues fixed: - CVE-2025-11065:...

7.5CVSS6AI score0.00046EPSS

Exploits4References28

OSV•added 2026/02/02 9:5 p.m.•1 views

GO-2026-4349 Improper validattion of configured threshold for delegations in github.com/theupdateframework/go-tuf

Improper validattion of configured threshold for delegations in github.com/theupdateframework/go-tuf...

7.5CVSS5.9AI score0.00011EPSS

Exploits0References3

OSV•added 2026/02/02 9:5 p.m.•2 views

GO-2026-4348 Client DoS via malformed server response in github.com/theupdateframework/go-tuf

Client DoS via malformed server response in github.com/theupdateframework/go-tuf...

7.5CVSS5.9AI score0.00037EPSS

Exploits0References3

SUSE CVE•added 2026/01/28 12:24 a.m.•2 views

SUSE CVE-2026-24686

go-tuf is a Go implementation of The Update Framework TUF. go-tuf's TAP 4 Multirepo Client uses the map file repository name string repoName as a filesystem path component when selecting the local metadata cache directory. Starting in version 2.0.0 and prior to version 2.4.1, if an application...

4.7CVSS5.9AI score0.00009EPSS

Exploits1References5

NVD•added 2026/01/27 1:16 a.m.•3 views

CVE-2026-24686

4.7CVSS0.00009EPSS

Exploits1References2

OSV•added 2026/01/27 1:16 a.m.•1 views

DEBIAN-CVE-2026-24686

4.7CVSS8.4AI score0.00009EPSS

Exploits1References1

Debian CVE•added 2026/01/27 12:45 a.m.•4 views

CVE-2026-24686

4.7CVSS8.4AI score0.00009EPSS

Exploits1

Vulnrichment•added 2026/01/27 12:45 a.m.•2 views

CVE-2026-24686 go-tuf Path Traversal in TAP 4 Multirepo Client Allows Arbitrary File Write via Malicious Repository Names

4.7CVSS5.9AI score0.00009EPSS

Exploits1References2

ATTACKERKB•added 2026/01/27 12:45 a.m.•3 views

CVE-2026-24686

4.7CVSS5.9AI score0.00009EPSS

Exploits1References3Affected Software1

EUVD•added 2026/01/27 12:45 a.m.•1 views

EUVD-2026-4837

4.7CVSS5.9AI score0.00009EPSS

Exploits1References2

CNNVD•added 2026/01/27 12:0 a.m.•5 views

Go-TUF path traversal vulnerability

go-tuf is a framework developed by The Update Framework for protecting software update systems. Versions of go-tuf prior to 2.4.1 contained a path traversal vulnerability. This vulnerability stemmed from the use of repository name strings as file system path components, allowing for path traversa...

4.7CVSS5.8AI score0.00009EPSS

Exploits1References3

UbuntuCve•added 2026/01/27 12:0 a.m.•1 views

CVE-2026-24686

4.7CVSS5.8AI score0.00009EPSS

Exploits1References4

Tenable Nessus•added 2026/01/27 12:0 a.m.•4 views

Linux Distros Unpatched Vulnerability : CVE-2026-24686

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - go-tuf is a Go implementation of The Update Framework TUF. go-tuf's TAP 4 Multirepo Client uses the map file repository name string repoName as a filesystem pat...

4.7CVSS5.8AI score0.00009EPSS

Exploits1References3

OSV•added 2026/01/26 11:49 p.m.•2 views

GHSA-JQC5-W2XX-5VQ4 go-tuf Path Traversal in TAP 4 Multirepo Client Allows Arbitrary File Write via Malicious Repository Names

Security Vulnerability: Path Traversal in TAP 4 Multirepo Client Summary go-tuf's TAP 4 Multirepo Client uses the map file repository name string repoName as a filesystem path component when selecting the local metadata cache directory. If an application accepts a map file from an untrusted sourc...

4.7CVSS5.9AI score0.00009EPSS

Exploits1References4

Positive Technologies•added 2026/01/26 12:0 a.m.•4 views

PT-2026-4844

Name of the Vulnerable Software and Affected Versions go-tuf versions prior to 2.4.1 Description go-tuf is a Go implementation of The Update Framework TUF. The TAP 4 Multirepo Client uses the map file repository name string repoName as a filesystem path component when selecting the local metadata...

10CVSS5.4AI score0.005EPSS

Exploits20References217

SUSE CVE•added 2026/01/23 12:24 a.m.•2 views

SUSE CVE-2026-23991

go-tuf is a Go implementation of The Update Framework TUF. Starting in version 2.0.0 and prior to version 2.3.1, if the TUF repository or any of its mirrors returns invalid TUF metadata JSON valid JSON but not well formed TUF metadata, the client will panic during parsing, causing a denial of...

5.3CVSS5.5AI score0.00037EPSS

Exploits0References7

SUSE CVE•added 2026/01/23 12:24 a.m.•2 views

SUSE CVE-2026-23992

go-tuf is a Go implementation of The Update Framework TUF. Starting in version 2.0.0 and prior to version 2.3.1, a compromised or misconfigured TUF repository can have the configured value of signature thresholds set to 0, which effectively disables signature verification. This can lead to...

5.3CVSS5.6AI score0.00011EPSS

Exploits0References7

Snyk•added 2026/01/22 3:45 a.m.•1 views

Improper Verification of Cryptographic Signature

Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature in the VerifyDelegate function. An attacker in control of a compromised TUF repository can bypass signature validation and modify metadata files by setting the signature threshold to 0...

8.2CVSS5.5AI score0.00011EPSS

Exploits0References2

Snyk•added 2026/01/22 3:45 a.m.•1 views

Improper Verification of Cryptographic Signature

8.2CVSS5.5AI score0.00011EPSS

Exploits0References2

NVD•added 2026/01/22 3:15 a.m.•3 views

CVE-2026-23992

7.5CVSS0.00011EPSS

Exploits0References2

Rows per page