CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

3547 matches found

Tenable Nessus•added 2026/01/16 12:0 a.m.•4 views

MiracleLinux 4 : samba4-4.2.10-7.AXS4 (AXSA:2016-577:04)

The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2016-577:04 advisory. Samba is the standard Windows interoperability suite of programs for Linux and Unix. Security issues fixed with this release: CVE-2016-2119...

7.5CVSS7.6AI score0.03108EPSS

Exploits0References2

Positive Technologies•added 2026/01/16 12:0 a.m.•3 views

PT-2026-3243

Name of the Vulnerable Software and Affected Versions HCL MyXalytics version 6.7 Description The web application does not rotate the JWT signing secret, resulting in improper management of a static secret. This introduces a security risk. Recommendations Rotate the JWT signing secret in the web...

9.8CVSS5.2AI score0.00236EPSS

Exploits0References5

Tenable Nessus•added 2026/01/16 12:0 a.m.•4 views

MiracleLinux 7 : samba-4.6.2-11.el7 (AXSA:2017-2305:06)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2017-2305:06 advisory. It was found that samba did not enforce SMB signing when certain configuration options were enabled. A remote attacker could launch a...

7.4CVSS6.4AI score0.13228EPSS

Exploits0References4

OSV•added 2026/01/15 5:57 p.m.•0 views

SUSE-SU-2026:20089-1 Security update for alloy

This update for alloy fixes the following issues: Upgrade to version 1.12.1. Security issues fixed: - CVE-2025-47911: golang.org/x/net/html: quadratic complexity algorithms used when parsing untrusted HTML documents bsc1251509. - CVE-2025-58190: golang.org/x/net/html: excessive memory consumption...

7.5CVSS6.3AI score0.00579EPSS

Exploits2References7

The Hacker News•added 2026/01/14 2:18 p.m.•9 views

Hackers Exploit c-ares DLL Side-Loading to Bypass Security and Deploy Malware

Security experts have disclosed details of an active malware campaign that's exploiting a DLL side-loading vulnerability in a legitimate binary associated with the open-source c-ares library to bypass security controls and deliver a wide range of commodity trojans and stealers. "Attackers achieve...

6.6AI score

Exploits0

RedhatCVE•added 2026/01/13 10:52 p.m.•3 views

CVE-2026-22772

A flaw was found in Fulcio, a certificate authority for issuing code signing certificates. A remote attacker could exploit this by bypassing MetaIssuer URL validation due to unanchored regular expressions regex in the metaRegex function. This vulnerability could lead to Server-Side Request Forger...

5.8CVSS5.3AI score0.0022EPSS

Exploits1References5

RedhatCVE•added 2026/01/13 10:52 p.m.•2 views

CVE-2025-41078

Weaknesses in the authorization mechanisms of Viafirma Documents v3.7.129 allow an authenticated user without privileges to list and access other user data, use user creation, modification, and deletion features, and escalate privileges by impersonating other users of the application in the...

8.7CVSS7AI score0.00205EPSS

Exploits0References1

OSV•added 2026/01/13 3:10 p.m.•3 views

GHSA-HCP2-X6J4-29J7 RustCrypto: Signatures has timing side-channel in ML-DSA decomposition

Summary A timing side-channel was discovered in the Decompose algorithm which is used during ML-DSA signing to generate hints for the signature. Details The analysis was performed using a constant-time analyzer that examines compiled assembly code for instructions with data-dependent timing...

6.4CVSS6.9AI score0.00173EPSS

Exploits0References6

Github Security Blog•added 2026/01/13 3:10 p.m.•20 views

RustCrypto: Signatures has timing side-channel in ML-DSA decomposition

6.4CVSS7AI score0.00173EPSS

Exploits0References6Affected Software1

OSV•added 2026/01/13 2:58 p.m.•3 views

GHSA-WHQX-F9J3-CH6M Cosign verification accepts any valid Rekor entry under certain conditions

Impact A Cosign bundle can be crafted to successfully verify an artifact even if the embedded Rekor entry does not reference the artifact's digest, signature or public key. When verifying a Rekor entry, Cosign verifies the Rekor entry signature, and also compares the artifact's digest, the user's...

5.5CVSS6.9AI score0.00077EPSS

Exploits1References5

AstraLinux•added 2026/01/13 2:1 p.m.•2 views

Astra Linux – Vulnerability in libssh

A vulnerability was discovered in libssh, where an uninitialized variable exists under certain conditions within the privatekeyfromfile function. This flaw can be exploited if the file specified by the filename does not exist, and it may lead to potential signing failures or heap corruption...

3.6CVSS6.2AI score0.00173EPSS

Exploits0References3

OSV•added 2026/01/13 8:37 a.m.•4 views

BIT-COSIGN-2026-22703 Cosign verification accepts any valid Rekor entry under certain conditions

Cosign provides code signing and transparency for containers and binaries. Prior to versions 2.6.2 and 3.0.4, Cosign bundle can be crafted to successfully verify an artifact even if the embedded Rekor entry does not reference the artifact's digest, signature or public key. When verifying a Rekor...

5.5CVSS7AI score0.00077EPSS

Exploits1References4

Tenable Nessus•added 2026/01/13 12:0 a.m.•6 views

Linux Distros Unpatched Vulnerability : CVE-2026-22772

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Fulcio is a certificate authority for issuing code signing certificates for an OpenID Connect OIDC identity. Prior to 1.8.5, Fulcio's metaRegex function uses...

5.8CVSS7AI score0.0022EPSS

Exploits1References4

OSV•added 2026/01/12 9:15 p.m.•1 views

DEBIAN-CVE-2026-22772

Fulcio is a certificate authority for issuing code signing certificates for an OpenID Connect OIDC identity. Prior to 1.8.5, Fulcio's metaRegex function uses unanchored regex, allowing attackers to bypass MetaIssuer URL validation and trigger SSRF to arbitrary internal services. Since the SSRF on...

5.3CVSS7AI score0.0022EPSS

Exploits1References1