Lucene search
K

33 matches found

Packet Storm News
Packet Storm News
added 2026/06/01 12:0 a.m.19 views

Poking around in the Dark: Why a Shared Understanding of Components Matters

By listing the components included in an application, Software Bills of Materials SBOMs are intended to support the timely identification of vulnerable components and ensure the security of the software supply chain. However, we question the underlying assumption that there is agreement on the...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/04 12:0 a.m.2 views

Towards Predicting Multi-Vulnerability Attack Chains in Software Supply Chains from Software Bill of Materials Graphs

Software supply chain security compromises often stem from cascaded interactions of vulnerabilities, for example, between multiple vulnerable components. Yet, Software Bill of Materials SBOM-based pipelines for security analysis typically treat scanner findings as independent per-CVE Common...

5.8AI score
Exploits0
GithubExploit
GithubExploit
added 2026/03/30 12:45 p.m.112 views

spdx-sboms

No d...

5.8AI score
Exploits0
GithubExploit
GithubExploit
added 2026/03/17 12:43 p.m.136 views

aicerberus

AICerberus 🐺 AI supply chain security scanner — one comma...

6.2AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/01/30 12:0 a.m.9 views

Uncovering Hidden Inclusions of Vulnerable Dependencies in Real-World Java Projects

Open-source software OSS dependencies are a dominant component of modern software code bases. Using proven and well-tested OSS components lets developers reduce development time and cost while improving quality. However, heavy reliance on open-source software also introduces significant security...

5.6AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/01/09 9:3 a.m.8 views

CVE-2024-39909

KubeClarity is a tool for detection and management of Software Bill Of Materials SBOM and vulnerabilities of container images and filesystems. A time/boolean SQL Injection is present in the following resource /api/applicationResources via the following parameter packageID. As it can be seen in...

6.5CVSS8.1AI score0.00443EPSS
Exploits0References1
Packet Storm News
Packet Storm News
added 2025/12/19 12:0 a.m.21 views

A Practical Solution to Systematically Monitor Inconsistencies in SBOM-Based Vulnerability Scanners

Software Bill of Materials SBOM provides new opportunities for automated vulnerability identification in software products. While the industry is adopting SBOM-based Vulnerability Scanning SVS to identify vulnerabilities, we increasingly observe inconsistencies and unexpected behavior, that resul...

6.6AI score
Exploits0
GithubExploit
GithubExploit
added 2025/10/11 8:36 p.m.230 views

SBOMVerifierGoPoC

🔍 SBOM Verifier for Go !Pythonhttps://img.shields.io/badg...

6.6AI score
Exploits0
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2023-0732

Malicious code in bioql PyPI...

7.5CVSS7.5AI score0.00791EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-25047

Malicious code in bioql PyPI...

7.5CVSS7.6AI score0.00586EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-2252

Malicious code in bioql PyPI...

6.5CVSS6.3AI score0.00443EPSS
Exploits0References5
GithubExploit
GithubExploit
added 2025/09/23 4:30 p.m.161 views

fleetdeck-poc

FleetDeck PoC !Go Versionhttps://img.shields.io/badge/go-...

7.1AI score
Exploits0
CISA
CISA
added 2025/09/03 12:0 p.m.7 views

CISA, NSA, and Global Partners Release a Shared Vision of Software Bill of Materials (SBOM) Guidance

CISA, in collaboration with NSA and 19 international partners, released joint guidance outliningA Shared Vision of Software Bill of Materials SBOM for Cybersecurity. This marks a significant step forward in strengthening software supply chain transparency and security worldwide. An SBOM is a form...

6.7AI score
Exploits0References3
Packet Storm News
Packet Storm News
added 2025/08/22 12:0 a.m.14 views

CISA: 2025 Minimum Elements for a Software Bill of Materials (SBOM)

CISA is requesting public comment on its updated guidance on Software Bill of Materials SBOM to reflect the current state of maturity in software transparency and supply chain security. Building on the 2021 NTIA SBOM Minimum Elements, this update aims to help agencies and organizations to manage...

7.1AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/08/19 12:0 a.m.4 views

NodeShield: Runtime Enforcement of Security-Enhanced SBOMs for Node.Js

The software supply chain is an increasingly common attack vector for malicious actors. The Node.js ecosystem has been subject to a wide array of attacks, likely due to its size and prevalence. To counter such attacks, the research community and practitioners have proposed a range of static and...

7.1AI score
Exploits0
CNNVD
CNNVD
added 2025/07/18 12:0 a.m.4 views

melange 安全漏洞

melange is a Chainguard open source for building APKs from source code. A security vulnerability exists in melange versions prior to 0.23.0 through 0.29.5, which stems from improperly set permissions on the SBOM file, which could lead to a tampering attack...

4.4CVSS6.3AI score0.00125EPSS
Exploits0References8
CISA
CISA
added 2024/10/15 12:0 p.m.20 views

Guidance: Framing Software Component Transparency: Establishing a Common Software Bill of Materials (SBOM)

Today, CISA published the Framing Software Component Transparency, created by the Software Bill of Materials SBOM Tooling & Implementation Working Group, one of the five SBOM community-driven workstreams facilitated by CISA. CISA’s community-driven working groups publish documents and reports to...

6.9AI score
Exploits0References2
Cvelist
Cvelist
added 2024/07/12 2:34 p.m.54 views

CVE-2024-39909 SQL Injection in the KubeClarity REST API

KubeClarity is a tool for detection and management of Software Bill Of Materials SBOM and vulnerabilities of container images and filesystems. A time/boolean SQL Injection is present in the following resource /api/applicationResources via the following parameter packageID. As it can be seen in...

6.5CVSS0.00443EPSS
Exploits0References3
CISA
CISA
added 2024/01/26 12:0 p.m.6 views

Guidance: Assembling a Group of Products for SBOM

Today, CISA published Guidance on Assembling a Group of Products created by the Software Bill of Materials SBOM Tooling & Implementation Working Group, one of the five SBOM community-driven workstreams facilitated by CISA. CISA’s community-driven working groups publish documents and reports to...

7AI score
Exploits0References2
The Hacker News
The Hacker News
added 2023/05/25 5:45 a.m.4 views

GUAC 0.1 Beta: Google's Breakthrough Framework for Secure Software Supply Chains

Google on Wednesday announced the 0.1 Beta version of GUAC short for Graph for Understanding Artifact Composition for organizations to secure their software supply chains. To that end, the search giant is making available the open source framework as an API for developers to integrate their own...

6.5AI score
Exploits0
Rows per page
Query Builder