CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

60 matches found

OSV•added 2026/05/17 9:24 p.m.•2 views

OPENSUSE-SU-2026:20809-1 Security update for trivy

This update for trivy fixes the following issues - CVE-2025-64702: github.com/quic-go/quic-go/http3: quic-go HTTP/3 QPACK Header Expansion DoS bsc1255366. - CVE-2025-69725: github.com/go-chi/chi/v5: incorrect input validation in the RedirectSlashes function can lead to an open redirect bsc1258513...

9.8CVSS6.6AI score0.00075EPSS

Exploits1References18

OSV•added 2026/04/27 6:33 p.m.•4 views

JLSEC-2026-220 The X.509 GeneralName type is a generic type for representing different types of names. One of...

The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERALNAMEcmp which compares different instances of a GENERALNAME to see if they are equal or not. This function behaves incorrect...

5.9CVSS6.6AI score0.00348EPSS

Exploits3References39

SUSE CVE•added 2026/04/20 11:26 p.m.•2 views

SUSE CVE-2026-39984

Sigstore Timestamp Authority is a service for issuing RFC 3161 timestamps. Versions 2.0.5 and below contain an authorization bypass vulnerability in the VerifyTimestampResponse function. VerifyTimestampResponse correctly verifies the certificate chain signature, but the TSA-specific constraint...

5.5CVSS5.7AI score0.00009EPSS

Exploits0References3

RedhatCVE•added 2026/04/16 2:8 p.m.•0 views

CVE-2026-39984

A flaw was found in timestamp-authority, specifically in the timestamp-authority/v2/pkg/verification package. An attacker can exploit this issue by prepending a forged certificate to the certificate bag while the message is signed with an authorized key. This causes the library to validate the...

5.5CVSS5.7AI score0.00009EPSS

Exploits0References5

OSV•added 2026/04/15 4:17 a.m.•1 views

DEBIAN-CVE-2026-39984

5.5CVSS5.4AI score0.00009EPSS

Exploits0References1

NVD•added 2026/04/15 4:17 a.m.•1 views

CVE-2026-39984

5.5CVSS0.00009EPSS

Exploits0References2

OSV•added 2026/04/15 4:17 a.m.•0 views

UBUNTU-CVE-2026-39984

5.5CVSS5.7AI score0.00009EPSS

Exploits0References3

UbuntuCve•added 2026/04/15 12:0 a.m.•0 views

CVE-2026-39984

5.5CVSS5.8AI score0.00009EPSS

Exploits0References2

CNNVD•added 2026/04/15 12:0 a.m.•4 views

Sigstore Timestamp Authority 安全漏洞

Sigstore Timestamp Authority is an open-source RFC3161 timestamp authorization software developed by sigstore. Versions of Sigstore Timestamp Authority 2.0.5 and earlier contained security vulnerabilities. These vulnerabilities stemmed from issues with the VerifyTimestampResponse function, which...

5.5CVSS5.8AI score0.00009EPSS

Exploits0References1

Debian CVE•added 2026/04/14 11:41 p.m.•1 views

CVE-2026-39984

5.5CVSS5.4AI score0.00009EPSS

Exploits0

Snyk•added 2026/04/14 11:41 p.m.•1 views

Improper Certificate Validation

Overview Affected versions of this package are vulnerable to Improper Certificate Validation in the VerifyTimestampResponse function when a forged certificate is prepended to the certificate bag. An attacker can bypass authorization checks by supplying a payload where the signature is validated...

6.7CVSS5.3AI score0.00009EPSS

Exploits0References2

ATTACKERKB•added 2026/04/14 11:41 p.m.•0 views

CVE-2026-39984

5.5CVSS5.8AI score0.00009EPSS

Exploits0References3Affected Software1

Vulnrichment•added 2026/04/14 11:41 p.m.•1 views

CVE-2026-39984 Sigstore Timestamp Authority has Improper Certificate Validation in verifier

5.5CVSS5.6AI score0.00009EPSS

Exploits0References2

Cvelist•added 2026/04/14 11:41 p.m.•29 views

CVE-2026-39984 Sigstore Timestamp Authority has Improper Certificate Validation in verifier

5.5CVSS0.00009EPSS

Exploits0References2

CVE•added 2026/04/14 11:41 p.m.•14 views

CVE-2026-39984

CVE-2026-39984 – Sigstore Timestamp Authority (tsa/timestamp-authority/v2/pkg/verification) : Versions 2.0.5 and earlier contain an authorization bypass in VerifyTimestampResponse. The code validates the certificate chain correctly but applies TSA-specific constraints using the first non-CA certi...

5.5CVSS5.8AI score0.00009EPSS

Exploits0References2Affected Software1

Github Security Blog•added 2026/04/14 1:1 a.m.•1 views

Sigstore Timestamp Authority has Improper Certificate Validation in verifier

Authorization bypass via certificate bag manipulation in sigstore/timestamp-authority verifier An authorization bypass vulnerability exists in sigstore/timestamp-authority verifier timestamp-authority/v2/pkg/verification: VerifyTimestampResponse function correctly verifies the certificate chain b...

7.5CVSS5.7AI score0.0001EPSS

Exploits1References4Affected Software1

EUVD•added 2026/04/14 1:1 a.m.•2 views

EUVD-2026-22813

Sigstore Timestamp Authority has Improper Certificate Validation in verifier...

5.5CVSS5.8AI score0.00009EPSS

Exploits0References2

OSV•added 2026/04/14 1:1 a.m.•1 views

GHSA-XM5M-WGH2-RRG3 Sigstore Timestamp Authority has Improper Certificate Validation in verifier

5.5CVSS5.7AI score0.00009EPSS

Exploits0References4

Wolfi•added 2026/04/11 2:51 a.m.•6 views

CVE-2026-32281 vulnerabilities

Vulnerabilities for packages: grafana-pyroscope, ipfs-cluster, migrate, snyk-cli, kaf, secrets-store-csi-driver-provider-azure, prometheus-blackbox-exporter, q, k3s, whereabouts, azurefile-csi, incert, smokescreen, nri-f5, spark-operator, hey, mongodb-kubernetes-operator, envconsul,...

7.5CVSS7.1AI score0.00022EPSS

Exploits0

Snyk•added 2026/04/08 4:8 p.m.•2 views

Improper Certificate Validation

Overview Affected versions of this package are vulnerable to Improper Certificate Validation through the Verifier.verifyleafcerts logic in src/rfc3161client/verify.py. An attacker can make a timestamp response from a trusted TSA verify as if it came from a different pinned TSA by injecting...

7.5CVSS5.9AI score0.0001EPSS

Exploits1References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by