Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

4299 matches found

OSSF Malicious Packages
OSSF Malicious Packagesadded 2026/05/20 2:36 a.m.7 views

Malicious code in python-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5b94c01fae325c5f5e92abd5da03527c54e22bb48202b1dc8b3e2c64947753b2 package.json declares "preinstall": "./dist/typecheck.js". The referenced file is not JavaScript — it is a 5,224,556-byte Linux x86 ELF executable...

6AI score
Exploits0References1
OSV
OSVadded 2026/05/20 2:36 a.m.4 views

MAL-2026-4652 Malicious code in python-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5b94c01fae325c5f5e92abd5da03527c54e22bb48202b1dc8b3e2c64947753b2 package.json declares "preinstall": "./dist/typecheck.js". The referenced file is not JavaScript — it is a 5,224,556-byte Linux x86 ELF executable...

6AI score
Exploits0References1
Tenable Nessus
Tenable Nessusadded 2026/05/20 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2025-71300

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Revert arm64: zynqmp: Add an OP-TEE node to the device tree This reverts commit 06d22ed6b6635b17551f386b50bb5aaff9b75fbe. OP-TEE logic in U-Boot automatically...

5.5CVSS5.8AI score0.00015EPSS
Exploits0References2
OSV
OSVadded 2026/05/19 7:50 p.m.5 views

GHSA-5QWM-7PVP-W988 OpenMcdf: Uncatchable infinite loop in DirectoryTree.TryGetDirectoryEntry on crafted CFB directory cycle

Summary The BST name-lookup loop in DirectoryTree.TryGetDirectoryEntry OpenMcdf/DirectoryTree.cs:35-46 walks directory entries by repeatedly calling directories.TryGetSiblingchild, siblingType, validateColor. A crafted CFB file with cyclic Left/Right sibling links among directory entries -...

6.2CVSS5.9AI score
Exploits0References2
Github Security Blog
Github Security Blogadded 2026/05/19 7:50 p.m.6 views

OpenMcdf: Uncatchable infinite loop in DirectoryTree.TryGetDirectoryEntry on crafted CFB directory cycle

Summary The BST name-lookup loop in DirectoryTree.TryGetDirectoryEntry OpenMcdf/DirectoryTree.cs:35-46 walks directory entries by repeatedly calling directories.TryGetSiblingchild, siblingType, validateColor. A crafted CFB file with cyclic Left/Right sibling links among directory entries -...

5.9AI score
Exploits0References2Affected Software1
OPENSUSE Linux
OPENSUSE Linuxadded 2026/05/19 12:0 a.m.5 views

Security update for emacs (moderate)

openSUSE security update: security update for emacs ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20759-1 Rating: moderate References: bsc1262007 bsc1262611 Cross-References: CVE-2026-6861 CVSS scores: CVE-2026-6861 SUSE : 6.1...

6.8CVSS5.8AI score0.00021EPSS
Exploits0References2
OPENSUSE Linux
OPENSUSE Linuxadded 2026/05/19 12:0 a.m.5 views

Security update for tree-sitter (important)

openSUSE security update: security update for tree-sitter ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20749-1 Rating: important References: bsc1259205 bsc1261839 bsc1261871 bsc1261894 bsc1261954 bsc1261963 bsc1261968 bsc1261974 bsc1262007...

9CVSS5.8AI score0.00058EPSS
Exploits0References12
Packet Storm News
Packet Storm Newsadded 2026/05/19 12:0 a.m.4 views

Detecting Data Exfiltration through I2P Anonymity Networks: A Two-Phase Machine Learning Approach

The Invisible Internet Project I2P provides strong anonymity through garlic routing and distributed network architecture, making it attractive for legitimate privacy needs. Nevertheless, the same properties can be exploited by malicious actors to steal sensitive information from corporate network...

5.8AI score
Exploits0
RedhatCVE
RedhatCVEadded 2026/05/18 1:58 p.m.6 views

CVE-2026-46728

Das U-Boot before 2026.04 allows FIT Flat Image Tree signature verification bypass because hashed-nodes is omitted from a hash...

8.2CVSS5.8AI score0.00004EPSS
Exploits0References1
SUSE CVE
SUSE CVEadded 2026/05/18 1:21 p.m.5 views

SUSE CVE-2026-44309

Gitsign is a keyless Sigstore to signing tool for Git commits with your a GitHub / OIDC identity. Prior to 0.16.0, gitsign verify and gitsign verify-tag re-encode commit/tag objects through go-git's EncodeWithoutSignature before checking the signature, instead of verifying against the raw git...

5.3CVSS5.8AI score0.00013EPSS
Exploits0References3
EUVD
EUVDadded 2026/05/17 12:31 a.m.8 views

EUVD-2026-30673

Das U-Boot before 2026.04 allows FIT Flat Image Tree signature verification bypass because hashed-nodes is omitted from a hash...

8.2CVSS5.8AI score0.00004EPSS
Exploits0References3
OSV
OSVadded 2026/05/16 10:16 p.m.4 views

UBUNTU-CVE-2026-46728

Das U-Boot before 2026.04 allows FIT Flat Image Tree signature verification bypass because hashed-nodes is omitted from a hash...

8.2CVSS5.8AI score0.00004EPSS
Exploits0References4
UbuntuCve
UbuntuCveadded 2026/05/16 10:16 p.m.5 views

CVE-2026-46728

Das U-Boot before 2026.04 allows FIT Flat Image Tree signature verification bypass because hashed-nodes is omitted from a hash...

8.2CVSS5.8AI score0.00004EPSS
Exploits0References3
ATTACKERKB
ATTACKERKBadded 2026/05/16 9:26 p.m.5 views

CVE-2026-46728

Das U-Boot before 2026.04 allows FIT Flat Image Tree signature verification bypass because hashed-nodes is omitted from a hash...

8.2CVSS5.8AI score0.00004EPSS
Exploits0References3
CVE
CVEadded 2026/05/16 9:26 p.m.12 views

CVE-2026-46728

The CVE-2026-46728 entry concerns U-Boot (before 2026.04) where FIT (Flat Image Tree) signature verification can bypass trust because hashed-nodes are omitted from a hash. Affected software: U-Boot (pre-2026.04). Vulnerable component: FIT signature verification process. Root cause: omission of ha...

8.2CVSS5.8AI score0.00004EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2026/05/16 9:26 p.m.6 views

CVE-2026-46728

Das U-Boot before 2026.04 allows FIT Flat Image Tree signature verification bypass because hashed-nodes is omitted from a hash...

8.2CVSS5.8AI score0.00004EPSS
Exploits0References2
Cvelist
Cvelistadded 2026/05/16 9:26 p.m.25 views

CVE-2026-46728

Das U-Boot before 2026.04 allows FIT Flat Image Tree signature verification bypass because hashed-nodes is omitted from a hash...

8.2CVSS0.00004EPSS
Exploits0References2
Debian CVE
Debian CVEadded 2026/05/16 9:26 p.m.4 views

CVE-2026-46728

Das U-Boot before 2026.04 allows FIT Flat Image Tree signature verification bypass because hashed-nodes is omitted from a hash...

8.2CVSS5.8AI score0.00004EPSS
Exploits0
OSV
OSVadded 2026/05/16 8:56 a.m.2 views

OPENSUSE-SU-2026:20759-1 Security update for emacs

This update for emacs fixes the following issue: - CVE-2026-6861: memory corruption when processing specially crafted SVG CSS data bsc1262611. - Build with tree-sitter-0.26.8 security update bsc1262007...

7.1CVSS5.8AI score0.00021EPSS
Exploits0References3
OSV
OSVadded 2026/05/16 8:54 a.m.2 views

SUSE-SU-2026:21801-1 Security update for emacs

This update for emacs fixes the following issue: - CVE-2026-6861: memory corruption when processing specially crafted SVG CSS data bsc1262611. - Build with tree-sitter-0.26.8 security update bsc1262007...

7.1CVSS5.8AI score0.00021EPSS
Exploits0References4
Rows per page
Query Builder