CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

4299 matches found

Positive Technologies•added 2026/05/16 12:0 a.m.•8 views

PT-2026-41468

Name of the Vulnerable Software and Affected Versions Das U-Boot versions prior to 2026.04 Description Das U-Boot allows a Flat Image Tree FIT signature verification bypass. This occurs because hashed-nodes are omitted from a hash, which can lead to the acceptance of unsigned or modified images...

8.2CVSS5.8AI score0.00004EPSS

Exploits0References5

Snyk•added 2026/05/15 5:29 p.m.•5 views

Improper Verification of Cryptographic Signature

Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature in the verify process. An attacker can cause trust confusion by submitting a commit object with duplicate tree headers, resulting in different interpretations between git-core and go-git,...

6CVSS5.8AI score0.00013EPSS

Exploits0References2

Snyk•added 2026/05/15 5:29 p.m.•5 views

Improper Verification of Cryptographic Signature

6CVSS5.8AI score0.00013EPSS

Exploits0References2

Snyk•added 2026/05/15 5:29 p.m.•5 views

Improper Verification of Cryptographic Signature

6CVSS5.8AI score0.00013EPSS

Exploits0References2

NVD•added 2026/05/15 5:16 p.m.•9 views

CVE-2026-44309

Gitsign is a keyless Sigstore to signing tool for Git commits with your a GitHub / OIDC identity. Prior to 0.16.0, gitsign verify and gitsign verify-tag re-encode commit/tag objects through go-git's EncodeWithoutSignature before checking the signature, instead of verifying against the raw git...

5.3CVSS0.00013EPSS

Exploits0References1

OSV•added 2026/05/15 5:16 p.m.•3 views

UBUNTU-CVE-2026-44309

5.3CVSS5.8AI score0.00013EPSS

Exploits0References3

UbuntuCve•added 2026/05/15 5:16 p.m.•5 views

CVE-2026-44309

5.3CVSS5.8AI score0.00013EPSS

Exploits0References2

CNNVD•added 2026/05/15 12:0 a.m.•4 views

Gitsign 信任管理问题漏洞

Gitsign is a tool developed by Gitsign’s developers that allows for signing Git commits without the need for a key. Versions of Gitsign prior to 0.16.0 contained a trust management vulnerability. This vulnerability stemmed from the fact that gitsign verify and gitsign verify-tag re-encoded the...

5.3CVSS5.8AI score0.00013EPSS

Exploits0References1

OSV•added 2026/05/14 8:9 a.m.•4 views

SUSE-SU-2026:21789-1 Security update for tree-sitter

This update for tree-sitter fixes the following issues Security issues: - CVE-2026-34941: wasmtime: crafted input string can lead to an out-of-bound read bsc1261871. - CVE-2026-34942: wasmtime: unaligned pointers can lead to a denial of service bsc1261894. - CVE-2026-34943: wasmtime: lifting flag...

9.9CVSS5.8AI score0.00058EPSS

Exploits0References23

OSV•added 2026/05/14 8:7 a.m.•3 views

OPENSUSE-SU-2026:20749-1 Security update for tree-sitter

9.9CVSS5.8AI score0.00058EPSS

Exploits0References22

NVD•added 2026/05/13 10:16 p.m.•12 views

CVE-2026-44471

gitoxide is an implementation of git written in Rust. Prior to 0.21.1, a malicious tree can be constructed that will, when checked out with gitoxide, permit writing an attacker-controlled symlink into any existing directory the user has write access to. During checkout, all symlink index entries...

7.8CVSS0.00006EPSS

Exploits1References1

OSV•added 2026/05/13 10:16 p.m.•5 views

DEBIAN-CVE-2026-44471

7.8CVSS5.8AI score0.00006EPSS

Exploits1References1

Debian CVE•added 2026/05/13 9:36 p.m.•4 views

CVE-2026-44471

7.8CVSS5.8AI score0.00006EPSS

Exploits1

ATTACKERKB•added 2026/05/13 9:36 p.m.•4 views

CVE-2026-44471

7.8CVSS5.8AI score0.00006EPSS

Exploits1References2Affected Software1

SUSE CVE•added 2026/05/13 3:48 a.m.•5 views

SUSE CVE-2026-7814

Stored cross-site scripting XSS vulnerability in pgAdmin 4 Browser Tree and Explain Visualizer modules. User-controlled PostgreSQL object names database, schema, table, column, etc. were assigned to DOM elements via innerHTML, allowing crafted object names containing HTML markup to execute...

4.8CVSS5.7AI score0.00023EPSS

Exploits1References3

Cvelist•added 2026/05/13 12:5 a.m.•31 views

CVE-2026-8199 Post-auth memory exhaustion via bitwise match expressions

An authenticated user can cause excess memory usage via bitwise match expression AST processing of $bitsAllSet, $bitsAnySet, $bitsAllClear, and $bitsAnyClear. This contributes to memory pressure and may lead to availability loss by OOM. This issue impacts MongoDB Server v7.0 versions prior to...

7.1CVSS0.00054EPSS

Exploits0References1

Tenable Nessus•added 2026/05/13 12:0 a.m.•6 views

Linux Distros Unpatched Vulnerability : CVE-2026-43435

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: rustbinder: fix oneway spam detection The spam detection logic in TreeRange was executed...

5.5CVSS5.7AI score0.00015EPSS

Exploits0References2

SUSE CVE•added 2026/05/12 3:34 a.m.•5 views

SUSE CVE-2025-71300

In the Linux kernel, the following vulnerability has been resolved: Revert "arm64: zynqmp: Add an OP-TEE node to the device tree" This reverts commit 06d22ed6b6635b17551f386b50bb5aaff9b75fbe. OP-TEE logic in U-Boot automatically injects a reserved-memory node along with optee firmware node to...

5.5CVSS5.8AI score0.00015EPSS

Exploits0References4

SUSE CVE•added 2026/05/12 3:33 a.m.•5 views

SUSE CVE-2026-7210

xml.parsers.expat and xml.etree.ElementTree use insufficient entropy for Expat hash-flooding protection, which allows a crafted XML document to trigger hash flooding.\r\n\r\nFully mitigating this vulnerability requires both updating libexpat to 2.8.0 or later and applying this patch...

9.8CVSS5.8AI score0.00087EPSS

Exploits0References3

EUVD•added 2026/05/11 6:31 p.m.•8 views

EUVD-2026-29178

6.3CVSS5.8AI score0.00087EPSS

Exploits0References4

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by