Lucene search
K

897 matches found

OSV
OSV
added 6 days ago3 views

ALPINE-CVE-2026-23556

When oxenstored is tearing a domain down, the node data is cleaned up but the usage counts are leaked. When the domain ID is eventually reused, the new domain can create fewer nodes before beeing deemed to be over quota...

9.4CVSS6.1AI score0.00137EPSS
Exploits0References1
OSV
OSV
added 2026/07/07 3:26 p.m.5 views

GO-2026-5778 Rekor has an OOM Condition due to Unbounded gzip Decompression in Alpine APK Parsing Logic in github.com/sigstore/rekor

Rekor has an OOM Condition due to Unbounded gzip Decompression in Alpine APK Parsing Logic in github.com/sigstore/rekor...

5.9AI score
Exploits0References1
OSV
OSV
added 2026/06/26 9:25 a.m.3 views

OPENSUSE-SU-2026:21072-1 Security update for trivy

This update for trivy fixes the following issues Update to version 0.71.2: - CVE-2026-44740: github.com/go-git/go-billy/v5: improper input handling in many components can lead to DoS via infinite loops, panics or resource consumption bsc1267268. - CVE-2026-46680:...

9.9CVSS5.8AI score0.00412EPSS
Exploits1References14
OSV
OSV
added 2026/06/25 9:33 p.m.3 views

GHSA-47Q9-M4WW-924M Rekor has an OOM Condition due to Unbounded gzip Decompression in Alpine APK Parsing Logic

Description The Package.Unmarshal function in pkg/types/alpine/apk.go decompresses the signature and control gzip members of an APK file into in-memory buffers without bounding the total decompressed size. The existing maxapkmetadatasize check default 1MB is only applied to individual tar entry...

7.5CVSS5.9AI score
Exploits0References2
NVD
NVD
added 2026/06/25 3:16 p.m.11 views

CVE-2026-49319

Remote Keyless Entry System RKES, using the 433 MHz key fob bearing FCC ID CWTR53R0 manufactured by ALPS ALPINE CO., LTD., is vulnerable to a roll-back attack against its rolling-code authentication. An attacker within RF range who records two consecutive lock or unlock transmissions from a...

6.9CVSS0.0024EPSS
Exploits0References2
OSV
OSV
added 2026/06/21 4:16 p.m.4 views

ALPINE-CVE-2026-56409

xmlwf in libexpat before 2.8.2 has an integer overflow for the output filename when -d outputDir is used...

6.5CVSS5.8AI score0.00098EPSS
Exploits0References1
OSV
OSV
added 2026/06/21 4:16 p.m.4 views

ALPINE-CVE-2026-56410

xmlwf in libexpat before 2.8.2 has an integer overflow in resolveSystemId...

6.9CVSS5.8AI score0.0011EPSS
Exploits0References1
OSV
OSV
added 2026/06/21 4:16 p.m.4 views

ALPINE-CVE-2026-56403

libexpat before 2.8.2 has an integer overflow in storeAtts...

6.9CVSS5.8AI score0.00102EPSS
Exploits0References1
OSV
OSV
added 2026/06/17 9:45 a.m.4 views

ROOT-OS-ALPINE-324-CVE-2026-7383 CVE-2026-7383 in rootio-openssl - Patched by Root

Root has patched CVE-2026-7383 in the rootio-openssl package for Root:Alpine:3.24. Multiple fixed versions available...

8.1CVSS5.2AI score0.00358EPSS
Exploits0
GithubExploit
GithubExploit
added 2026/06/05 6:34 p.m.85 views

Dirty-cow-exploit

System Documentation Architecture - Frontend: React 19...

7.2CVSS6AI score0.83524EPSS
Exploits82
OSV
OSV
added 2026/06/05 9:53 a.m.7 views

ROOT-OS-ALPINE-323-CVE-2026-49975 CVE-2026-49975 in rootio-apache2 - Patched by Root

Root has patched CVE-2026-49975 in the rootio-apache2 package for Root:Alpine:3.23. Multiple fixed versions available...

7.5CVSS5.4AI score0.11471EPSS
Exploits8
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Linux 5.10, Linux, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: irqchip/alpine-msi: The refcount leak in alpinemsixinitdomains has been fixed. The function ofirqfindparent returns a node pointer with the refcount incremented. We should use ofnodeput on it when it is no longer needed. Add...

5.5CVSS6.1AI score0.00146EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/05/13 8:22 p.m.10 views

CVE-2026-42575

apko allows users to build and publish OCI container images built from apk packages. Prior to version 1.2.7, apko verifies the signature on APKINDEX.tar.gz but never compares individually downloaded .apk packages against the checksum recorded in the signed index. The checksum is parsed and...

7.5CVSS5.9AI score0.00159EPSS
Exploits0References1
OSV
OSV
added 2026/05/13 1:1 p.m.7 views

ALPINE-CVE-2026-4873

A vulnerability exists where a connection requiring TLS incorrectly reuses an existing unencrypted connection from the same connection pool. If an initial transfer is made in clear-text via IMAP, SMTP, or POP3, a subsequent request to that same host bypasses the TLS requirement and instead transm...

5.9CVSS5.4AI score0.00329EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/05/09 7:24 p.m.39 views

CVE-2026-42574 apko dirFS has a symlink-following path traversal that allows multiple entry points to escape the build root

apko allows users to build and publish OCI container images built from apk packages. From version 0.14.8 to before version 1.2.5, a crafted .apk could install a TypeSymlink tar entry whose target pointed outside the build root, and a subsequent directory-creation or file-write entry in the same o...

7.5CVSS0.00352EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/09 12:0 a.m.11 views

apko 路径遍历漏洞

Apko is an open-source OCI image builder based on APK. In versions 0.14.8 to 1.2.5 of Apko, there was a path traversal vulnerability. This vulnerability occurred because specially crafted APK packages could install entries that pointed to directories other than the build root directory. This...

7.5CVSS5.8AI score0.00352EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2026/04/22 5:55 p.m.10 views

Malicious KICS Docker Images and VS Code Extensions Hit Checkmarx Supply Chain

Cybersecurity researchers have warned of malicious images pushed to the official "checkmarx/kics" Docker Hub repository. In an alert published today, software supply chain security company Socket revealed that unknown threat actors managed to have overwritten existing tags, including v2.1.20 and...

5.9AI score
Exploits0
OSV
OSV
added 2026/04/01 7:16 p.m.8 views

ALPINE-CVE-2026-25835

Mbed TLS before 3.6.6 and TF-PSA-Crypto before 1.1.0 misuse seeds in a Pseudo-Random Number Generator PRNG...

7.7CVSS5.9AI score0.0017EPSS
Exploits0References1
OSV
OSV
added 2026/04/01 6:16 p.m.9 views

ALPINE-CVE-2026-25834

Mbed TLS v3.3.0 up to 3.6.5 and 4.0.0 allows Algorithm Downgrade...

6.5CVSS5.8AI score0.00135EPSS
Exploits0References1
OSV
OSV
added 2026/03/29 6:58 p.m.4 views

ROOT-OS-ALPINE-319-CVE-2023-5568 CVE-2023-5568 in rootio-samba - Patched by Root

Root has patched CVE-2023-5568 in the rootio-samba package for Root:Alpine:3.19. Multiple fixed versions available...

6.5CVSS8.2AI score0.01573EPSS
Exploits0
Rows per page
Query Builder