CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CNNVD•added 2026/03/26 12:0 a.m.•4 views

syft 安全漏洞

Syft is an open-source CLI tool and Go library developed by Anchore, used to generate Software Bill of Materials SBOMs from container images and file systems. Versions of Syft prior to 1.42.3 contain security vulnerabilities. These vulnerabilities stem from improper cleanup of temporary storage...

5.3CVSS6.4AI score0.00017EPSS

EUVD•added 2026/03/13 9:31 p.m.•0 views

EUVD-2026-11707

8.5CVSS6AI score0.00038EPSS

Exploits0References4

NVD•added 2026/03/13 7:54 p.m.•1 views

CVE-2026-25076

8.5CVSS0.00038EPSS

CNNVD•added 2026/03/13 12:0 a.m.•2 views

Anchore Enterprise SQL注入漏洞

Anchore Enterprise is a container image security analysis and compliance management platform developed by Anchore Company in the United States. Versions of Anchore Enterprise prior to 5.25.1 contained a SQL injection vulnerability. This vulnerability stemmed from the GraphQL Reports API’s SQL...

8.5CVSS5.9AI score0.00038EPSS

ATTACKERKB•added 2026/03/12 9:7 p.m.•1 views

CVE-2026-25076

8.5CVSS6AI score0.00038EPSS

Exploits0References4

CVE•added 2026/03/12 9:7 p.m.•5 views

CVE-2026-25076

Technical details about CVE-2026-25076 are not publicly provided in the supplied documents; monitor for updates.

8.5CVSS6.1AI score0.00038EPSS

Cvelist•added 2026/03/12 9:7 p.m.•29 views

CVE-2026-25076 Anchore Enterprise GraphQL Reports API SQL injection

8.5CVSS0.00038EPSS

Vulnrichment•added 2026/03/12 9:7 p.m.•2 views

CVE-2026-25076 Anchore Enterprise GraphQL Reports API SQL injection

8.5CVSS6.1AI score0.00038EPSS

OSV•added 2026/03/12 8:57 p.m.•1 views

GO-2026-4671 Quill vulnerable to SSRF via unvalidated URL from Apple notarization log retrieval in github.com/anchore/quill

Quill vulnerable to SSRF via unvalidated URL from Apple notarization log retrieval in github.com/anchore/quill...

5.3CVSS5.8AI score0.0002EPSS

Positive Technologies•added 2026/03/12 12:0 a.m.•1 views

PT-2026-25077

8.5CVSS6AI score0.00038EPSS

Exploits0References6

RedhatCVE•added 2026/01/07 9:31 a.m.•10 views

CVE-2019-16542

Jenkins Anchore Container Image Scanner Plugin 1.0.19 and earlier stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...

6.5CVSS6.7AI score0.00047EPSS

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2020-3443

Malware in sbrugna...

9.9CVSS8.9AI score0.01061EPSS

EUVD•added 2025/10/03 8:7 p.m.•4 views

EUVD-2022-4354

Malicious code in bioql PyPI...

6.5CVSS6.5AI score0.00047EPSS

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2022-5544

Malicious code in bioql PyPI...

6.5CVSS6.6AI score0.00259EPSS

EUVD•added 2025/10/03 8:7 p.m.•0 views

EUVD-2022-25047

Malicious code in bioql PyPI...

7.5CVSS7.6AI score0.00276EPSS

RedhatCVE•added 2025/05/22 11:28 p.m.•3 views

CVE-2022-41225

Jenkins Anchore Container Image Scanner Plugin 1.0.24 and earlier does not escape content provided by the Anchore engine API, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to control API responses by Anchore engine...

5.4CVSS4.9AI score0.20595EPSS

RedhatCVE•added 2025/05/22 6:57 a.m.•6 views

CVE-2018-1999033

An exposure of sensitive information vulnerability exists in Jenkins Anchore Container Image Scanner Plugin 10.16 and earlier in AnchoreBuilder.java that allows attackers with Item/ExtendedRead permission or file system access to the Jenkins master to obtain the password stored in this plugin's...

6.5CVSS6.2AI score0.00259EPSS

RedhatCVE•added 2025/02/05 2:11 p.m.•7 views

CVE-2020-11075

In Anchore Engine version 0.7.0, a specially crafted container image manifest, fetched from a registry, can be used to trigger a shell escape flaw in the anchore engine analyzer service during an image analysis process. The image analysis operation can only be executed by an authenticated user vi...

9.9CVSS7AI score0.01061EPSS