Lucene search
+L

5 matches found

susecve
susecve
added 2026/03/25 12:26 a.m.5 views

SUSE CVE-2026-28407

malcontent is software for discovering supply-chain compromises through context, differential analysis, and YARA. Prior to version 1.21.0, malcontent would remove nested archives which failed to extract which could potentially leave malicious content. A better approach is to preserve these archiv...

6.9CVSS5.9AI score0.00222EPSS
Exploits0References3
osv
osv
added 2026/02/28 2:50 a.m.5 views

GHSA-945P-3JHM-6RCP malcontent: Nested archive extraction failure can drop content from scan inputs

Previously, malcontent would remove nested archives which failed to extract which could potentially leave malicious content. A better approach is to preserve these archives so that malcontent can attempt a best-effort scan of the archive bytes. Fix:...

6.9CVSS5.9AI score0.00222EPSS
Exploits0References5
vulnrichment
vulnrichment
added 2026/02/27 9:28 p.m.3 views

CVE-2026-28407 malcontent's nested archive extraction failure can drop content from scan inputs

malcontent is software for discovering supply-chain compromises through context, differential analysis, and YARA. Prior to version 1.21.0, malcontent would remove nested archives which failed to extract which could potentially leave malicious content. A better approach is to preserve these archiv...

6.9CVSS5.9AI score0.00222EPSS
Exploits0References3
cve
cve
added 2026/02/27 9:28 p.m.39 views

CVE-2026-28407

CVE-2026-28407 affects malcontent (software for supply‑chain analysis). Prior to version 1.21.0, it could drop or discard nested archives that failed to extract, potentially omitting content from scans. The root cause is the removal of nested archives during processing. Version 1.21.0 fixes the i...

6.9CVSS5.9AI score0.00222EPSS
Exploits0References3Affected Software1
osv
osv
added 2026/02/27 9:28 p.m.6 views

CVE-2026-28407 malcontent's nested archive extraction failure can drop content from scan inputs

malcontent is software for discovering supply-chain compromises through context, differential analysis, and YARA. Prior to version 1.21.0, malcontent would remove nested archives which failed to extract which could potentially leave malicious content. A better approach is to preserve these archiv...

6.9CVSS5.9AI score0.00222EPSS
Exploits0References5
Rows per page
Query Builder