Lucene search
+L

9 matches found

SUSE CVE
SUSE CVE
added 2026/03/25 12:26 a.m.5 views

SUSE CVE-2026-28407

malcontent is software for discovering supply-chain compromises through context, differential analysis, and YARA. Prior to version 1.21.0, malcontent would remove nested archives which failed to extract which could potentially leave malicious content. A better approach is to preserve these archiv...

6.9CVSS5.9AI score0.00222EPSS
Exploits0References3
EUVD
EUVD
added 2026/02/28 2:50 a.m.7 views

EUVD-2026-9078

malcontent: Nested archive extraction failure can drop content from scan inputs...

6.9CVSS5.9AI score0.00222EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/02/28 2:50 a.m.8 views

malcontent: Nested archive extraction failure can drop content from scan inputs

Previously, malcontent would remove nested archives which failed to extract which could potentially leave malicious content. A better approach is to preserve these archives so that malcontent can attempt a best-effort scan of the archive bytes. Fix:...

6.9CVSS5.9AI score0.00222EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2026/02/27 9:28 p.m.39 views

CVE-2026-28407

CVE-2026-28407 affects malcontent (software for supply‑chain analysis). Prior to version 1.21.0, it could drop or discard nested archives that failed to extract, potentially omitting content from scans. The root cause is the removal of nested archives during processing. Version 1.21.0 fixes the i...

6.9CVSS5.9AI score0.00222EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/02/27 9:28 p.m.24 views

CVE-2026-28407 malcontent's nested archive extraction failure can drop content from scan inputs

malcontent is software for discovering supply-chain compromises through context, differential analysis, and YARA. Prior to version 1.21.0, malcontent would remove nested archives which failed to extract which could potentially leave malicious content. A better approach is to preserve these archiv...

6.9CVSS0.00222EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/02/27 9:28 p.m.3 views

CVE-2026-28407 malcontent's nested archive extraction failure can drop content from scan inputs

malcontent is software for discovering supply-chain compromises through context, differential analysis, and YARA. Prior to version 1.21.0, malcontent would remove nested archives which failed to extract which could potentially leave malicious content. A better approach is to preserve these archiv...

6.9CVSS5.9AI score0.00222EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/02/27 9:28 p.m.6 views

CVE-2026-28407

malcontent is software for discovering supply-chain compromises through context, differential analysis, and YARA. Prior to version 1.21.0, malcontent would remove nested archives which failed to extract which could potentially leave malicious content. A better approach is to preserve these archiv...

6.9CVSS5.9AI score0.00222EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/02/27 9:28 p.m.6 views

CVE-2026-28407 malcontent's nested archive extraction failure can drop content from scan inputs

malcontent is software for discovering supply-chain compromises through context, differential analysis, and YARA. Prior to version 1.21.0, malcontent would remove nested archives which failed to extract which could potentially leave malicious content. A better approach is to preserve these archiv...

6.9CVSS5.9AI score0.00222EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/02/27 12:0 a.m.8 views

PT-2026-22408

Name of the Vulnerable Software and Affected Versions malcontent versions prior to 1.21.0 Description malcontent is software designed for identifying supply-chain compromises using context, differential analysis, and YARA. Before version 1.21.0, the software removed nested archives that failed to...

9.9CVSS5.9AI score0.22162EPSS
Exploits40References142
Rows per page
Query Builder