Lucene search
K

67 matches found

GithubExploit
GithubExploit
added 2026/06/12 2:33 p.m.100 views

sbom-risk-analyzer

SBOM-Risk-Analyzer Exploitability-weighted vulnerability pri...

5.5AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/05/27 12:0 a.m.29 views

S3C2 Summit 2025-07: Government Secure Supply Chain Summit

Software supply chains, while providing immense economic and software development value, are only as strong as their weakest link. Over the past several years, there has been an exponential increase in cyberattacks specifically targeting vulnerable links in critical software supply chains. The...

5.8AI score
Exploits0
Wolfi
Wolfi
added 2026/05/12 7:48 a.m.15 views

GHSA-389R-GV7P-R3RP vulnerabilities

Vulnerabilities for packages: grype, melange, wolfictl, argo-cd, trufflehog, terragrunt, nfpm, kots, witness, k9s, gomplate, argocd-image-updater, gitsign, argo-events, gitlab-runner, gitea, act, pulumi-language-dotnet, goreleaser, steampipe, kubescape, argo-workflows, osv-scanner, apko,...

6.1AI score
Exploits0
Wolfi
Wolfi
added 2026/05/09 7:48 p.m.18 views

GHSA-PMWQ-PJRM-6P5R vulnerabilities

Vulnerabilities for packages: ratify, slsa-verifier, falcoctl, policy-controller, rekor, gitsign, gitlab-runner, kyverno-notation-aws, docker-cli-buildx, goreleaser, kubescape, skaffold, dagger, trivy, ko, tkn, neuvector-sigstore-interface, guac, spire-server, tflint, docker-compose, docker,...

6.1AI score
Exploits0
Fedora
Fedora
added 2026/04/13 1:11 a.m.6 views

[SECURITY] Fedora 43 Update: trivy-0.69.3-1.fc43

Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more...

7.8CVSS6.9AI score0.00626EPSS
Exploits3
Packet Storm News
Packet Storm News
added 2026/04/04 12:0 a.m.3 views

Towards Predicting Multi-Vulnerability Attack Chains in Software Supply Chains from Software Bill of Materials Graphs

Software supply chain security compromises often stem from cascaded interactions of vulnerabilities, for example, between multiple vulnerable components. Yet, Software Bill of Materials SBOM-based pipelines for security analysis typically treat scanner findings as independent per-CVE Common...

5.8AI score
Exploits0
Wolfi
Wolfi
added 2026/03/31 7:48 a.m.11 views

GHSA-GM2X-2G9H-CCM8 vulnerabilities

Vulnerabilities for packages: grype, melange, wolfictl, argo-cd, trufflehog, nfpm, kots, witness, k9s, gomplate, argocd-image-updater, gitsign, argo-events, gitlab-runner, gitea, pulumi-language-dotnet, steampipe, kubescape, argo-workflows, osv-scanner, apko, grafana-alloy, dagger, skaffold, triv...

6.1AI score
Exploits0
GithubExploit
GithubExploit
added 2026/03/30 12:45 p.m.114 views

sboms

No d...

5.8AI score
Exploits0
GithubExploit
GithubExploit
added 2026/03/30 12:45 p.m.113 views

spdx-sboms

No d...

5.8AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/03/26 8:3 p.m.3 views

CVE-2026-33481

A flaw was found in Syft, a tool for generating Software Bill of Materials SBOM. When Syft scans large or highly compressed archives, it unpacks them into temporary storage. If this process exhausts the temporary storage, Syft fails to properly clean up these files. This can lead to the temporary...

5.3CVSS5.7AI score0.00408EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2026/03/02 10:34 a.m.239 views

Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

SBOM CVE Scanner - Enhanced Edition A comprehensive Python to...

10CVSS7.3AI score0.99999EPSS
Exploits351
OSV
OSV
added 2026/02/04 7:32 p.m.7 views

CVE-2026-25145 melange has a path traversal in license-path which allows reading files outside workspace

melange allows users to build apk packages using declarative pipelines. From version 0.14.0 to before 0.40.3, an attacker who can influence a melange configuration file e.g., through pull request-driven CI or build-as-a-service scenarios could read arbitrary files from the host system. The...

5.5CVSS5.5AI score0.00168EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/02/04 7:32 p.m.4 views

CVE-2026-25145 melange has a path traversal in license-path which allows reading files outside workspace

melange allows users to build apk packages using declarative pipelines. From version 0.14.0 to before 0.40.3, an attacker who can influence a melange configuration file e.g., through pull request-driven CI or build-as-a-service scenarios could read arbitrary files from the host system. The...

5.5CVSS5.5AI score0.00168EPSS
Exploits0References2
Packet Storm News
Packet Storm News
added 2026/01/30 12:0 a.m.9 views

Uncovering Hidden Inclusions of Vulnerable Dependencies in Real-World Java Projects

Open-source software OSS dependencies are a dominant component of modern software code bases. Using proven and well-tested OSS components lets developers reduce development time and cost while improving quality. However, heavy reliance on open-source software also introduces significant security...

5.6AI score
Exploits0
CNNVD
CNNVD
added 2026/01/22 12:0 a.m.7 views

Altium Enterprise Server security vulnerabilities

Altium Enterprise Server is a localization data management server developed by Altium Corporation in the United States. Version 7.0.3 of Altium Enterprise Server contains a security vulnerability. This vulnerability stems from a stored-xss attack in the Description field of the BOM Viewer, which...

6.8CVSS6AI score0.00201EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:3 a.m.8 views

CVE-2024-39909

KubeClarity is a tool for detection and management of Software Bill Of Materials SBOM and vulnerabilities of container images and filesystems. A time/boolean SQL Injection is present in the following resource /api/applicationResources via the following parameter packageID. As it can be seen in...

6.5CVSS8.1AI score0.00443EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2025/12/01 9:2 p.m.6 views

cyclonedx-core-java: CycloneDX Core (Java): BOM validation is vulnerable to XML External Entity injection

An XML External Entity XXE injection vulnerability was found in the CycloneDX Java core library’s XML validation step where the XML Validator was not configured securely. When a specially crafted CycloneDX BOM XML is validated, external XML entities can be processed XXE, allowing an attacker to...

7.5CVSS5.7AI score0.00359EPSS
Exploits0References9
Packet Storm News
Packet Storm News
added 2025/11/25 12:0 a.m.3 views

A Reality Check on SBOM-Based Vulnerability Management: An Empirical Study and a Path Forward

The Software Bill of Materials SBOM is a critical tool for securing the software supply chain SSC, but its practical utility is undermined by inaccuracies in both its generation and its application in vulnerability scanning. This paper presents a large-scale empirical study on 2,414 open-source...

7AI score
Exploits0
EUVD
EUVD
added 2025/11/10 10:8 p.m.7 views

EUVD-2025-50813

The CycloneDX core module provides a model representation of the SBOM along with utilities to assist in creating, validating, and parsing SBOMs. Starting in version 2.1.0 and prior to version 11.0.1, the XML Validator used by cyclonedx-core-java was not configured securely, making the library...

7.5CVSS6.6AI score0.00589EPSS
Exploits0References6
Wolfi
Wolfi
added 2025/11/02 2:17 p.m.6 views

GHSA-7WWX-XJ66-R44X vulnerabilities

Vulnerabilities for packages: cloud-provider-gcp-cloud-controller-manager, kube-metrics-adapter, docker-credential-ecr-login, rancher-telemetry, http-echo, sealed-secrets, cloud-provider-vsphere, cluster-proportional-autoscaler, direnv, aws-signer-notation-plugin, terraform-provider-time,...

6.1AI score
Exploits0
Rows per page
Query Builder