CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Ubuntu•added 2026/02/16 7:49 a.m.•6 views

USN-8025-2: .NET vulnerability

USN 8025-1 fixed a vulnerability in .NET. This update provides the corresponding fix for Ubuntu 24.04 LTS. Original advisory details: Kevin Jones discovered that the System.Security.Cryptography.Cose component in .NET did not properly handle certain missing special elements in input data. An...

7.5CVSS5.6AI score0.00045EPSS

OSV•added 2026/02/16 7:49 a.m.•3 views

USN-8025-2 dotnet8, dotnet10 vulnerability

7.5CVSS5.8AI score0.00045EPSS

Tenable Nessus•added 2026/02/13 12:0 a.m.•4 views

Ubuntu 22.04 LTS / 25.10 : .NET vulnerability (USN-8025-1)

The remote Ubuntu 22.04 LTS / 25.10 host has packages installed that are affected by a vulnerability as referenced in the USN-8025-1 advisory. Kevin Jones discovered that the System.Security.Cryptography.Cose component in .NET did not properly handle certain missing special elements in input data...

7.5CVSS7.2AI score0.00045EPSS

Ubuntu•added 2026/02/11 2:25 p.m.•7 views

USN-8025-1: .NET vulnerability

Kevin Jones discovered that the System.Security.Cryptography.Cose component in .NET did not properly handle certain missing special elements in input data. An attacker could possibly use this issue to bypass security checks and gain unauthorized access or perform data manipulation...

7.5CVSS5.6AI score0.00045EPSS

OSV•added 2026/02/11 2:25 p.m.•1 views

USN-8025-1 dotnet8, dotnet9, dotnet10 vulnerability

7.5CVSS5.8AI score0.00045EPSS

Snyk•added 2026/02/10 9:32 p.m.•3 views

Improper Handling of Missing Special Element

Overview Affected versions of this package are vulnerable to Improper Handling of Missing Special Element in DecodeUnprotectedBucket in CoseMessage.cs‎. An attacker can gain unauthorized access or manipulate data by supplying a malicious payload that bypasses security mechanisms. Remediation...

8.7CVSS5.6AI score0.00045EPSS

OSV•added 2026/02/10 9:32 p.m.•4 views

GHSA-QVHC-9V3J-5RFW Microsoft Security Advisory CVE-2026-21218 | .NET Security Feature Bypass Vulnerability

Microsoft Security Advisory CVE-2026-21218 | .NET Security Feature Bypass Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 8.0, .NET 9.0, and .NET 10.0. This advisory also provides guidance on what developers can do...

8.7CVSS5.6AI score0.00045EPSS

Exploits0References4

Github Security Blog•added 2026/02/10 9:32 p.m.•14 views

Microsoft Security Advisory CVE-2026-21218 | .NET Security Feature Bypass Vulnerability

7.5CVSS5.6AI score0.00045EPSS

Exploits0References4Affected Software1

Positive Technologies•added 2026/02/10 12:0 a.m.•3 views

PT-2026-7332

Name of the Vulnerable Software and Affected Versions .NET versions 8.0.0 through 8.0.22 .NET versions 9.0.0 through 9.0.12 .NET versions 10.0.0 through 10.0.2 Description The software contains a security feature bypass issue due to improper handling of missing special elements. An attacker could...

8.7CVSS5.5AI score0.00045EPSS

Exploits0References22

NVD•added 2026/01/22 10:16 p.m.•3 views

CVE-2026-23831

Rekor is a software supply chain transparency log. In versions 1.4.3 and below, the entry implementation can panic on attacker-controlled input when canonicalizing a proposed entry with an empty spec.message, causing nil Pointer Dereference. Function validate returns nil success when message is...

5.3CVSS0.00019EPSS

Exploits0References3

AlpineLinux•added 2026/01/22 9:26 p.m.•2 views

CVE-2026-23831

5.3CVSS5.5AI score0.00019EPSS

Exploits0References3

OSV•added 2026/01/22 9:26 p.m.•3 views

CVE-2026-23831 Rekor COSE v0.0.1 Canonicalize crashes when passed empty Message

5.3CVSS5.5AI score0.00019EPSS

Cvelist•added 2026/01/22 9:26 p.m.•14 views

CVE-2026-23831 Rekor COSE v0.0.1 Canonicalize crashes when passed empty Message

5.3CVSS0.00019EPSS

Exploits0References3

OSV•added 2026/01/22 6:41 p.m.•3 views

GHSA-273P-M2CW-6833 Rekor's COSE v0.0.1 entry type nil pointer dereference in Canonicalize via empty Message

Summary Rekor’s cose v0.0.1 entry implementation can panic on attacker-controlled input when canonicalizing a proposed entry with an empty spec.message. validate returns nil success when message is empty, leaving sign1Msg uninitialized, and Canonicalize later dereferences v.sign1Msg.Payload. Impa...

5.3CVSS5.6AI score0.00019EPSS

Github Security Blog•added 2026/01/22 6:41 p.m.•7 views

Rekor's COSE v0.0.1 entry type nil pointer dereference in Canonicalize via empty Message

5.3CVSS5.5AI score0.00019EPSS

Exploits0References5Affected Software1

Packet Storm News•added 2025/10/12 12:0 a.m.•2 views

Man-In-The-Middle Proof-Of-Concept Via Krontiris' Ephemeral Diffie-Hellman over COSE (EDHOC) in C

This report presents some technical details on the authentication process of a lightweight key exchange protocol, paying attention on how Man-in-the-Middle MitM attacks could undermine its security, e.g., under the scope of lawful interception and its risk to facilitate mass surveillance. We focu...

6.9AI score

Packet Storm News•added 2025/05/22 12:0 a.m.•2 views

Secure Parsing and Serializing with Separation Logic Applied to CBOR, CDDL, and COSE

Incorrect handling of security-critical data formats, particularly in low-level languages, are the root cause of many security vulnerabilities. Provably correct parsing and serialization tools that target languages like C can help. Towards this end, we present PulseParse, a library of verified...

7.4AI score

RedHat Linux•added 2024/10/14 11:21 a.m.•3 views

dotnet: Multiple .NET components susceptible to hash flooding

A flaw was found in dotnet. The System.Security.Cryptography.Cose, System.IO.Packaging and System.Runtime.Caching components may be exposed to hostile input, making them susceptible to hash flooding attacks, resulting in denial of service...

7.5CVSS5.7AI score0.00738EPSS

RedHat Linux•added 2024/10/14 2:33 a.m.•4 views

dotnet: Multiple .NET components susceptible to hash flooding

7.5CVSS5.7AI score0.00738EPSS