Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

6 matches found

Amazon
Amazonadded 2026/04/13 12:0 a.m.5 views

Important: amazon-efs-utils

Issue Overview: time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via stack exhaustion is possible. The attack relies on formally deprecated and rarely-used...

9.1CVSS5.8AI score0.00041EPSS
Exploits0
OSV
OSVadded 2026/03/27 7:56 p.m.6 views

GHSA-M959-CC7F-WV43 cryptography has incomplete DNS name constraint enforcement on peer names

Summary In versions of cryptography prior to 46.0.5, DNS name constraints were only validated against SANs within child certificates, and not the "peer name" presented during each validation. Consequently, cryptography would allow a peer named bar.example.com to validate against a wildcard leaf...

6.3CVSS6.8AI score0.0001EPSS
Exploits0References4
RustSec
RustSecadded 2026/03/02 12:0 p.m.1 views

Timing Side-Channel in AES-CCM Tag Verification in AWS-LC

Observable timing discrepancy in AES-CCM decryption in AWS-LC allows an unauthenticated user to potentially determine authentication tag validity via timing analysis. The impacted implementations are through the EVP CIPHER API: EVPaes128ccm, EVPaes192ccm, and EVPaes256ccm. Customers of AWS servic...

8.2CVSS7.5AI score0.00041EPSS
Exploits0Affected Software1
Snyk
Snykadded 2026/02/18 10:36 p.m.3 views

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure in the GenerateShared function in ecies.go. An attacker can extract bits of the p2p node key during an RLPx handshake by sending a series of malicious ephemeral public keys and inferring the validity of bits based o...

7.5CVSS5.6AI score0.00028EPSS
Exploits0References2
Snyk
Snykadded 2026/02/10 9:27 p.m.3 views

Insufficient Verification of Data Authenticity

Overview Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity in public key functions publickeyfromnumbers, EllipticCurvePublicNumbers.publickey, loadderpublickey, and loadpempublickey, which may reveal bits from a private key when provided with a...

8.2CVSS5.6AI score0.00009EPSS
Exploits0References2
Snyk
Snykadded 2025/02/11 6:6 p.m.1 views

Missing Report of Error Condition

Overview Affected versions of this package are vulnerable to Missing Report of Error Condition causing server authentication failures to not be detected by clients, due to handshakes not aborting as expected when the SSLVERIFYPEER verification mode is set. An attacker could impersonate a legitima...

8.8CVSS7AI score0.00804EPSS
Exploits0References2
Rows per page
Query Builder