CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

825 matches found

Tenable Nessus•added 2025/11/11 12:0 a.m.•1 views

Amazon Linux 2 : amazon-ecr-credential-helper, --advisory ALAS2NITRO-ENCLAVES-2025-073 (ALASNITRO-ENCLAVES-2025-073)

The version of amazon-ecr-credential-helper installed on the remote host is prior to 0.10.1-3. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2NITRO-ENCLAVES-2025-073 advisory. net/url: insufficient validation of bracketed IPv6 hostnames The Parse function permitt...

7.5CVSS7.4AI score0.00046EPSS

Exploits0References22

Amazon•added 2025/11/10 12:0 a.m.•1 views

Important: amazon-ecr-credential-helper

Issue Overview: net/url: insufficient validation of bracketed IPv6 hostnames The Parse function permitted values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed withi...

7.5CVSS8.8AI score0.00046EPSS

Exploits0

Amazon•added 2025/11/10 12:0 a.m.•1 views

Important: amazon-ecr-credential-helper

7.5CVSS8.8AI score0.00046EPSS

Exploits0

Amazon•added 2025/11/10 12:0 a.m.•1 views

Important: amazon-ecr-credential-helper

7.5CVSS8.6AI score0.00046EPSS

Exploits0

RedhatCVE•added 2025/11/08 10:57 p.m.•0 views

CVE-2025-58188

Validating certificate chains which contain DSA public keys can cause programs to panic, due to a interface cast that assumes they implement the Equal method. This affects programs which validate arbitrary certificate chains. Mitigation Mitigation for this issue is either not available or the...

7.5CVSS6.4AI score0.00013EPSS

Exploits0References8

OSV•added 2025/11/06 12:58 p.m.•3 views

BIT-GOLANG-2025-58188 Panic when validating certificates with DSA public keys in crypto/x509

7.5CVSS6.7AI score0.00013EPSS

Exploits0References6

Filippo.io•added 2025/11/01 6:10 p.m.•7 views

Claude Code Can Debug Low-level Cryptography

Over the past few days I wrote a new Go implementation of ML-DSA, a post-quantum signature algorithm specified by NIST last summer. I livecoded it all over four days, finishing it on Thursday evening. Except… Verify was always rejecting valid signatures. $ bin/go test crypto/internal/fips140/mlds...

7.2AI score

Exploits0

Microsoft CVE•added 2025/10/31 1:8 a.m.•1 views

Panic when validating certificates with DSA public keys in crypto/x509

...

7.5CVSS7AI score0.00013EPSS

Exploits0

NVD•added 2025/10/29 11:16 p.m.•2 views

CVE-2025-58188

7.5CVSS0.00013EPSS

Exploits0References5

OSV•added 2025/10/29 11:16 p.m.•1 views

UBUNTU-CVE-2025-58188

7.5CVSS7AI score0.00013EPSS

Exploits0References6

Vulnrichment•added 2025/10/29 10:10 p.m.•1 views

CVE-2025-58188 Panic when validating certificates with DSA public keys in crypto/x509

6.6AI score0.00013EPSS

Exploits0References4

Debian CVE•added 2025/10/29 10:10 p.m.•1 views

CVE-2025-58188

7.5CVSS8.3AI score0.00013EPSS

Exploits0

CNNVD•added 2025/10/29 12:0 a.m.•1 views

Google Go encoding 安全漏洞

Google Go encoding is a code library from Google, Inc. that provides multiple forms of encoding for data based on the Go language. A security vulnerability exists in Google Go encoding that stems from an interface conversion error when validating a certificate chain containing a DSA public key,...

7.5CVSS6.7AI score0.00013EPSS

Exploits0References5

OSV•added 2025/10/21 3:15 p.m.•0 views

CVE-2025-57521

Bambu Studio 2.1.1.52 and earlier is affected by a vulnerability that allows arbitrary code execution during application startup. The application loads a network plugin without validating its digital signature or verifying its authenticity. A local attacker can exploit this behavior by placing a...

6.1CVSS6.3AI score

Exploits0References3