CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 2026/05/26 12:59 a.m.•6 views

MAL-2026-4721 Malicious code in weavedb-node-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d174728fc7469b023ece1980797185c35abd74c56e253bc1dc1b295a46a1dbd2 package.json declares "preinstall": "./tools/setup", unconditionally executing a 976KB UPX-packed, stripped Linux x86 ELF on every npm install. The...

6AI score

Exploits0References1

Tenable Nessus•added 2026/05/25 12:0 a.m.•6 views

Linux Distros Unpatched Vulnerability : CVE-2026-46598

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - For certain crafted inputs, a 'ed25519.PrivateKey' was created by casting malformed wire bytes, leading to a panic when used. CVE-2026-46598 Note that Nessus...

SUSE CVE•added 2026/05/23 1:27 a.m.•7 views

SUSE CVE-2026-46598

For certain crafted inputs, a 'ed25519.PrivateKey' was created by casting malformed wire bytes, leading to a panic when used...

7.5CVSS5.8AI score0.0005EPSS

Snyk•added 2026/05/22 5:29 a.m.•5 views

Incorrect Type Conversion or Cast

Overview Affected versions of this package are vulnerable to Incorrect Type Conversion or Cast due to the improper handling of crafted input data in the ed25519.PrivateKey component. An attacker can cause the client to panic by supplying malformed wire bytes. Remediation Upgrade...

8.7CVSS5.8AI score0.0005EPSS

Exploits0References2

Snyk•added 2026/05/22 5:29 a.m.•6 views

Incorrect Type Conversion or Cast

8.7CVSS5.8AI score0.0005EPSS

Exploits0References2

NVD•added 2026/05/22 4:16 a.m.•7 views

CVE-2026-46598

For certain crafted inputs, a 'ed25519.PrivateKey' was created by casting malformed wire bytes, leading to a panic when used...

5.3CVSS0.0005EPSS

OSV•added 2026/05/22 4:16 a.m.•3 views

UBUNTU-CVE-2026-46598

For certain crafted inputs, a 'ed25519.PrivateKey' was created by casting malformed wire bytes, leading to a panic when used...

Cvelist•added 2026/05/22 2:31 a.m.•31 views

Exploits0References6

CVE-2026-46598 Invoking pathological inputs can lead to client panic in golang.org/x/crypto/ssh/agent

For certain crafted inputs, a 'ed25519.PrivateKey' was created by casting malformed wire bytes, leading to a panic when used...

0.0005EPSS

CVE•added 2026/05/22 2:31 a.m.•7 views

CVE-2026-46598

CVE-2026-46598: Several connected sources confirm that for certain crafted inputs, a golang.org/x/crypto/ssh/agent workflow can cast malformed wire bytes into an ed25519.PrivateKey, causing a panic when the key is used. The description is consistent across NVD, Debian, CIRCL, and OSV entries, ind...

Exploits0References4Affected Software1

Vulnrichment•added 2026/05/22 2:31 a.m.•5 views

CVE-2026-46598 Invoking pathological inputs can lead to client panic in golang.org/x/crypto/ssh/agent

For certain crafted inputs, a 'ed25519.PrivateKey' was created by casting malformed wire bytes, leading to a panic when used...

5.8AI score0.0005EPSS

Debian CVE•added 2026/05/22 2:31 a.m.•5 views

CVE-2026-46598

For certain crafted inputs, a 'ed25519.PrivateKey' was created by casting malformed wire bytes, leading to a panic when used...

ATTACKERKB•added 2026/05/22 2:31 a.m.•4 views

Exploits0

CVE-2026-46598

For certain crafted inputs, a 'ed25519.PrivateKey' was created by casting malformed wire bytes, leading to a panic when used...

5.8AI score0.0005EPSS

OSV•added 2026/05/22 2:8 a.m.•4 views

GO-2026-5033 Invoking pathological inputs can lead to client panic in golang.org/x/crypto/ssh/agent

For certain crafted inputs, a 'ed25519.PrivateKey' was created by casting malformed wire bytes, leading to a panic when used...

UbuntuCve•added 2026/05/22 12:0 a.m.•8 views

CVE-2026-46598

For certain crafted inputs, a 'ed25519.PrivateKey' was created by casting malformed wire bytes, leading to a panic when used...

Tenable Nessus•added 2026/05/22 12:0 a.m.•3 views

Unity Linux 20.1050e / 20.1070e Security Update: ed25519-java (UTSA-2026-016772)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016772 advisory. The implementation of EdDSA in EdDSA-Java aka ed25519-java through 0.3.0 exhibits signature malleability and does not satisfy the SUF-CMA Strong Existential...

4.3CVSS5.8AI score0.00028EPSS

CNNVD•added 2026/05/22 12:0 a.m.•4 views

Google Go 安全漏洞

Google Go is a static, strongly typed, compiled, concurrent programming language with garbage collection features from the American company Google. There is a security vulnerability in Google Go, which stems from creating ed25519.PrivateKey by forced conversion of format-errorsed bytes in the...

Positive Technologies•added 2026/05/22 12:0 a.m.•7 views

PT-2026-42718

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description Certain crafted inputs allow the creation of an ed25519.PrivateKey by casting malformed wire bytes, which results in a panic when the key is used. A panic is an...

OSV•added 2026/05/21 7:45 p.m.•5 views

Exploits0References31

GHSA-H9CC-W26M-J342 nimiq-keys: Denial of service in Ed25519 multisig delinearization via invalid curve points

Impact A denial-of-service vulnerability exists in the Ed25519 multisig delinearization code path. Ed25519PublicKey::delinearize in keys/src/multisig/mod.rs called .unwrap on curve point decompression, which panics when a public key is constructed from 32 bytes that do not represent a valid point...

4.3CVSS5.9AI score