Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

29 matches found

RedhatCVE
RedhatCVEadded 2026/05/18 1:58 p.m.6 views

CVE-2026-46728

Das U-Boot before 2026.04 allows FIT Flat Image Tree signature verification bypass because hashed-nodes is omitted from a hash...

8.2CVSS5.8AI score0.00004EPSS
Exploits0References1
EUVD
EUVDadded 2026/05/17 12:31 a.m.7 views

EUVD-2026-30673

Das U-Boot before 2026.04 allows FIT Flat Image Tree signature verification bypass because hashed-nodes is omitted from a hash...

8.2CVSS5.8AI score0.00004EPSS
Exploits0References3
OSV
OSVadded 2026/05/16 10:16 p.m.3 views

UBUNTU-CVE-2026-46728

Das U-Boot before 2026.04 allows FIT Flat Image Tree signature verification bypass because hashed-nodes is omitted from a hash...

8.2CVSS5.8AI score0.00004EPSS
Exploits0References4
UbuntuCve
UbuntuCveadded 2026/05/16 10:16 p.m.5 views

CVE-2026-46728

Das U-Boot before 2026.04 allows FIT Flat Image Tree signature verification bypass because hashed-nodes is omitted from a hash...

8.2CVSS5.8AI score0.00004EPSS
Exploits0References3
ATTACKERKB
ATTACKERKBadded 2026/05/16 9:26 p.m.5 views

CVE-2026-46728

Das U-Boot before 2026.04 allows FIT Flat Image Tree signature verification bypass because hashed-nodes is omitted from a hash...

8.2CVSS5.8AI score0.00004EPSS
Exploits0References3
CVE
CVEadded 2026/05/16 9:26 p.m.11 views

CVE-2026-46728

The CVE-2026-46728 entry concerns U-Boot (before 2026.04) where FIT (Flat Image Tree) signature verification can bypass trust because hashed-nodes are omitted from a hash. Affected software: U-Boot (pre-2026.04). Vulnerable component: FIT signature verification process. Root cause: omission of ha...

8.2CVSS5.8AI score0.00004EPSS
Exploits0References2
Cvelist
Cvelistadded 2026/05/16 9:26 p.m.23 views

CVE-2026-46728

Das U-Boot before 2026.04 allows FIT Flat Image Tree signature verification bypass because hashed-nodes is omitted from a hash...

8.2CVSS0.00004EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2026/05/16 9:26 p.m.6 views

CVE-2026-46728

Das U-Boot before 2026.04 allows FIT Flat Image Tree signature verification bypass because hashed-nodes is omitted from a hash...

8.2CVSS5.8AI score0.00004EPSS
Exploits0References2
Debian CVE
Debian CVEadded 2026/05/16 9:26 p.m.4 views

CVE-2026-46728

Das U-Boot before 2026.04 allows FIT Flat Image Tree signature verification bypass because hashed-nodes is omitted from a hash...

8.2CVSS5.8AI score0.00004EPSS
Exploits0
Positive Technologies
Positive Technologiesadded 2026/05/16 12:0 a.m.8 views

PT-2026-41468

Name of the Vulnerable Software and Affected Versions Das U-Boot versions prior to 2026.04 Description Das U-Boot allows a Flat Image Tree FIT signature verification bypass. This occurs because hashed-nodes are omitted from a hash, which can lead to the acceptance of unsigned or modified images...

8.2CVSS5.8AI score0.00004EPSS
Exploits0References5
Cvelist
Cvelistadded 2026/03/20 10:51 p.m.17 views

CVE-2026-33243 barebox: FIT Signature Verification Bypass Vulnerability

barebox is a bootloader. In barebox from version 2016.03.0 to before version 2026.03.1 and the corresponding backport to 2025.09.3, an attacker could exploit a FIT signature verification vulnerability to trick the bootloader into booting different images than those that were verified as part of a...

8.2CVSS0.00003EPSS
Exploits0References2
Tenable Nessus
Tenable Nessusadded 2026/02/21 12:0 a.m.3 views

Debian dla-4486 : nova-api - security update

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dla-4486 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4486-1 [email protected] https://www.debian.org/lts/security/...

8.2CVSS5.6AI score0.00019EPSS
Exploits0References4
Debian
Debianadded 2026/02/19 8:53 p.m.4 views

[SECURITY] [DSA 6145-1] nova security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6145-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso February 19, 2026 https://www.debian.org/security/faq -...

8.2CVSS5.5AI score0.00019EPSS
Exploits0
Tenable Nessus
Tenable Nessusadded 2026/02/19 12:0 a.m.3 views

Debian dsa-6145 : nova-api - security update

The remote Debian 12 / 13 host has packages installed that are affected by a vulnerability as referenced in the dsa-6145 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6145-1 [email protected] https://www.debian.org/security/...

8.2CVSS5.5AI score0.00019EPSS
Exploits0References5
OSV
OSVadded 2026/02/18 6:30 p.m.4 views

GHSA-M4F3-QP2W-GWH6 OpenStack Nova calls qemu-img without format restrictions for resize

An issue was discovered in OpenStack Nova before 30.2.2, 31 before 31.2.1, and 32 before 32.1.1. By writing a malicious QCOW header to a root or ephemeral disk and then triggering a resize, a user may convince Nova's Flat image backend to call qemu-img without a format restriction, resulting in a...

8.2CVSS5.9AI score0.00019EPSS
Exploits0References6
NVD
NVDadded 2026/02/18 6:24 p.m.4 views

CVE-2026-24708

An issue was discovered in OpenStack Nova before 30.2.2, 31 before 31.2.1, and 32 before 32.1.1. By writing a malicious QCOW header to a root or ephemeral disk and then triggering a resize, a user may convince Nova's Flat image backend to call qemu-img without a format restriction, resulting in a...

8.2CVSS0.00019EPSS
Exploits0References3
CVE
CVEadded 2026/02/18 12:0 a.m.20 views

CVE-2026-24708

CVE-2026-24708 affects OpenStack Nova (Flat image backend), where an attacker could cause unsafe image resize by writing a malicious QCOW header to a root or ephemeral disk, triggering qemu-img without a format restriction. Affected: Nova releases before 30.2.2, 31 before 31.2.1, and 32 before 32...

8.2CVSS5.5AI score0.00019EPSS
Exploits0References3
CNNVD
CNNVDadded 2026/02/18 12:0 a.m.4 views

OpenStack Nova 安全漏洞

OpenStack Nova is a core computing service component of the OpenStack open-source framework. Versions of OpenStack Nova prior to 30.2.2, 31.2.1, and 32.1.1 have security vulnerabilities. These vulnerabilities stem from the Flat image backend’s failure to apply format restrictions when processing...

8.2CVSS5.8AI score0.00019EPSS
Exploits0References3
Vulnrichment
Vulnrichmentadded 2026/02/18 12:0 a.m.5 views

CVE-2026-24708

An issue was discovered in OpenStack Nova before 30.2.2, 31 before 31.2.1, and 32 before 32.1.1. By writing a malicious QCOW header to a root or ephemeral disk and then triggering a resize, a user may convince Nova's Flat image backend to call qemu-img without a format restriction, resulting in a...

8.2CVSS5.5AI score0.00019EPSS
Exploits0References2
ATTACKERKB
ATTACKERKBadded 2026/02/18 12:0 a.m.6 views

CVE-2026-24708

An issue was discovered in OpenStack Nova before 30.2.2, 31 before 31.2.1, and 32 before 32.1.1. By writing a malicious QCOW header to a root or ephemeral disk and then triggering a resize, a user may convince Nova's Flat image backend to call qemu-img without a format restriction, resulting in a...

8.2CVSS5.5AI score0.00019EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder