Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

ATTACKERKB
ATTACKERKBadded 2026/02/04 7:32 p.m.3 views

CVE-2026-25145

melange allows users to build apk packages using declarative pipelines. From version 0.14.0 to before 0.40.3, an attacker who can influence a melange configuration file e.g., through pull request-driven CI or build-as-a-service scenarios could read arbitrary files from the host system. The...

5.5CVSS5.5AI score0.00168EPSS
Exploits0References3Affected Software1
OSV
OSVadded 2026/02/04 7:32 p.m.5 views

CVE-2026-25145 melange has a path traversal in license-path which allows reading files outside workspace

melange allows users to build apk packages using declarative pipelines. From version 0.14.0 to before 0.40.3, an attacker who can influence a melange configuration file e.g., through pull request-driven CI or build-as-a-service scenarios could read arbitrary files from the host system. The...

5.5CVSS5.5AI score0.00168EPSS
Exploits0References4
Github Security Blog
Github Security Blogadded 2026/02/04 12:9 a.m.10 views

melange has a path traversal in license-path which allows reading files outside workspace

An attacker who can influence a melange configuration file e.g., through pull request-driven CI or build-as-a-service scenarios could read arbitrary files from the host system. The LicensingInfos function in pkg/config/config.go reads license files specified in copyright.license-path without...

5.5CVSS5.5AI score0.00168EPSS
Exploits0References4Affected Software1
OSV
OSVadded 2025/03/28 1:5 p.m.4 views

MAL-2025-2972 Malicious code in license-txt (PyPI)

--- -= Per source details. Do not edit below this line.=-...

7.1AI score
Exploits0
Tenable Nessus
Tenable Nessusadded 2018/04/23 12:0 a.m.32 views

openSUSE Security Update : cfitsio (openSUSE-2018-383)

This update for cfitsio fixes the following issues : Security issues fixed : - CVE-2018-1000166: Unsafe use of sprintf can allow a remote unauthenticated attacker to execute arbitrary code boo1088590 This update to version 3.430 also contains a number of upstream bug fixes. The following tracked...

8.2AI score
Exploits0References3
OPENSUSE Linux
OPENSUSE Linuxadded 2018/04/21 12:6 a.m.111 views

Security update for cfitsio (important)

This update for cfitsio fixes the following issues: Security issues fixed: - CVE-2018-1000166: Unsafe use of sprintf can allow a remote unauthenticated attacker to execute arbitrary code boo1088590 This update to version 3.430 also contains a number of upstream bug fixes. The following tracked...

3.7AI score
Exploits0References2
Oracle linux
Oracle linuxadded 2012/06/27 12:0 a.m.36 views

rsyslog security, bug fix, and enhancement update

5.8.10-2 - add patch to update information on debugging in the man page Resolves: 820311 - add patch to prevent debug output to stdout after forking Resolves: 820996 - add patch to support ssl certificates with domain names longer than 128 chars Resolves: 822118 5.8.10-1 - rebase to rsyslog 5.8.1...

2.1CVSS6.2AI score0.0042EPSS
Exploits0
Rows per page
Query Builder