CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

324 matches found

NVD•added 2026/01/22 10:16 p.m.•10 views

CVE-2026-23831

Rekor is a software supply chain transparency log. In versions 1.4.3 and below, the entry implementation can panic on attacker-controlled input when canonicalizing a proposed entry with an empty spec.message, causing nil Pointer Dereference. Function validate returns nil success when message is...

5.3CVSS0.00384EPSS

Exploits0References3

UbuntuCve•added 2026/01/22 10:16 p.m.•3 views

CVE-2026-23831

5.3CVSS5.8AI score0.00384EPSS

Exploits0References4

OSV•added 2026/01/22 10:16 p.m.•3 views

UBUNTU-CVE-2026-23831

5.3CVSS7.2AI score0.00384EPSS

Exploits0References5

AlpineLinux•added 2026/01/22 9:26 p.m.•2 views

CVE-2026-23831

5.3CVSS5.5AI score0.00384EPSS

Exploits0References3

ATTACKERKB•added 2026/01/22 9:26 p.m.•4 views

CVE-2026-23831

5.3CVSS5.3AI score0.00384EPSS

Exploits0References4Affected Software1

Cvelist•added 2026/01/22 9:26 p.m.•16 views

CVE-2026-23831 Rekor COSE v0.0.1 Canonicalize crashes when passed empty Message

5.3CVSS0.00384EPSS

Exploits0References3

OSV•added 2026/01/22 9:26 p.m.•3 views

CVE-2026-23831 Rekor COSE v0.0.1 Canonicalize crashes when passed empty Message

5.3CVSS5.5AI score0.00384EPSS

Exploits0References5

OSV•added 2026/01/22 6:41 p.m.•4 views

GHSA-273P-M2CW-6833 Rekor's COSE v0.0.1 entry type nil pointer dereference in Canonicalize via empty Message

Summary Rekor’s cose v0.0.1 entry implementation can panic on attacker-controlled input when canonicalizing a proposed entry with an empty spec.message. validate returns nil success when message is empty, leaving sign1Msg uninitialized, and Canonicalize later dereferences v.sign1Msg.Payload. Impa...

5.3CVSS5.6AI score0.00384EPSS

Exploits0References5

Positive Technologies•added 2026/01/22 12:0 a.m.•4 views

PT-2026-4280

Name of the Vulnerable Software and Affected Versions Rekor versions 1.4.3 and below Description Rekor’s entry implementation can experience a panic when processing attacker-controlled input during the canonicalization of a proposed entry with an empty spec.message. The validate function...

9.8CVSS5.4AI score0.00598EPSS

Exploits1References265

Tenable Nessus•added 2026/01/19 12:0 a.m.•5 views

MiracleLinux 8 : container-tools:rhel8 (AXSA:2021-2220:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-2220:01 advisory. golang: crypto/ssh: crafted authentication request can lead to nil pointer dereference CVE-2020-29652 podman: Remote traffic to rootless containers ...

7.5CVSS8.5AI score0.03228EPSS

Exploits1References3

RedHat Linux•added 2026/01/14 4:8 a.m.•7 views

golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: SSH client panic due to unexpected SSH_AGENT_SUCCESS

A flaw in golang.org/x/crypto/ssh/agent causes the SSH agent client to panic when a peer responds with the generic SSHAGENTSUCCESS 0x06 message to requests expecting typed replies e.g., List, Sign. The unmarshal layer produces an unexpected message type, which the client code does not handle,...

7.5CVSS7.2AI score0.00579EPSS

Exploits1References8

RedHat Linux•added 2026/01/12 5:35 p.m.•12 views

golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: SSH client panic due to unexpected SSH_AGENT_SUCCESS

7.5CVSS7.2AI score0.00579EPSS

Exploits1References8

RedHat Linux•added 2026/01/12 3:51 a.m.•2 views

golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: SSH client panic due to unexpected SSH_AGENT_SUCCESS

7.5CVSS7.2AI score0.00579EPSS

Exploits1References8

SUSE CVE•added 2026/01/06 12:24 a.m.•2 views

SUSE CVE-2025-68274

SIPGO is a library for writing SIP services in the GO language. Starting in version 0.3.0 and prior to version 1.0.0-alpha-1, a nil pointer dereference vulnerability is in the SIPGO library's NewResponseFromRequest function that affects all normal SIP operations. The vulnerability allows remote...

8.7CVSS7.2AI score0.00487EPSS

Exploits1References2

OSV•added 2025/12/22 6:15 p.m.•4 views

GO-2025-4244 SIPGO is Vulnerable to Response DoS via Nil Pointer Dereference in github.com/emiago/sipgo

SIPGO is Vulnerable to Response DoS via Nil Pointer Dereference in github.com/emiago/sipgo...

8.7CVSS6.5AI score0.00487EPSS

Exploits1References2

RedhatCVE•added 2025/12/19 12:41 a.m.•6 views

CVE-2025-65564

A denial-of-service vulnerability exists in the omec-upf upf-epc-pfcpiface in version upf-epc-pfcpiface:2.1.3-dev. When the UPF receives a PFCP Association Setup Request that is missing the mandatory Recovery Time Stamp Information Element, the association setup handler dereferences a nil pointer...

7.5CVSS6.8AI score0.0036EPSS

Exploits1References1

RedhatCVE•added 2025/12/19 12:41 a.m.•4 views

CVE-2025-65565

A denial-of-service vulnerability exists in the omec-project UPF pfcpiface component in version upf-epc-pfcpiface:2.1.3-dev. After PFCP association is established, a PFCP Session Establishment Request that is missing the mandatory F-SEID CPF-SEID Information Element is not properly validated. The...

7.5CVSS6.8AI score0.00347EPSS

Exploits1References1

NVD•added 2025/12/18 8:16 p.m.•3 views

CVE-2025-65566

A denial-of-service vulnerability exists in the omec-project UPF pfcpiface component in version upf-epc-pfcpiface:2.1.3-dev. When the UPF receives a PFCP Session Report Response that is missing the mandatory Cause Information Element, the session report handler dereferences a nil pointer instead ...

7.5CVSS0.00285EPSS

Exploits1References1

OSV•added 2025/12/18 8:16 p.m.•3 views

CVE-2025-65566

7.5CVSS5.8AI score0.00285EPSS

Exploits1References1

NVD•added 2025/12/18 7:16 p.m.•3 views

CVE-2025-65565

7.5CVSS0.00347EPSS

Exploits1References1

Rows per page