CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

91 matches found

Packet Storm News•added 2026/05/06 12:0 a.m.•7 views

Evolution of Log-Based Detection Rules in Public Repositories

Log-based detection rules remain central to modern security operations, encoding domain expertise that analysts iteratively refine to balance detection coverage against alert volume. Yet while prior work has examined the evolution of network intrusion detection signatures, the longitudinal behavi...

5.8AI score

Exploits0

Github Security Blog•added 2026/04/22 5:34 p.m.•11 views

DOMPurify: FORBID_TAGS bypassed by function-based ADD_TAGS predicate (asymmetry with FORBID_ATTR fix)

There is an inconsistency between FORBIDTAGS and FORBIDATTR handling when function-based ADDTAGS is used. Commit c361baa added an early exit for FORBIDATTR at line 1214: / FORBIDATTR must always win, even if ADDATTR predicate would allow it / if FORBIDATTRlcName return false; The same fix was not...

6.1CVSS5.7AI score0.00017EPSS

Exploits1References5Affected Software1

SUSE CVE•added 2026/04/10 11:25 p.m.•3 views

SUSE CVE-2026-39395

Cosign provides code signing and transparency for containers and binaries. Prior to 3.0.6 and 2.6.3, cosign verify-blob-attestation may erroneously report a "Verified OK" result for attestations with malformed payloads or mismatched predicate types. For old-format bundles and detached signatures,...

6.5CVSS5.8AI score0.00042EPSS

Exploits0References3

OSV•added 2026/04/09 8:37 a.m.•3 views

BIT-COSIGN-2026-39395 Cosign's verify-blob-attestation reports false positive when payload parsing fails

5.3CVSS5.8AI score0.00042EPSS

Exploits0References2

RedhatCVE•added 2026/04/08 9:0 a.m.•2 views

CVE-2026-39395

A flaw was found in Cosign, a tool for code signing and transparency for containers and binaries. A remote attacker could exploit this vulnerability by providing malformed payloads or attestations with mismatched predicate types. This could lead to Cosign erroneously reporting a "Verified OK"...

6.5CVSS5.9AI score0.00042EPSS

Exploits0References4

Github Security Blog•added 2026/04/08 12:15 a.m.•4 views

Cosign's verify-blob-attestation reports false positive when payload parsing fails

Description cosign verify-blob-attestation may erroneously report a "Verified OK" result for attestations with malformed payloads or mismatched predicate types. For old-format bundles and detached signatures, this was due to a logic flaw in the error handling of the predicate type validation. For...

5.3CVSS5.9AI score0.00042EPSS

Exploits0References3Affected Software1

EUVD•added 2026/04/08 12:15 a.m.•2 views

EUVD-2026-19919

Cosign's verify-blob-attestation reports false positive when payload parsing fails...

4.3CVSS5.9AI score0.00042EPSS

Exploits0References2

OSV•added 2026/04/08 12:15 a.m.•1 views

GHSA-W6C6-C85G-MMV6 Cosign's verify-blob-attestation reports false positive when payload parsing fails

4.3CVSS5.8AI score0.00042EPSS

Exploits0References3

OSV•added 2026/04/07 8:16 p.m.•3 views

DEBIAN-CVE-2026-39395

5.3CVSS5.4AI score0.00042EPSS

Exploits0References1

NVD•added 2026/04/07 8:16 p.m.•2 views

CVE-2026-39395

5.3CVSS0.00042EPSS

Exploits0References1

UbuntuCve•added 2026/04/07 8:16 p.m.•2 views

CVE-2026-39395

5.3CVSS6AI score0.00042EPSS

Exploits0References2

OSV•added 2026/04/07 8:16 p.m.•2 views

UBUNTU-CVE-2026-39395

5.3CVSS5.8AI score0.00042EPSS

Exploits0References3

ATTACKERKB•added 2026/04/07 8:6 p.m.•4 views

CVE-2026-39395

4.3CVSS6AI score0.00042EPSS

Exploits0References2Affected Software1

Cvelist•added 2026/04/07 8:6 p.m.•13 views

CVE-2026-39395 Cosign's verify-blob-attestation reports false positive when payload parsing fails

4.3CVSS0.00042EPSS

Exploits0References1

Debian CVE•added 2026/04/07 8:6 p.m.•3 views

CVE-2026-39395

5.3CVSS5.4AI score0.00042EPSS

Exploits0

AlpineLinux•added 2026/04/07 8:6 p.m.•6 views

CVE-2026-39395

5.3CVSS5.5AI score0.00042EPSS

Exploits0

Vulnrichment•added 2026/04/07 8:6 p.m.•2 views

CVE-2026-39395 Cosign's verify-blob-attestation reports false positive when payload parsing fails

4.3CVSS6AI score0.00042EPSS

Exploits0References1

CVE•added 2026/04/07 8:6 p.m.•26 views

CVE-2026-39395

CVE-2026-39395 affects Cosign prior to 3.0.6 and 2.6.3, where verify-blob-attestation could erroneously report a Verified OK result for attestations with malformed payloads or mismatched predicate types. The root causes differ by bundle format: old-format bundles had a logic flaw in error handlin...

5.3CVSS6AI score0.00042EPSS

Exploits0References1Affected Software1

CNNVD•added 2026/04/07 12:0 a.m.•4 views

cosign 代码问题漏洞

Cosign is a container signature, verification, and storage mechanism in the OCI registry of Sigstore, a open-source project in the United States. Versions of Cosign prior to 3.0.6 and 2.6.3 contained code vulnerabilities. These vulnerabilities stemmed from logical flaws related to incorrectly...

5.3CVSS5.9AI score0.00042EPSS

Exploits0References1

Positive Technologies•added 2026/04/07 12:0 a.m.•2 views

PT-2026-31010

Name of the Vulnerable Software and Affected Versions Cosign versions prior to 3.0.6 and prior to 2.6.3 Description Cosign, a tool for code signing and transparency for containers and binaries, had a flaw in verify-blob-attestation where it could incorrectly report a successful verification...

5.3CVSS6AI score0.00042EPSS

Exploits0References14

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by