Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

SUSE CVE
SUSE CVEadded 2026/01/24 12:24 a.m.2 views

SUSE CVE-2026-23831

Rekor is a software supply chain transparency log. In versions 1.4.3 and below, the entry implementation can panic on attacker-controlled input when canonicalizing a proposed entry with an empty spec.message, causing nil Pointer Dereference. Function validate returns nil success when message is...

5.3CVSS5.4AI score0.00019EPSS
Exploits0References4
Wolfi
Wolfiadded 2026/01/23 1:48 p.m.4 views

CVE-2026-23992 vulnerabilities

Vulnerabilities for packages: falcoctl, rekor, flux-source-controller, buildkitd, spire-server, policy-controller, tkn, witness, neuvector-sigstore-interface, ko, vexctl, teleport, slsa-verifier, kubescape, goreleaser, aactl, crossplane, kyverno-notation-aws, sigstore-scaffolding, zarf, gitsign,...

7.5CVSS5.4AI score0.00011EPSS
Exploits0
Wolfi
Wolfiadded 2026/01/23 1:48 p.m.2 views

GHSA-FPHV-W9FQ-2525 vulnerabilities

Vulnerabilities for packages: falcoctl, rekor, flux-source-controller, buildkitd, spire-server, policy-controller, tkn, witness, neuvector-sigstore-interface, ko, vexctl, teleport, slsa-verifier, kubescape, goreleaser, aactl, crossplane, kyverno-notation-aws, sigstore-scaffolding, zarf, gitsign,...

5.4AI score
Exploits0
OSV
OSVadded 2026/01/22 10:16 p.m.2 views

UBUNTU-CVE-2026-23831

Rekor is a software supply chain transparency log. In versions 1.4.3 and below, the entry implementation can panic on attacker-controlled input when canonicalizing a proposed entry with an empty spec.message, causing nil Pointer Dereference. Function validate returns nil success when message is...

5.3CVSS7.2AI score0.00019EPSS
Exploits0References5
Debian CVE
Debian CVEadded 2026/01/22 9:26 p.m.6 views

CVE-2026-23831

Rekor is a software supply chain transparency log. In versions 1.4.3 and below, the entry implementation can panic on attacker-controlled input when canonicalizing a proposed entry with an empty spec.message, causing nil Pointer Dereference. Function validate returns nil success when message is...

5.3CVSS8.1AI score0.00019EPSS
Exploits0
Cvelist
Cvelistadded 2026/01/10 6:11 a.m.21 views

CVE-2026-22703 Cosign verification accepts any valid Rekor entry under certain conditions

Cosign provides code signing and transparency for containers and binaries. Prior to versions 2.6.2 and 3.0.4, Cosign bundle can be crafted to successfully verify an artifact even if the embedded Rekor entry does not reference the artifact's digest, signature or public key. When verifying a Rekor...

5.5CVSS0.00006EPSS
Exploits1References3
SUSE CVE
SUSE CVEadded 2023/05/30 2:22 a.m.2 views

SUSE CVE-2023-33199

Rekor's goals are to provide an immutable tamper resistant ledger of metadata generated within a software projects supply chain. A malformed proposed entry of the intoto/v0.0.2 type can cause a panic on a thread within the Rekor process. The thread is recovered so the client receives a 500 error...

5.3CVSS6.9AI score0.00148EPSS
Exploits0References4
Rows per page
Query Builder