CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

106 matches found

Tenable Nessus•added 2026/06/14 12:0 a.m.•6 views

SUSE SLED15 / SLES15 Security Update : cosign (SUSE-SU-2026:2365-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:2365-1 advisory. This update for cosign fixes the following issue - CVE-2026-39395: Incorrect attestation verification due to malformed...

5.3CVSS5.4AI score0.00241EPSS

Exploits0References4

OSV•added 2026/06/11 7:58 a.m.•12 views

SUSE-SU-2026:2365-1 Security update for cosign

This update for cosign fixes the following issue - CVE-2026-39395: Incorrect attestation verification due to malformed payloads or mismatched predicate types bsc1261859. Changes for cosign: - update to 3.0.6: Fix DSSE predicate check GHSA-w6c6-c85g-mmv6 4801 Handle whitespace-only certificate...

5.3CVSS5.4AI score0.00241EPSS

Exploits0References3

Github Security Blog•added 2026/05/08 10:24 p.m.•6 views

in-toto-golang and in-toto-python have inconsistent negation behavior

Impact What kind of vulnerability is it? Who is impacted? in-toto-golang and in-toto-python both support glob patterns in artifact rules to indicate the artifacts that a rule applies to. Both support negations in character classes to indicate what should not be matched, but they used different...

5.8AI score

Exploits0References4Affected Software1

OSV•added 2026/05/08 10:24 p.m.•0 views

GHSA-PMWQ-PJRM-6P5R in-toto-golang and in-toto-python have inconsistent negation behavior

4.1CVSS5.8AI score

Exploits0References4

Snyk•added 2026/05/08 10:24 p.m.•4 views

Improper Handling of Inconsistent Special Elements

Overview Affected versions of this package are vulnerable to Improper Handling of Inconsistent Special Elements due to inconsistent handling of negation operators in glob pattern processing. An attacker can cause unintended rule matching or bypass intended restrictions by crafting layouts that ar...

1.9CVSS5.8AI score

Exploits0References2

Positive Technologies•added 2026/04/23 12:0 a.m.•5 views

PT-2026-34674

An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557 B20221024 allowing attackers to execute arbitrary commands via the stun-user parameter to /cgi-bin/cstecgi.cgi...

6.5CVSS6.1AI score0.00279EPSS

Exploits1References2

CVE•added 2026/04/23 12:0 a.m.•7 views

CVE-2026-31167

CVE-2026-31167 affects ToToLink A3300R firmware v17.0.0cu.557_B20221024. The issue is arbitrary commands execution via the mode parameter to /cgi-bin/cstecgi.cgi. Reported CVSS 3.1 base score 6.5 (Network, low complexity, no privileges required, user interaction not required). The connected sourc...

6.5CVSS6.1AI score0.00279EPSS

Exploits1References1Affected Software1

CVE•added 2026/04/23 12:0 a.m.•8 views

CVE-2026-31177

The CVE-2026-31177 entry affects ToToLink A3300R firmware (example: v17.0.0cu.557_B20221024). The root cause is an input handling flaw in the stunMinAlive parameter passed to /cgi-bin/cstecgi.cgi, enabling an attacker to execute arbitrary commands. Impact is high (remote, unauthenticated network ...

9.8CVSS6.1AI score0.00599EPSS

Exploits1References1Affected Software1

Positive Technologies•added 2026/04/23 12:0 a.m.•5 views

PT-2026-34676

An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557 B20221024 allowing attackers to execute arbitrary commands via the stunMaxAlive parameter to /cgi-bin/cstecgi.cgi...

9.8CVSS6.1AI score0.00578EPSS

Exploits1References2

EUVD•added 2026/03/11 12:24 a.m.•2 views

EUVD-2026-10932

sigstore-ruby verifier returns success for DSSE bundles with mismatched in-toto subject digest...

7.5CVSS5.8AI score0.00217EPSS

Exploits0References1

EUVD•added 2026/03/11 12:24 a.m.•4 views

EUVD-2026-10933

sigstore-ruby verifier returns success for DSSE bundles with mismatched in-toto subject digest...

7.5CVSS5.8AI score0.00217EPSS

Exploits0References1

OSV•added 2026/03/11 12:24 a.m.•3 views

GHSA-MHG6-2Q2V-9H2C sigstore-ruby verifier returns success for DSSE bundles with mismatched in-toto subject digest

Summary Sigstore::Verifierverify does not propagate the VerificationFailure returned by verifyintoto when the artifact digest does not match the digest in the in-toto attestation subject. As a result, verification of DSSE bundles containing in-toto statements returns VerificationSuccess regardles...

7.5CVSS6AI score0.00217EPSS

Exploits0References4

Github Security Blog•added 2026/03/11 12:24 a.m.•8 views

sigstore-ruby verifier returns success for DSSE bundles with mismatched in-toto subject digest

7.5CVSS6AI score0.00217EPSS

Exploits0References4Affected Software1

Snyk•added 2026/03/11 12:24 a.m.•3 views

Unchecked Return Value

Overview Affected versions of this package are vulnerable to Unchecked Return Value due to improper handling of the return value from the verifyintoto function. An attacker can cause the verification process to incorrectly indicate success for DSSE bundles with mismatched in-toto subject digests ...

8.7CVSS5.8AI score0.00217EPSS

Exploits0References2

RubySec•added 2026/03/11 12:0 a.m.•11 views

sigstore-ruby verifier returns success for DSSE bundles with mismatched in-toto subject digest

7.5CVSS6AI score0.00217EPSS

Exploits0References1Affected Software1

NVD•added 2026/03/10 10:16 p.m.•5 views

CVE-2026-31830

sigstore-ruby is a pure Ruby implementation of the sigstore verify command from the sigstore/cosign project. Prior to 0.2.3, Sigstore::Verifierverify does not propagate the VerificationFailure returned by verifyintoto when the artifact digest does not match the digest in the in-toto attestation...

7.5CVSS0.00217EPSS

Exploits0References1