CVE-2026-22703

Cosign provides code signing and transparency for containers and binaries. Prior to versions 2.6.2 and 3.0.4, Cosign bundle can be crafted to successfully verify an artifact even if the embedded Rekor entry does not reference the artifact's digest, signature or public key. When verifying a Rekor...

CVE-2026-22703

Cosign provides code signing and transparency for containers and binaries. Prior to versions 2.6.2 and 3.0.4, Cosign bundle can be crafted to successfully verify an artifact even if the embedded Rekor entry does not reference the artifact's digest, signature or public key. When verifying a Rekor...

Exploit for Deserialization of Untrusted Data in Facebook React

react2shellburp CVE-2025-55182 Burp Suite extension for ide...

Protobuf Maven Plugin protocDigest is ignored when using protoc from PATH

Summary The expected protocDigest is ignored when protoc is taken from the PATH. Details The documentation for the protocDigest parameter says: ... Users may wish to specify this if using a PATH-based binary ... However, when specifying PATH the protocDigest is not actually checked because the co...

sudo security, bug fix, and enhancement update

1.8.6p7-20 - RHEL 7.3 erratum - fixed visudo's -q flag Resolves: rhbz1350828 1.8.6p7-19 - RHEL 7.3 erratum - removed INPUTRC from envkeep to prevent a potential info leak Resolves: rhbz1340700 1.8.6p7-18 - RHEL 7.3 erratum - removed requiretty flag from the default sudoers policy - backported...