CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Packet Storm News•added 3 days ago•2 views

Dstack-Capsule: Pod-Level Remote Attestation for Confidential Workloads on Kubernetes

The rise of LLM-as-a-Service and other confidential cloud workloads demands cryptographic proof that user data is processed in a trusted, untampered environment. Existing solutions, notably Confidential Containers CoCo, enforce a strict "one Pod per VM" model that attests only the Guest OS stack,...

5.8AI score

Exploits0

SUSE CVE•added 5 days ago•13 views

SUSE CVE-2026-48501

GitHub CLI gh is GitHub's official command line tool. Prior to 2.93.0, GitHub CLI incorrectly includes authorization header in API requests to TUF repository mirrors via gh attestation, gh release verify, and gh release verify-asset commands. The CLI uses a shared HTTP client with an authenticati...

9.1CVSS5.8AI score0.0005EPSS

NVD•added last week•16 views

CVE-2026-48501

GitHub CLI gh is GitHub’s official command line tool. Prior to 2.93.0, GitHub CLI incorrectly includes authorization header in API requests to TUF repository mirrors via gh attestation, gh release verify, and gh release verify-asset commands. The CLI uses a shared HTTP client with an authenticati...

9.1CVSS0.0005EPSS

OSV•added last week•5 views

UBUNTU-CVE-2026-48501

OSV•added 2026/05/29 3:30 p.m.•6 views

GHSA-8XVP-7HJ6-MCJ9 GitHub CLI has an incorrect authorization header in API requests to TUF repository mirrors via `gh attestation`, `gh release verify`, and `gh release verify-asset` commands

Summary GitHub CLI incorrectly includes an authorization header in API requests to TUF repository mirrors via gh attestation, gh release verify, and gh release verify-asset commands. Affected users: - Authenticated github.com users who previously ran gh attestation commands, gh release verify, or...

7.4CVSS5.9AI score0.0005EPSS

Github Security Blog•added 2026/05/29 3:30 p.m.•12 views

GitHub CLI has an incorrect authorization header in API requests to TUF repository mirrors via `gh attestation`, `gh release verify`, and `gh release verify-asset` commands

9.1CVSS5.9AI score0.0005EPSS

Exploits0References3Affected Software1

EUVD•added 2026/05/29 3:14 p.m.•8 views

EUVD-2026-33340

Vulnrichment•added 2026/05/29 3:14 p.m.•8 views

CVE-2026-48501 GitHub CLI tokens leak via `gh attestation` commands

CVE•added 2026/05/29 3:14 p.m.•13 views

CVE-2026-48501

GitHub CLI (gh) prior to 2.93.0 contains a token leakage vulnerability: a shared HTTP client with an authentication layer attaches user tokens to outgoing requests without proper host detection. The host normalization collapses any *.github.com subdomain to github.com, causing requests to tuf-rep...

9.1CVSS5.8AI score0.0005EPSS

Exploits0References1Affected Software1

ATTACKERKB•added 2026/05/29 3:14 p.m.•5 views

CVE-2026-48501

Exploits0References2Affected Software1

Cvelist•added 2026/05/29 3:14 p.m.•29 views

CVE-2026-48501 GitHub CLI tokens leak via `gh attestation` commands

7.4CVSS0.0005EPSS

CNNVD•added 2026/05/29 12:0 a.m.•7 views

GitHub CLI 安全漏洞

GitHub CLI is an open-source command-line interface for GitHub. Prior to version 2.93.0 of GitHub CLI, there was a security vulnerability. This vulnerability stemmed from incorrect authorization headers in API requests to the TUF repository via the gh attestation, gh release verify, and gh releas...

Packet Storm News•added 2026/05/13 12:0 a.m.•5 views

Insecure Despite Proven Updated: Extracting the Root VCEK Seed on EPYC Milan Via a Software-Only Attack

In the official whitepaper of Secure Encrypted Virtualization with Secure Nested Paging SEV-SNP, AMD explicitly emphasizes the capability to prevent Trusted Computing Base TCB rollback attacks. Cryptographically, this is realized by signing attestation reports with the Versioned Chip Endorsement...

6.2AI score

Exploits0

OSV•added 2026/05/11 2:42 p.m.•0 views

GHSA-Q8W6-W55C-CCV5 Keylime has a hardcoded attestation challenge nonce that allows replay attacks

CVE-2026-6420: Hardcoded attestation challenge nonce allows replay attacks Impact The CertificationParameters.generatechallenge method in the push attestation protocol uses a hardcoded challenge nonce instead of generating a cryptographically random value. This removes the nonce-based replay...

6.3CVSS5.8AI score0.00016EPSS

Exploits0References5

Github Security Blog•added 2026/05/11 2:42 p.m.•6 views

Keylime has a hardcoded attestation challenge nonce that allows replay attacks

6.3CVSS5.8AI score0.00016EPSS

Exploits0References5Affected Software1

Snyk•added 2026/05/08 10:24 p.m.•3 views

Improper Handling of Inconsistent Special Elements

Overview Affected versions of this package are vulnerable to Improper Handling of Inconsistent Special Elements due to inconsistent handling of negation operators in glob pattern processing. An attacker can cause unintended rule matching or bypass intended restrictions by crafting layouts that ar...

1.9CVSS5.8AI score

Exploits0References2

SUSE CVE•added 2026/05/07 2:23 a.m.•2 views

SUSE CVE-2026-6420

A flaw was found in Keylime. An attacker with root access on an enrolled monitored machine, where the Keylime agent runs, can exploit a vulnerability in the Keylime verifier. The verifier uses a hardcoded challenge nonce for Trusted Platform Module TPM quote attestation instead of a...

6.3CVSS5.8AI score0.00016EPSS