CVE-2026-48501

GitHub CLI gh is GitHub’s official command line tool. Prior to 2.93.0, GitHub CLI incorrectly includes authorization header in API requests to TUF repository mirrors via gh attestation, gh release verify, and gh release verify-asset commands. The CLI uses a shared HTTP client with an authenticati...

starknet-staking_audit1

Markdown https://dev.to/rdin777/starknet-btc-staking-how-to-ext...

EVE Doesn't Measure Config Partition From 2 Fronts

Impact PCR14 is not included in the list of PCRs that seal/unseal the vault key. Additionally, the vault key uses SHA1 PCRs instead of SHA256. Thus an attacker with physical access can take out the disk, use a different computer to modify the files in the /config partition, and re-insert the disk...

Evervault Go SDK: Incomplete PCR Validation in Enclave Attestation for non-Evervault hosted Enclaves

Summary A vulnerability was identified in the evervault-go SDK’s attestation verification logic that may allow incomplete documents to pass validation. This may cause the client to trust an enclave operator that does not meet expected integrity guarantees. The exploitability of this issue is...

SUSE-SU-2022:4204-1 Security update for keylime

This update for keylime fixes the following issues: - CVE-2022-3500: Fixed vulnerability where a node seems as attested when in reality it is not properly attested bsc1204782...

The vulnerability of the OpenAttestation agent, related to errors in the implementation of the host attestation process, allows a violator to disclose the protected information.

The vulnerability of the OpenAttestation technology is related to errors in the process of hosting attestation. Exploiting this vulnerability can allow attackers to disclose the protected information...