CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 6 days ago•6 views

MAL-2026-5068 Malicious code in evmchain-cli (npm)

5.8AI score

OSV•added 6 days ago•5 views

UBUNTU-CVE-2026-48501

GitHub CLI gh is GitHub’s official command line tool. Prior to 2.93.0, GitHub CLI incorrectly includes authorization header in API requests to TUF repository mirrors via gh attestation, gh release verify, and gh release verify-asset commands. The CLI uses a shared HTTP client with an authenticati...

OSV•added 6 days ago•4 views

GHSA-8XVP-7HJ6-MCJ9 GitHub CLI has an incorrect authorization header in API requests to TUF repository mirrors via `gh attestation`, `gh release verify`, and `gh release verify-asset` commands

Summary GitHub CLI incorrectly includes an authorization header in API requests to TUF repository mirrors via gh attestation, gh release verify, and gh release verify-asset commands. Affected users: - Authenticated github.com users who previously ran gh attestation commands, gh release verify, or...

7.4CVSS5.9AI score0.00038EPSS

Github Security Blog•added 6 days ago•11 views

GitHub CLI has an incorrect authorization header in API requests to TUF repository mirrors via `gh attestation`, `gh release verify`, and `gh release verify-asset` commands

9.1CVSS5.9AI score0.00038EPSS

Exploits0References3Affected Software1

Vulnrichment•added 6 days ago•4 views

CVE-2026-48501 GitHub CLI tokens leak via `gh attestation` commands

Debian CVE•added 6 days ago•7 views

CVE-2026-48501

9.1CVSS5.8AI score0.00038EPSS

Exploits0

CVE•added 6 days ago•11 views

CVE-2026-48501

GitHub CLI (gh) prior to 2.93.0 contains a token leakage vulnerability: a shared HTTP client with an authentication layer attaches user tokens to outgoing requests without proper host detection. The host normalization collapses any *.github.com subdomain to github.com, causing requests to tuf-rep...

9.1CVSS5.8AI score0.00038EPSS

Exploits0References1Affected Software1

Cvelist•added 6 days ago•26 views

CVE-2026-48501 GitHub CLI tokens leak via `gh attestation` commands

7.4CVSS0.00038EPSS

ATTACKERKB•added 6 days ago•4 views

CVE-2026-48501

Exploits0References2Affected Software1

OSV•added 6 days ago•1 views

OPENSUSE-SU-2026:20841-1 Security update for apache-commons-lang3, apache-commons-text, apache-commons-configuration2, apache-commons-cli, apache-commons-io, apache-commons-codec

This update for apache-commons-lang3, apache-commons-text, apache-commons-configuration2, apache-commons-cli, apache-commons-io, apache-commons-codec fixes the following issues: Changes in apache-commons-lang3: Update to 3.20.0 New features: + Add SystemProperties.getPathString, Supplier + Add...

5.3CVSS6.5AI score0.00129EPSS

OSV•added 6 days ago•2 views

OPENSUSE-SU-2026:10894-1 kpt-cli-1.0.0~beta.64-1.1 on GA media

These are all security issues fixed in the kpt-cli-1.0.0beta.64-1.1 package on the GA media of openSUSE Tumbleweed...

9.8CVSS7.1AI score0.00022EPSS

Positive Technologies•added 6 days ago•5 views

PT-2026-45054

Summary PraisonAI's direct-prompt CLI automatically expands @url: mentions in raw prompt text before agent execution begins. If a prompt contains @url:, the CLI calls MentionsParser.process.... The @url: handler then performs a direct urllib.request.urlopen request to the attacker-controlled URL...

5.5CVSS5.9AI score

OSV•added 6 days ago•5 views

OPENSUSE-SU-2026:10888-1 argocd-cli-3.4.3-1.1 on GA media

These are all security issues fixed in the argocd-cli-3.4.3-1.1 package on the GA media of openSUSE Tumbleweed...

6.1CVSS5.8AI score0.00013EPSS

Exploits1References1

CNNVD•added 6 days ago•6 views

GitHub CLI 安全漏洞

GitHub CLI is an open-source command-line interface for GitHub. Prior to version 2.93.0 of GitHub CLI, there was a security vulnerability. This vulnerability stemmed from incorrect authorization headers in API requests to the TUF repository via the gh attestation, gh release verify, and gh releas...

Positive Technologies•added 6 days ago•8 views

PT-2026-45033

Impact A Remote Code Execution RCE vulnerability was discovered in Ouroboros. If a user clones a malicious repository and runs Ouroboros commands within that directory, it can lead to arbitrary code execution and potential system takeover. The vulnerability CWE-426: Untrusted Search Path & CWE-15...

8.6CVSS6.4AI score

Exploits0References5

Positive Technologies•added 6 days ago•5 views

PT-2026-44905

OSV•added last week•8 views

Exploits0References2

MAL-2026-4862 Malicious code in veloxml-cli (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 57a2b332595fb95752df25e794528ff2dd610bf3977b8d4abd7574cb0f21cdff The package advertises fake functionality and exfiltrates the given email and basic information about the host when used. --- Category: MALICIOUS - The campaig...

5.9AI score

OSSF Malicious Packages•added last week•9 views

Malicious code in veloxml-cli (PyPI)

5.9AI score