3 matches found
CVE-2026-39395
Cosign provides code signing and transparency for containers and binaries. Prior to 3.0.6 and 2.6.3, cosign verify-blob-attestation may erroneously report a "Verified OK" result for attestations with malformed payloads or mismatched predicate types. For old-format bundles and detached signatures,...
Amazon Linux 2 : runfinch-finch, --advisory ALAS2DOCKER-2026-097 (ALASDOCKER-2026-097)
The version of runfinch-finch installed on the remote host is prior to 1.14.1-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2DOCKER-2026-097 advisory. net/http: memory exhaustion in Request.ParseForm CVE-2025-61726 archive/zip: denial of service when parsing...
Improper Verification of Cryptographic Signature
Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature in the matchSignatures function in cosign.go, which does not check for subjectRegExp or issuerRegExp values during artifact signature verification. An attacker can deploy unauthorized...