CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 4 days ago•12 views

CVE-2026-49135

CVE-2026-49135 affects CodexBar up to version 0.31.x (before 0.32.0). The issue is insecure temporary file handling in the notarization workflow, enabling a local attacker with access to the same host to read the App Store Connect API key written to a fixed path, pre-create files or symlinks to r...

Cvelist•added 4 days ago•21 views

CVE-2026-49135 CodexBar < 0.32.0 Insecure Temporary File Handling in Notarization Workflow

7.2CVSS0.00023EPSS

EUVD•added 4 days ago•9 views

EUVD-2026-33751

Vulnrichment•added 4 days ago•5 views

CVE-2026-49135 CodexBar < 0.32.0 Insecure Temporary File Handling in Notarization Workflow

ATTACKERKB•added 4 days ago•8 views

CVE-2026-49135

Positive Technologies•added 4 days ago•10 views

PT-2026-45558

The Hacker News•added 2026/04/13 6:50 a.m.•6 views

OpenAI Revokes macOS App Certificate After Malicious Axios Supply Chain Incident

OpenAI revealed a GitHub Actions workflow used to sign its macOS apps led to the download of the malicious Axios library on March 31, but noted that no user data or internal system was compromised. "Out of an abundance of caution, we are taking steps to protect the process that certifies our macO...

9.4CVSS6.2AI score0.23896EPSS

Exploits2

SUSE CVE•added 2026/03/25 12:24 a.m.•2 views

SUSE CVE-2026-31959

Quill provides simple mac binary signing and notarization from any platform. Quill before version v0.7.1 contains a Server-Side Request Forgery SSRF vulnerability when attempting to fetch the Apple notarization submission logs. Exploitation requires the ability to modify API responses from Apple'...

5.3CVSS6AI score0.0002EPSS

Exploits0References3

SUSE CVE•added 2026/03/25 12:24 a.m.•3 views

SUSE CVE-2026-31960

Quill provides simple mac binary signing and notarization from any platform. Quill before version v0.7.1 has unbounded reads of HTTP response bodies during the Apple notarization process. Exploitation requires the ability to modify API responses from Apple's notarization service, which is not...

5.3CVSS5.9AI score0.00017EPSS

Exploits0References3

OSV•added 2026/03/12 8:57 p.m.•1 views

GO-2026-4671 Quill vulnerable to SSRF via unvalidated URL from Apple notarization log retrieval in github.com/anchore/quill

Quill vulnerable to SSRF via unvalidated URL from Apple notarization log retrieval in github.com/anchore/quill...

5.3CVSS5.8AI score0.0002EPSS

OSV•added 2026/03/12 8:57 p.m.•0 views

GO-2026-4672 Quill has DoS via unbounded read of HTTP response body during notarization in github.com/anchore/quill

Quill has DoS via unbounded read of HTTP response body during notarization in github.com/anchore/quill...

5.3CVSS5.8AI score0.00017EPSS

Snyk•added 2026/03/11 8:40 p.m.•0 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via unvalidated URL from Apple notarization log retrieval due to a lack of validation on URLs provided in API responses. An attacker can cause the client to send HTTP or HTTPS requests to arbitrary or...

6CVSS5.9AI score0.0002EPSS

Snyk•added 2026/03/11 8:40 p.m.•2 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via an unbounded read of the HTTP response body during notarization. An attacker can exhaust system memory and cause a crash by supplying a maliciously large HTTP response body if the...

6CVSS5.8AI score0.00017EPSS

Snyk•added 2026/03/11 8:40 p.m.•3 views

Allocation of Resources Without Limits or Throttling

6CVSS5.8AI score0.00017EPSS

Snyk•added 2026/03/11 8:40 p.m.•2 views

Allocation of Resources Without Limits or Throttling

6CVSS5.8AI score0.00017EPSS