Lucene search
K

4 matches found

OSV
OSV
added 2026/06/26 4:46 p.m.5 views

CVE-2026-55448 mise: Local credential_command executes untrusted config

mise manages dev tools like node, python, cmake, and terraform. From 2026.3.15 until 2026.6.4, mise loads github.credentialcommand from local project config before any trust decision, then executes that value with sh -c when resolving a GitHub token. An attacker who can place a .mise.toml in a...

6.3CVSS6.2AI score0.00159EPSS
Exploits0References3
NVD
NVD
added 2026/06/10 2:16 p.m.12 views

CVE-2026-9758

Improper comparison with the certificates trusted list in S2OPC allows an attacker well-formed untrusted certificate to be considered trusted...

7.3CVSS0.00119EPSS
Exploits0References1
Qualys Blog
Qualys Blog
added 2026/01/22 4:0 p.m.17 views

How Public Container Registries Have Become a Silent Risk Multiplier in a Modern Supply Chain

Key Takeaways Pulling container images from public registries is a trust decision, not a neutral operational step. The impact extends to infrastructure stability, cloud spend, and security risk. Cryptomining is the most common form of malicious abuse in public container images, driven by the ease...

6.1AI score
Exploits0
RedHat Linux
RedHat Linux
added 2024/06/27 1:6 p.m.5 views

golang: net/mail: comments in display names are incorrectly handled

A flaw was found in Go's net/mail standard library package. The ParseAddressList function incorrectly handles comments text within parentheses within display names. Since this is a misalignment with conforming address parsers, it can result in different trust decisions made by programs using...

7.5CVSS7.3AI score0.01042EPSS
Exploits0References4
Rows per page
Query Builder