4 matches found
CVE-2026-55448 mise: Local credential_command executes untrusted config
mise manages dev tools like node, python, cmake, and terraform. From 2026.3.15 until 2026.6.4, mise loads github.credentialcommand from local project config before any trust decision, then executes that value with sh -c when resolving a GitHub token. An attacker who can place a .mise.toml in a...
CVE-2026-9758
Improper comparison with the certificates trusted list in S2OPC allows an attacker well-formed untrusted certificate to be considered trusted...
How Public Container Registries Have Become a Silent Risk Multiplier in a Modern Supply Chain
Key Takeaways Pulling container images from public registries is a trust decision, not a neutral operational step. The impact extends to infrastructure stability, cloud spend, and security risk. Cryptomining is the most common form of malicious abuse in public container images, driven by the ease...
golang: net/mail: comments in display names are incorrectly handled
A flaw was found in Go's net/mail standard library package. The ParseAddressList function incorrectly handles comments text within parentheses within display names. Since this is a misalignment with conforming address parsers, it can result in different trust decisions made by programs using...