CVE-2026-33697

CVE-2026-33697 affects CoCoS’ attested TLS (aTLS) across v0.4.0–v0.8.2 on AMD SEV-SNP and Intel TDX. An attacker who can extract the ephemeral TLS private key used during intra-handshake attestation can relay or divert an attested TLS session because the attestation evidence is bound to the ephem...

GHSA-J4JW-M6XR-FV6C Soft Serve vulnerable to path traversal attacks

Impact Path traversal attack gives access to existing non-admin users to access and take over other user's repositories. A malicious user then can modify, delete, and arbitrarily repositories as if they were an admin user without explicitly giving them permissions. Patches This is patched in v0.8...

CVE-2024-51997

Trustee is a set of tools and components for attesting confidential guests and providing secrets to them. The ART Attestation Results Token token, generated by AS, could be manipulated by MITM attacker, but the verifier CoCo Verification Demander like KBS could still verify it successfully. In th...

webbrowser-rs allows attackers to access arbitrary files via supplying a crafted URL

An issue in the IpFile argument of rust-lang webbrowser-rs v0.8.2 allows attackers to access arbitrary files via supplying a crafted URL...

CVE-2022-45299

An issue in the IpFile argument of rust-lang webbrowser-rs v0.8.2 allows attackers to access arbitrary files via supplying a crafted URL...

CVE-2022-46146 Prometheus Exporter Toolkit vulnerable to basic authentication bypass

Prometheus Exporter Toolkit is a utility package to build exporters. Prior to versions 0.7.2 and 0.8.2, if someone has access to a Prometheus web.yml file and users' bcrypted passwords, they can bypass security by poisoning the built-in authentication cache. Versions 0.7.2 and 0.8.2 contain a fix...