Lucene search
+L

211 matches found

NVD
NVD
added 4 days ago6 views

CVE-2026-50562

FastGPT is a knowledge-based AI application platform. At commit 22ebfacbb43311e9b73294040ae0eb87390c6bba and earlier, artifacts built from untrusted pull request code in .github/workflows/preview-docs-build.yml and .github/workflows/preview-fastgpt-build.yml can be downloaded by privileged...

9.3CVSS0.00151EPSS
Exploits0References1
EUVD
EUVD
added 4 days ago5 views

EUVD-2026-44749

FastGPT is a knowledge-based AI application platform. At commit 22ebfacbb43311e9b73294040ae0eb87390c6bba and earlier, artifacts built from untrusted pull request code in .github/workflows/preview-docs-build.yml and .github/workflows/preview-fastgpt-build.yml can be downloaded by privileged...

9.3CVSS6.1AI score0.00151EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 4 days ago4 views

CVE-2026-50562

FastGPT is a knowledge-based AI application platform. At commit 22ebfacbb43311e9b73294040ae0eb87390c6bba and earlier, artifacts built from untrusted pull request code in .github/workflows/preview-docs-build.yml and .github/workflows/preview-fastgpt-build.yml can be downloaded by privileged...

9.3CVSS6.1AI score0.00151EPSS
Exploits0References2
Cvelist
Cvelist
added 4 days ago33 views

CVE-2026-50562 FastGPT: Untrusted PR artifacts are pushed and deployed by privileged preview workflows

FastGPT is a knowledge-based AI application platform. At commit 22ebfacbb43311e9b73294040ae0eb87390c6bba and earlier, artifacts built from untrusted pull request code in .github/workflows/preview-docs-build.yml and .github/workflows/preview-fastgpt-build.yml can be downloaded by privileged...

9.3CVSS0.00151EPSS
Exploits0References1
CVE
CVE
added 4 days ago5 views

CVE-2026-50562

CVE-2026-50562 describes a supply-chain risk in FastGPT where, at commit 22ebfacbb43311e9b73294040ae0eb87390c6bba and earlier, artifacts built from untrusted PR code in .github/workflows/preview-docs-build.yml and .github/workflows/preview-fastgpt-build.yml can be downloaded by privileged workflo...

9.3CVSS6.1AI score0.00151EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/07/01 8:42 p.m.10 views

Important: Red Hat Security Advisory: Technical preview of the satellite/iop-vmaas-rhel9 container image

A new satellite/iop-vmaas-rhel9 container image is now available as a technical preview in the Red Hat container registry. Red Hat Lightspeed in Satellite analyzes system health and configuration by applying predefined rules to a small set of local data, such as installed packages, running...

8.9CVSS6.7AI score0.01438EPSS
Exploits2References8
RedHat Linux
RedHat Linux
added 2026/07/01 8:42 p.m.18 views

Important: Red Hat Security Advisory: Technical preview of the satellite/iop-vulnerability-frontend-rhel9 container image

A new satellite/iop-vulnerability-frontend-rhel9 container image is now available as a technical preview in the Red Hat container registry. Red Hat Lightspeed in Satellite analyzes system health and configuration by applying predefined rules to a small set of local data, such as installed package...

8.7CVSS7.3AI score0.01041EPSS
Exploits3References8
RedHat Linux
RedHat Linux
added 2026/06/16 8:53 a.m.12 views

Moderate: Red Hat Security Advisory: General availability of the satellite/iop-yuptoo-rhel9 container image

A new satellite/iop-yuptoo-rhel9 container image is now generally available in the Red Hat container registry. Red Hat Lightspeed in Satellite analyzes system health and configuration by applying predefined rules to a small set of local data, such as installed packages, running services, and...

8.2CVSS5.2AI score0.00527EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/06/05 7:34 p.m.11 views

CVE-2026-1338

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.10 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user with developer-role permissions to delete protected container registry tags due to improper authorization...

4.3CVSS5.5AI score0.0019EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2026/05/29 12:0 a.m.6 views

The vulnerability of the access control model for the container registry in the Git repository management system Gitea allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the access control model for the container registry in the Git repository management system Gitea is related to the lack of authentication for the critical function. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to...

7.8CVSS6.1AI score0.40738EPSS
Exploits1References8Affected Software1
GithubExploit
GithubExploit
added 2026/05/27 3:54 p.m.204 views

Exploit for CVE-2026-27771

CVE-2026-27771 — Gitea Container Registry Auth Bypass CVSS:...

6AI score0.40738EPSS
Exploits1
NVD
NVD
added 2026/05/22 8:16 p.m.22 views

CVE-2026-5817

The vllm-metal inference backend in Docker Model Runner on macOS unconditionally sets trustremotecode=True when loading model tokenizers, and runs without sandboxing. This causes transformers.AutoTokenizer.frompretrained to import and execute arbitrary Python files included in any model pulled fr...

8.8CVSS0.00224EPSS
Exploits1References1
CVE
CVE
added 2026/05/22 7:24 p.m.38 views

CVE-2026-5817

CVE-2026-5817 affects the vllm-metal backend used by Docker Model Runner on macOS. The backend loads model tokenizers with trust_remote_code=True, causing transformers.AutoTokenizer.from_pretrained() to import and execute arbitrary Python files from models pulled from an OCI registry. This can en...

8.8CVSS6.5AI score0.00224EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/22 12:0 a.m.23 views

PT-2026-42830

Name of the Vulnerable Software and Affected Versions Docker Model Runner on macOS affected versions not specified Description The vllm-metal inference backend unconditionally sets trust remote code=True when loading model tokenizers and operates without sandboxing. This allows the...

8.8CVSS6.4AI score0.00224EPSS
Exploits1References5
OSV
OSV
added 2026/05/20 7:7 p.m.9 views

GO-2026-5008 MCP Registry: OCI validator skips ownership check on upstream rate limits in github.com/modelcontextprotocol/registry

MCP Registry: OCI validator skips ownership check on upstream rate limits in github.com/modelcontextprotocol/registry...

3.5CVSS5.8AI score0.00206EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/19 3:39 p.m.12 views

MCP Registry: OCI validator skips ownership check on upstream rate limits

OCI ownership validation fails open on upstream rate limits, allowing attacker to claim arbitrary public OCI images under their own namespace Severity: Low re-scored post-triage; see Maintainer triage note below Affected: modelcontextprotocol/registry main branch at commit fe0cb3b current HEAD as...

3.5CVSS6AI score0.00206EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/05/18 6:9 a.m.10 views

BIT-GITLAB-2026-1338 Authorization Bypass Through User-Controlled Key in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.10 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user with developer-role permissions to delete protected container registry tags due to improper authorization...

4.3CVSS5.8AI score0.0019EPSS
Exploits0References4
NCSC
NCSC
added 2026/05/15 9:27 a.m.69 views

Vulnerabilities are handled in GitLab through GitLab Inc.

GitLab Inc. has addressed several vulnerabilities in GitLab Community Edition CE and Enterprise Edition EE in various versions, particularly in releases from version 8.3 to 18.11.3. These vulnerabilities concern various components and functions within GitLab, including Jira integration, container...

8.7CVSS5.8AI score0.00355EPSS
Exploits1References1
OSV
OSV
added 2026/05/14 6:16 p.m.8 views

UBUNTU-CVE-2026-41888

Distribution is a toolkit to pack, ship, store, and deliver container content. Prior to 3.1.1, tag deletion via the DELETE /v2//manifests/ endpoint bypasses the storage.delete.enabled: false configuration, allowing any API client to remove tags from repositories even when the operator has...

6.5CVSS5.8AI score0.00294EPSS
Exploits1References3
OSV
OSV
added 2026/05/14 4:53 p.m.2 views

CVE-2026-41888 Distribution: Tag deletion bypasses `storage.delete.enabled` configuration

Distribution is a toolkit to pack, ship, store, and deliver container content. Prior to 3.1.1, tag deletion via the DELETE /v2//manifests/ endpoint bypasses the storage.delete.enabled: false configuration, allowing any API client to remove tags from repositories even when the operator has...

6.3CVSS6.6AI score0.00294EPSS
Exploits1References3
Rows per page
Query Builder