Linux Distros Unpatched Vulnerability : CVE-2026-5223

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cargo incorrectly handled symlinks inside of crate tarballs downloaded from third-party registries, allowing a malicious crate to override the source code of...

ROS-20260526-73-0016

Vulnerability in the registry related to flaws in the authorization mechanism. Exploitation of the vulnerability may allow a remote intruder to gain unauthorized access to protected information...

EUVD-2026-30489

MCP Registry: OCI validator skips ownership check on upstream rate limits...

CVE-2026-44430

The MCP Registry provides MCP clients with a list of MCP servers, like an app store for MCP servers. Prior to 1.7.7, the Registry's HTTP-based namespace verification POST /v0/auth/http, POST /v0.1/auth/http uses safeDialContext internal/api/handlers/v0/auth/http.go:67-110 to refuse dialling...

CVE-2026-44428

The MCP Registry provides MCP clients with a list of MCP servers, like an app store for MCP servers. Prior to 1.7.6, the client-side and server-side GitHub OIDC flow is bound only to a global audience string, not to the specific registry instance being targeted. On the client side, the publisher...

CVE-2026-41888 Distribution: Tag deletion bypasses `storage.delete.enabled` configuration

Distribution is a toolkit to pack, ship, store, and deliver container content. Prior to 3.1.1, tag deletion via the DELETE /v2//manifests/ endpoint bypasses the storage.delete.enabled: false configuration, allowing any API client to remove tags from repositories even when the operator has...

GHSA-6PJF-3R9X-M592 Distribution's tag deletion bypasses `storage.delete.enabled` configuration

Summary Tag deletion via the DELETE /v2//manifests/ endpoint bypasses the storage.delete.enabled: false configuration, allowing any API client to remove tags from repositories even when the operator has explicitly disabled deletion. Details When storage.delete.enabled is configured to false,...

PraisonAI recipe registry pull path traversal writes files outside the chosen output directory

Summary PraisonAI's recipe registry pull flow extracts attacker-controlled .praison tar archives with tar.extractall and does not validate archive member paths before extraction. A malicious publisher can upload a recipe bundle that contains ../ traversal entries and any user who later pulls that...

CVE-2026-2376

CVE-2026-2376 affects mirror-registry. The issue arises when an authenticated user supplies malicious web addresses; the application follows redirects without verifying the final destination, enabling requests to be routed to unintended internal or restricted systems. Documented impact is exposur...

CVE-2026-3951

A security flaw has been discovered in LockerProject Locker 0.0.0/0.0.1/0.1.0. Affected is the function authIsAwesome of the file source-code/Locker-master/Ops/registry.js of the component Error Response Handler. The manipulation of the argument ID results in cross site scripting. The attack can ...

📄 Microsoft Windows 11 Build 10.0.22631.6199 Registry Vulnerability Testing Tool

This is a C/C++ proof-of-concept PoC program designed to test for a specific vulnerability within the Windows Registry handling mechanism, often related to key duplication or improper permission checks during certain API calls like RegCopyTreeW...

EUVD-2025-133744

Malicious code in teate-thy-py-gotu npm...

EUVD-2015-2522

Malware in sbrugna...

EUVD-2017-13145

Malware in sbrugna...

EUVD-2017-6845

Malware in sbrugna...

EUVD-2021-26925

Malware in sbrugna...

EUVD-2010-2559

Malware in sbrugna...

EUVD-2005-4770

Malware in sbrugna...

EUVD-1999-1378

Malware in sbrugna...

EUVD-2006-0568

Malware in sbrugna...