1091 matches found
CVE-2026-44427
The MCP Registry provides MCP clients with a list of MCP servers, like an app store for MCP servers. From 1.1.0 to 1.7.4, the TrailingSlashMiddleware in internal/api/server.go is vulnerable to an open redirect attack. An attacker can craft a URL with a protocol-relative path e.g., //evil.com/ tha...
EUVD-2026-30491
The MCP Registry provides MCP clients with a list of MCP servers, like an app store for MCP servers. From 1.1.0 to 1.7.4, the TrailingSlashMiddleware in internal/api/server.go is vulnerable to an open redirect attack. An attacker can craft a URL with a protocol-relative path e.g., //evil.com/ tha...
CVE-2026-44427
The MCP Registry provides MCP clients with a list of MCP servers, like an app store for MCP servers. From 1.1.0 to 1.7.4, the TrailingSlashMiddleware in internal/api/server.go is vulnerable to an open redirect attack. An attacker can craft a URL with a protocol-relative path e.g., //evil.com/ tha...
CVE-2026-41612
Relative path traversal in Visual Studio Code allows an unauthorized attacker to disclose information locally...
CVE-2026-42196 django-s3file: Relative path traversal
django-s3file is a lightweight file upload input for Django and Amazon S3. Prior to 7.0.2, S3FileMiddleware is vulnerable to relative path traversal attacks, where an attacker can use a modified request to escape pre-signed upload locations and have the Django application load files from random...
CVE-2026-42196
django-s3file is a lightweight file upload input for Django and Amazon S3. Prior to 7.0.2, S3FileMiddleware is vulnerable to relative path traversal attacks, where an attacker can use a modified request to escape pre-signed upload locations and have the Django application load files from random...
CVE-2026-42196
CVE-2026-42196 affects django-s3file prior to version 7.0.2. The vulnerability resides in the S3FileMiddleware, which can be induced by a modified request to perform relative path traversal, causing the Django application to load files from arbitrary locations into request.FILES. This can lead to...
CVE-2026-41612
Relative path traversal in Visual Studio Code allows an unauthorized attacker to disclose information locally...
EUVD-2026-29695
Relative path traversal in Visual Studio Code allows an unauthorized attacker to disclose information locally...
CVE-2026-41612
Relative path traversal in Visual Studio Code allows an unauthorized attacker to disclose information locally...
Visual Studio Code Information Disclosure Vulnerability
Relative path traversal in Visual Studio Code allows an unauthorized attacker to disclose information locally...
PT-2026-40248
Name of the Vulnerable Software and Affected Versions Visual Studio Code affected versions not specified Description A relative path traversal issue in Visual Studio Code Live Preview allows an unauthorized attacker to disclose local information. Path traversal is a flaw that enables users to...
CVE-2026-29201
Insufficient input validation of the feature file name in feature::LOADFEATUREFILE adminbin call can cause arbitrary file read when a relative file path is passed...
CVE-2026-29201
Insufficient input validation of the feature file name in feature::LOADFEATUREFILE adminbin call can cause arbitrary file read when a relative file path is passed...
CVE-2026-29201
Insufficient input validation of the feature file name in feature::LOADFEATUREFILE adminbin call can cause arbitrary file read when a relative file path is passed...
MCP Registry has open redirect via protocol-relative path in trailing-slash middleware
Summary The TrailingSlashMiddleware in internal/api/server.go is vulnerable to an open redirect attack. An attacker can craft a URL with a protocol-relative path e.g., //evil.com/ that, after trailing slash removal, results in a Location header of //evil.com — which browsers interpret as an...
GHSA-V8VW-GW5J-W7M6 MCP Registry has open redirect via protocol-relative path in trailing-slash middleware
Summary The TrailingSlashMiddleware in internal/api/server.go is vulnerable to an open redirect attack. An attacker can craft a URL with a protocol-relative path e.g., //evil.com/ that, after trailing slash removal, results in a Location header of //evil.com — which browsers interpret as an...
Open Redirect
Overview Affected versions of this package are vulnerable to Open Redirect in the TrailingSlashMiddleware function. An attacker can redirect users to arbitrary external domains by crafting a request with a protocol-relative path, leading to potential phishing or malware distribution attacks...
django-s3file is vulnerable to relative path traversal
Impact S3FileMiddleware is vulnerable to relative path traversal attacks, where an attacker can use a modified request to escape pre-signed upload locations and have the Django application load files from random locations into request.FILES Depending on how files are handled, this may lead to...
GHSA-67QG-7284-2277 django-s3file is vulnerable to relative path traversal
Impact S3FileMiddleware is vulnerable to relative path traversal attacks, where an attacker can use a modified request to escape pre-signed upload locations and have the Django application load files from random locations into request.FILES Depending on how files are handled, this may lead to...