Lucene search
K

1091 matches found

NVD
NVD
added 2026/05/14 10:16 p.m.14 views

CVE-2026-44427

The MCP Registry provides MCP clients with a list of MCP servers, like an app store for MCP servers. From 1.1.0 to 1.7.4, the TrailingSlashMiddleware in internal/api/server.go is vulnerable to an open redirect attack. An attacker can craft a URL with a protocol-relative path e.g., //evil.com/ tha...

0.00409EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/14 9:7 p.m.12 views

EUVD-2026-30491

The MCP Registry provides MCP clients with a list of MCP servers, like an app store for MCP servers. From 1.1.0 to 1.7.4, the TrailingSlashMiddleware in internal/api/server.go is vulnerable to an open redirect attack. An attacker can craft a URL with a protocol-relative path e.g., //evil.com/ tha...

5.8AI score0.00409EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/14 9:7 p.m.7 views

CVE-2026-44427

The MCP Registry provides MCP clients with a list of MCP servers, like an app store for MCP servers. From 1.1.0 to 1.7.4, the TrailingSlashMiddleware in internal/api/server.go is vulnerable to an open redirect attack. An attacker can craft a URL with a protocol-relative path e.g., //evil.com/ tha...

5.8AI score0.00409EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2026/05/13 8:23 p.m.13 views

CVE-2026-41612

Relative path traversal in Visual Studio Code allows an unauthorized attacker to disclose information locally...

5.5CVSS5.8AI score0.00495EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/12 8:58 p.m.10 views

CVE-2026-42196 django-s3file: Relative path traversal

django-s3file is a lightweight file upload input for Django and Amazon S3. Prior to 7.0.2, S3FileMiddleware is vulnerable to relative path traversal attacks, where an attacker can use a modified request to escape pre-signed upload locations and have the Django application load files from random...

9.9CVSS5.8AI score0.00564EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/12 8:58 p.m.9 views

CVE-2026-42196

django-s3file is a lightweight file upload input for Django and Amazon S3. Prior to 7.0.2, S3FileMiddleware is vulnerable to relative path traversal attacks, where an attacker can use a modified request to escape pre-signed upload locations and have the Django application load files from random...

9.9CVSS5.8AI score0.00564EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/05/12 8:58 p.m.12 views

CVE-2026-42196

CVE-2026-42196 affects django-s3file prior to version 7.0.2. The vulnerability resides in the S3FileMiddleware, which can be induced by a modified request to perform relative path traversal, causing the Django application to load files from arbitrary locations into request.FILES. This can lead to...

9.9CVSS5.8AI score0.00564EPSS
Exploits0References1
NVD
NVD
added 2026/05/12 6:17 p.m.17 views

CVE-2026-41612

Relative path traversal in Visual Studio Code allows an unauthorized attacker to disclose information locally...

5.5CVSS0.00495EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/12 4:58 p.m.14 views

EUVD-2026-29695

Relative path traversal in Visual Studio Code allows an unauthorized attacker to disclose information locally...

5.5CVSS5.8AI score0.00495EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/12 4:58 p.m.7 views

CVE-2026-41612

Relative path traversal in Visual Studio Code allows an unauthorized attacker to disclose information locally...

5.5CVSS5.8AI score0.00495EPSS
Exploits0References2Affected Software1
Microsoft CVE
Microsoft CVE
added 2026/05/12 2:0 p.m.15 views

Visual Studio Code Information Disclosure Vulnerability

Relative path traversal in Visual Studio Code allows an unauthorized attacker to disclose information locally...

5.5CVSS5.8AI score0.00495EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.14 views

PT-2026-40248

Name of the Vulnerable Software and Affected Versions Visual Studio Code affected versions not specified Description A relative path traversal issue in Visual Studio Code Live Preview allows an unauthorized attacker to disclose local information. Path traversal is a flaw that enables users to...

5.5CVSS5.8AI score0.00495EPSS
Exploits0References4
NVD
NVD
added 2026/05/08 7:16 p.m.16 views

CVE-2026-29201

Insufficient input validation of the feature file name in feature::LOADFEATUREFILE adminbin call can cause arbitrary file read when a relative file path is passed...

8.6CVSS0.00435EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/08 6:51 p.m.7 views

CVE-2026-29201

Insufficient input validation of the feature file name in feature::LOADFEATUREFILE adminbin call can cause arbitrary file read when a relative file path is passed...

4.3CVSS6.1AI score0.00435EPSS
Exploits0References2Affected Software3
Cvelist
Cvelist
added 2026/05/08 6:51 p.m.36 views

CVE-2026-29201

Insufficient input validation of the feature file name in feature::LOADFEATUREFILE adminbin call can cause arbitrary file read when a relative file path is passed...

8.6CVSS0.00435EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/05/08 5:2 p.m.45 views

MCP Registry has open redirect via protocol-relative path in trailing-slash middleware

Summary The TrailingSlashMiddleware in internal/api/server.go is vulnerable to an open redirect attack. An attacker can craft a URL with a protocol-relative path e.g., //evil.com/ that, after trailing slash removal, results in a Location header of //evil.com — which browsers interpret as an...

5.8AI score0.00409EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2026/05/08 5:2 p.m.10 views

GHSA-V8VW-GW5J-W7M6 MCP Registry has open redirect via protocol-relative path in trailing-slash middleware

Summary The TrailingSlashMiddleware in internal/api/server.go is vulnerable to an open redirect attack. An attacker can craft a URL with a protocol-relative path e.g., //evil.com/ that, after trailing slash removal, results in a Location header of //evil.com — which browsers interpret as an...

7.1CVSS5.8AI score0.00409EPSS
Exploits0References6
Snyk
Snyk
added 2026/05/08 5:2 p.m.6 views

Open Redirect

Overview Affected versions of this package are vulnerable to Open Redirect in the TrailingSlashMiddleware function. An attacker can redirect users to arbitrary external domains by crafting a request with a protocol-relative path, leading to potential phishing or malware distribution attacks...

7.1CVSS5.6AI score0.00409EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/05 8:5 p.m.11 views

django-s3file is vulnerable to relative path traversal

Impact S3FileMiddleware is vulnerable to relative path traversal attacks, where an attacker can use a modified request to escape pre-signed upload locations and have the Django application load files from random locations into request.FILES Depending on how files are handled, this may lead to...

9.9CVSS5.8AI score0.00564EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/05/05 8:5 p.m.10 views

GHSA-67QG-7284-2277 django-s3file is vulnerable to relative path traversal

Impact S3FileMiddleware is vulnerable to relative path traversal attacks, where an attacker can use a modified request to escape pre-signed upload locations and have the Django application load files from random locations into request.FILES Depending on how files are handled, this may lead to...

9.9CVSS5.8AI score0.00564EPSS
Exploits0References3
Rows per page
Query Builder