CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

47 matches found

OSV•added 2026/05/19 3:39 p.m.•4 views

GHSA-2V5F-5R6W-P67R MCP Registry: OCI validator skips ownership check on upstream rate limits

OCI ownership validation fails open on upstream rate limits, allowing attacker to claim arbitrary public OCI images under their own namespace Severity: Low re-scored post-triage; see Maintainer triage note below Affected: modelcontextprotocol/registry main branch at commit fe0cb3b current HEAD as...

3.5CVSS6AI score0.0001EPSS

Exploits0References3

RedhatCVE•added 2026/03/26 3:2 p.m.•4 views

CVE-2026-32248

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.12 and 8.6.38, an unauthenticated attacker can take over any user account that was created with an authentication provider that does not validate the format of the user...

9.8CVSS5.8AI score0.001EPSS

Exploits0References1

Positive Technologies•added 2026/03/22 12:0 a.m.•3 views

PT-2026-27002

Free Float FTP 1.0 contains a buffer overflow vulnerability in the STOR command handler that allows remote attackers to execute arbitrary code by sending a crafted STOR request with an oversized payload. Attackers can authenticate with anonymous credentials and send a malicious STOR command...

9.8CVSS6.9AI score0.00858EPSS

Exploits1References4

OSV•added 2026/03/16 9:53 a.m.•2 views

BIT-PARSE-2026-32248 Parse Server: Account takeover via operator injection in authentication data identifier

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0 and 8.6.38, an unauthenticated attacker can take over any user account that was created with an authentication provider that does not validate the format of the user identifier...

9.8CVSS5.8AI score0.001EPSS

Exploits0References4

NVD•added 2026/03/12 8:16 p.m.•3 views

CVE-2026-32248

9.8CVSS0.001EPSS

Exploits0References3

Cvelist•added 2026/03/12 7:14 p.m.•22 views

CVE-2026-32248 Parse Server: Account takeover via operator injection in authentication data identifier

9.3CVSS0.001EPSS

Exploits0References3

ATTACKERKB•added 2026/03/12 7:14 p.m.•2 views

CVE-2026-32248

9.3CVSS5.8AI score0.001EPSS

Exploits0References4Affected Software1

Vulnrichment•added 2026/03/12 7:14 p.m.•3 views

CVE-2026-32248 Parse Server: Account takeover via operator injection in authentication data identifier

9.3CVSS5.8AI score0.001EPSS

Exploits0References3

OSV•added 2026/03/12 5:29 p.m.•3 views

GHSA-5FW2-8JCV-XH87 Parse Server: Account takeover via operator injection in authentication data identifier

Impact An unauthenticated attacker can take over any user account that was created with an authentication provider that does not validate the format of the user identifier e.g. anonymous authentication. By sending a crafted login request, the attacker can cause the server to perform a...

9.3CVSS5.8AI score0.001EPSS

Exploits0References5

OSV•added 2026/01/29 10:4 p.m.•3 views

GHSA-9M43-P3CX-W8J5 malcontent OCI image pull credential exfiltration via malicious registry token realm

Malcontent could be made to expose Docker registry credentials if it scanned a specially crafted OCI image reference. Malcontent uses google/go-containerregistry for OCI image pulls, which by default uses the Docker credential keychain. A malicious registry could return a WWW-Authenticate header...

6.5CVSS5.8AI score0.00034EPSS

Exploits0References4

Cvelist•added 2026/01/29 9:2 p.m.•19 views

CVE-2026-24845 malcontent's OCI image scanning could expose registry credentials

malcontent discovers supply-chain compromises through. context, differential analysis, and YARA. Starting in version 0.10.0 and prior to version 1.20.3, malcontent could be made to expose Docker registry credentials if it scanned a specially crafted OCI image reference. malcontent uses...

6.5CVSS0.00034EPSS

Exploits0References2

ATTACKERKB•added 2026/01/29 9:2 p.m.•3 views

CVE-2026-24845

6.5CVSS5.9AI score0.00034EPSS

Exploits0References3Affected Software1

EUVD•added 2026/01/29 9:2 p.m.•4 views

EUVD-2026-4945

6.5CVSS5.9AI score0.00034EPSS

Exploits0References2

AlpineLinux•added 2026/01/29 9:2 p.m.•4 views

CVE-2026-24845

6.5CVSS5.9AI score0.00034EPSS

Exploits0References2

Positive Technologies•added 2026/01/29 12:0 a.m.•4 views

PT-2026-5353

Name of the Vulnerable Software and Affected Versions malcontent versions 0.10.0 through 1.20.3 Description malcontent could reveal Docker registry credentials when scanning a manipulated OCI image reference. The software utilizes google/go-containerregistry for OCI image pulls, which defaults to...

9.9CVSS5.9AI score0.15051EPSS

Exploits44References116

RedhatCVE•added 2025/10/10 8:22 p.m.•2 views

CVE-2025-35062

Newforma Info Exchange NIX before version 2023.1 by default allows anonymous authentication which allows an unauthenticated attacker to exploit additional vulnerabilities that require authentication...

6.9CVSS7.2AI score0.0015EPSS

Exploits0References1

EUVD•added 2025/10/09 9:31 p.m.•2 views

EUVD-2025-33566

6.9CVSS6.8AI score0.0015EPSS

Exploits0References3

NVD•added 2025/10/09 9:15 p.m.•2 views

CVE-2025-35062

9.8CVSS0.0015EPSS

Exploits0References2

CVE•added 2025/10/09 8:22 p.m.•10 views

CVE-2025-35062

Newforma Info Exchange (NIX) before version 2023.1 allows anonymous authentication by default, enabling an unauthenticated attacker to exploit additional vulnerabilities that require authentication. Related sources describe bypass and file-read/upload issues tied to authenticated access and the p...

9.8CVSS6.9AI score0.0015EPSS

Exploits0References2Affected Software1

Vulnrichment•added 2025/10/09 8:22 p.m.•1 views

CVE-2025-35062 Newforma Info Exchange (NIX) default anonymous access

6.9CVSS6.9AI score0.0015EPSS

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by