Lucene search
K

6 matches found

OSV
OSV
added 2026/06/26 9:8 p.m.3 views

GHSA-RP72-5V5Q-2446 @cardano402/mcp-server missing spending limits, LAN-exposed HTTP transport, and SSRF via catalog.server.url

Summary @cardano402/mcp-server versions = 0.1.1 ship three security gaps that can lead to unauthorized fund movement when the package is used as designed an MCP server exposing Cardano payment tools to an Impact 1. No spending limits on signed payments An LLM or prompt-injected LLM calling tools...

5.8AI score
Exploits0References2
Veracode
Veracode
added 2019/01/15 9:2 a.m.23 views

Information Disclosure

openstack-keystone is vulnerable to information disclosure attacks. The vulnerability exists as the catalog url replacement in OpenStack Identity Keystone before 2013.2.3 and 2014.1 before 2014.1.2.1 allows remote authenticated users to read sensitive configuration options via a crafted endpoint,...

4CVSS5.2AI score0.02109EPSS
Exploits1References15Affected Software1
Openbugbounty
Openbugbounty
added 2017/06/18 2:35 a.m.13 views

qualityplaysets.com XSS vulnerability

Vulnerable URL: http://www.qualityplaysets.com/Catalog.asp?Submit=List=Residential=1/-///'/"//--...

6.9AI score
Exploits0
RedHat Linux
RedHat Linux
added 2014/10/22 5:21 p.m.46 views

Important: Red Hat Security Advisory: openstack-keystone security and bug fix update

Updated openstack-keystone packages that fix two security issues and multiple bugs are now available for Red Hat Enterprise Linux OpenStack Platform 4.0. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which...

7.8CVSS5.8AI score0.03155EPSS
Exploits2References7
RedHat Linux
RedHat Linux
added 2014/10/22 5:21 p.m.6 views

openstack-keystone: configuration data information leak through Keystone catalog

A flaw was found in the keystone catalog URL replacement. A user with permissions to register an endpoint could use this flaw to leak configuration data, including the master admintoken. Only keystone setups that allow non-cloud-admin users to create endpoints were affected by this issue...

4CVSS5.7AI score0.02109EPSS
Exploits1References4
Debian CVE
Debian CVE
added 2014/10/02 2:0 p.m.19 views

CVE-2014-3621

The catalog url replacement in OpenStack Identity Keystone before 2013.2.3 and 2014.1 before 2014.1.2.1 allows remote authenticated users to read sensitive configuration options via a crafted endpoint, as demonstrated by "$admintoken" in the publicurl endpoint field...

4CVSS5.8AI score0.02109EPSS
Exploits1
Rows per page
Query Builder