Lucene search
K

30 matches found

RedhatCVE
RedhatCVE
added 2026/06/25 6:38 p.m.5 views

CVE-2026-52845

A flaw was found in Caddy, an extensible server platform. A remote attacker can exploit a vulnerability in the forwardauth copyheaders functionality. This occurs because Caddy normalizes HTTP headers into Common Gateway Interface CGI variables by replacing hyphens with underscores, allowing a...

8.1CVSS5.9AI score0.00246EPSS
Exploits1References4
OSV
OSV
added 2026/06/18 2:30 p.m.2 views

SUSE-SU-2026:22159-1 Security update for distribution

This update for distribution fixes the following issues - CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given bad SETTINGSMAXFRAMESIZE bsc1265788. - CVE-2026-39821: golang.org/x/net/idna: failure to reject ASCII-only Punycode-encoded labels allows for validation...

10CVSS5.9AI score0.00781EPSS
Exploits1References21
OSV
OSV
added 2026/06/01 10:42 a.m.5 views

SUSE-SU-2026:21881-1 Security update for helm

This update for helm fixes the following issues - CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given bad SETTINGSMAXFRAMESIZE bsc1265758. - CVE-2026-41888: github.com/distribution/distribution/v3: tag deletion bypasses the storage.delete.enabled configuration...

7.5CVSS5.8AI score0.00781EPSS
Exploits1References5
OSV
OSV
added 2026/05/30 8:16 a.m.4 views

SUSE-SU-2026:22001-1 Security update for helm

This update for helm fixes the following issues Security issues: - CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given bad SETTINGSMAXFRAMESIZE bsc1265758. - CVE-2026-41888: github.com/distribution/distribution/v3: tag deletion bypasses the storage.delete.enabled...

7.5CVSS5.5AI score0.00781EPSS
Exploits1References5
OSV
OSV
added 2026/05/30 8:16 a.m.7 views

SUSE-SU-2026:21952-1 Security update for helm

This update for helm fixes the following issues Security issues: - CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given bad SETTINGSMAXFRAMESIZE bsc1265758. - CVE-2026-41888: github.com/distribution/distribution/v3: tag deletion bypasses the storage.delete.enabled...

7.5CVSS5.8AI score0.00781EPSS
Exploits1References5
OSV
OSV
added 2026/05/28 3:46 p.m.5 views

SUSE-SU-2026:21915-1 Security update for helm

This update for helm fixes the following issues - CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given bad SETTINGSMAXFRAMESIZE bsc1265758. - CVE-2026-41888: github.com/distribution/distribution/v3: tag deletion bypasses the storage.delete.enabled configuration...

7.5CVSS5.8AI score0.00781EPSS
Exploits1References5
SUSE Linux
SUSE Linux
added 2026/05/25 1:58 p.m.13 views

Security update for helm

This update for helm fixes the following issues Security issues: CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given bad SETTINGSMAXFRAMESIZE bsc1265758. CVE-2026-41888: github.com/distribution/distribution/v3: tag deletion bypasses the storage.delete.enabled...

7.5CVSS5.8AI score0.00781EPSS
Exploits1References10
OSV
OSV
added 2026/05/25 1:58 p.m.8 views

SUSE-SU-2026:2049-1 Security update for helm

This update for helm fixes the following issues Security issues: - CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given bad SETTINGSMAXFRAMESIZE bsc1265758. - CVE-2026-41888: github.com/distribution/distribution/v3: tag deletion bypasses the storage.delete.enabled...

7.5CVSS5.8AI score0.00781EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2026/05/21 1:3 p.m.11 views

CVE-2026-41888

A flaw was found in Distribution, a software toolkit used for managing container content. This vulnerability allows a remote attacker to bypass security settings designed to prevent the deletion of container tags. By sending a specific request, an attacker can remove tags from repositories even...

6.5CVSS5.8AI score0.00294EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2026/05/18 1:21 p.m.14 views

SUSE CVE-2026-41888

Distribution is a toolkit to pack, ship, store, and deliver container content. Prior to 3.1.1, tag deletion via the DELETE /v2//manifests/ endpoint bypasses the storage.delete.enabled: false configuration, allowing any API client to remove tags from repositories even when the operator has...

6.5CVSS5.8AI score0.00294EPSS
Exploits1References10
NVD
NVD
added 2026/05/14 6:16 p.m.14 views

CVE-2026-41888

Distribution is a toolkit to pack, ship, store, and deliver container content. Prior to 3.1.1, tag deletion via the DELETE /v2//manifests/ endpoint bypasses the storage.delete.enabled: false configuration, allowing any API client to remove tags from repositories even when the operator has...

6.5CVSS0.00294EPSS
Exploits1References1
OSV
OSV
added 2026/05/14 6:16 p.m.15 views

DEBIAN-CVE-2026-41888

Distribution is a toolkit to pack, ship, store, and deliver container content. Prior to 3.1.1, tag deletion via the DELETE /v2//manifests/ endpoint bypasses the storage.delete.enabled: false configuration, allowing any API client to remove tags from repositories even when the operator has...

6.5CVSS5.8AI score0.00294EPSS
Exploits1References1
OSV
OSV
added 2026/05/14 6:16 p.m.6 views

UBUNTU-CVE-2026-41888

Distribution is a toolkit to pack, ship, store, and deliver container content. Prior to 3.1.1, tag deletion via the DELETE /v2//manifests/ endpoint bypasses the storage.delete.enabled: false configuration, allowing any API client to remove tags from repositories even when the operator has...

6.5CVSS5.8AI score0.00294EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/05/14 4:53 p.m.40 views

CVE-2026-41888 Distribution: Tag deletion bypasses `storage.delete.enabled` configuration

Distribution is a toolkit to pack, ship, store, and deliver container content. Prior to 3.1.1, tag deletion via the DELETE /v2//manifests/ endpoint bypasses the storage.delete.enabled: false configuration, allowing any API client to remove tags from repositories even when the operator has...

6.3CVSS0.00294EPSS
Exploits1References1
EUVD
EUVD
added 2026/05/14 4:53 p.m.14 views

EUVD-2026-30341

Distribution is a toolkit to pack, ship, store, and deliver container content. Prior to 3.1.1, tag deletion via the DELETE /v2//manifests/ endpoint bypasses the storage.delete.enabled: false configuration, allowing any API client to remove tags from repositories even when the operator has...

6.3CVSS5.8AI score0.00294EPSS
Exploits1References1
CVE
CVE
added 2026/05/14 4:53 p.m.23 views

CVE-2026-41888

CVE-2026-41888 affects the Distribution toolkit (prior to v3.1.1). The issue is that DELETE /v2//manifests/ can bypass storage.delete.enabled: false, letting API clients remove tags from repositories even when deletion is disabled. Impact: unauthorized tag deletions. Remediation: upgrade to v3.1....

6.5CVSS5.8AI score0.00294EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2026/05/04 8:48 p.m.4 views

GHSA-6PJF-3R9X-M592 Distribution's tag deletion bypasses `storage.delete.enabled` configuration

Summary Tag deletion via the DELETE /v2//manifests/ endpoint bypasses the storage.delete.enabled: false configuration, allowing any API client to remove tags from repositories even when the operator has explicitly disabled deletion. Details When storage.delete.enabled is configured to false,...

6.3CVSS5.8AI score0.00294EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/05/04 12:0 a.m.12 views

PT-2026-37158

Name of the Vulnerable Software and Affected Versions Distribution versions prior to 3.1.1 Description An authorization bypass exists where tag deletion via the "/v2//manifests/" endpoint ignores the storage.delete.enabled: false configuration. This allows any API client to remove tags from...

6.5CVSS5.8AI score0.00294EPSS
Exploits1References45
OSV
OSV
added 2026/04/08 7:23 p.m.2 views

GHSA-HQXQ-HWQF-WG83 monetr: Protected Transactions Deletable via PUT

Summary A transaction integrity flaw allows an authenticated tenant user to soft-delete synced non-manual transactions through the transaction update endpoint, despite the application explicitly blocking deletion of those transactions via the normal DELETE path. This bypass undermines the intende...

5.7CVSS5.8AI score0.00292EPSS
Exploits0References4
CVE
CVE
added 2026/03/31 8:27 p.m.12 views

CVE-2026-34586

PdfDing (self-hosted PDF manager/editor) is affected by a vulnerability in which check_shared_access_allowed() only validates session existence and does not enforce SharedPdf.inactive (expiration/max views) or SharedPdf.deleted. The Serve and Download endpoints rely on this function, allowing pre...

6.5CVSS5.8AI score0.00295EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder