7 matches found
CVE-2026-44427 MCP Registry: Open Redirect
The MCP Registry provides MCP clients with a list of MCP servers, like an app store for MCP servers. From 1.1.0 to 1.7.4, the TrailingSlashMiddleware in internal/api/server.go is vulnerable to an open redirect attack. An attacker can craft a URL with a protocol-relative path e.g., //evil.com/ tha...
Canon Oce Colorwave 500 Cross-Site Scripting Vulnerability (CNVD-2020-18989)
The Canon Oce Colorwave 500 is a printer from Canon Japan. A cross-site scripting vulnerability exists in the /TemplateManager/indexExternalLocation.jsp file of the web application in Canon Oce Colorwave 500 version 4.0.0.0. The vulnerability stems from the WEB application lacking proper validati...
Eclipse Vert.x does not properly neutralize '' (forward slashes) sequences that can resolve to an external location
In version from 3.0.0 to 3.5.3 of Eclipse Vert.x, the StaticHandler uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '' forward slashes sequences that can resolve to a location that is outside of that directory when...
Xxe
In environments that use external location for hive tables, Hive Authorizer in Apache Ranger before 0.7.1 should be checking RWX permission for create table...
CVE-2017-7677
In environments that use external location for hive tables, Hive Authorizer in Apache Ranger before 0.7.1 should be checking RWX permission for create table...
CVE-2017-7677
In environments that use external location for hive tables, Hive Authorizer in Apache Ranger before 0.7.1 should be checking RWX permission for create table...
CVE-2017-7677
In environments that use external location for hive tables, Hive Authorizer in Apache Ranger before 0.7.1 should be checking RWX permission for create table...