Lucene search
K

9 matches found

CVE
CVE
added 2026/05/22 7:24 p.m.34 views

CVE-2026-5817

CVE-2026-5817 affects the vllm-metal backend used by Docker Model Runner on macOS. The backend loads model tokenizers with trust_remote_code=True, causing transformers.AutoTokenizer.from_pretrained() to import and execute arbitrary Python files from models pulled from an OCI registry. This can en...

8.8CVSS6.5AI score0.00224EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/22 12:0 a.m.19 views

PT-2026-42830

Name of the Vulnerable Software and Affected Versions Docker Model Runner on macOS affected versions not specified Description The vllm-metal inference backend unconditionally sets trust remote code=True when loading model tokenizers and operates without sandboxing. This allows the...

8.8CVSS6.4AI score0.00224EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2026/05/19 3:39 p.m.11 views

MCP Registry: OCI validator skips ownership check on upstream rate limits

OCI ownership validation fails open on upstream rate limits, allowing attacker to claim arbitrary public OCI images under their own namespace Severity: Low re-scored post-triage; see Maintainer triage note below Affected: modelcontextprotocol/registry main branch at commit fe0cb3b current HEAD as...

3.5CVSS6AI score0.00206EPSS
Exploits0References3Affected Software1
Snyk
Snyk
added 2026/04/21 2:8 a.m.4 views

Uncontrolled Recursion

Overview Affected versions of this package are vulnerable to Uncontrolled Recursion via the ExtractPluginFromImage function. An attacker can cause disk exhaustion by supplying a crafted container image containing a decompression bomb, which decompresses to an arbitrarily large file during plugin...

6.5CVSS5.4AI score0.00218EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2025/07/08 1:0 a.m.5 views

podman: podman missing TLS verification

A flaw was found in Podman. The podman machine init command fails to verify the TLS certificate when downloading the VM images from an OCI registry. This issue results in a Man In The Middle attack...

8.3CVSS7.3AI score0.00397EPSS
Exploits0References6
OSV
OSV
added 2025/06/24 2:15 p.m.5 views

UBUNTU-CVE-2025-6032

A flaw was found in Podman. The podman machine init command fails to verify the TLS certificate when downloading the VM images from an OCI registry. This issue results in a Man In The Middle attack...

8.3CVSS6.3AI score0.00397EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2025/06/24 1:50 p.m.2 views

CVE-2025-6032

A flaw was found in Podman. The podman machine init command fails to verify the TLS certificate when downloading the VM images from an OCI registry. This issue results in a Man In The Middle attack...

8.3CVSS6.6AI score0.00397EPSS
Exploits0References18Affected Software10
SUSE CVE
SUSE CVE
added 2023/02/15 3:28 a.m.5 views

SUSE CVE-2022-23649

Cosign provides container signing, verification, and storage in an OCI registry for the sigstore project. Prior to version 1.5.2, Cosign can be manipulated to claim that an entry for a signature exists in the Rekor transparency log even if it doesn't. This requires the attacker to have pull and...

6.5CVSS6.8AI score0.0016EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/02/18 12:0 a.m.4 views

Cosign 信任管理问题漏洞

Cosign is a container signature, verification and storage in the Oci registry in the U.S. Versions prior to Cosign 1.5.2 are vulnerable to trust management issues, which can be exploited by attackers to access signatures in the OCI and manipulate cosign...

3.3CVSS5.5AI score0.0016EPSS
Exploits0References3
Rows per page
Query Builder