Lucene search
K

6 matches found

RedhatCVE
RedhatCVE
added 2026/03/26 2:59 p.m.4 views

CVE-2026-31801

zot is ancontainer image/artifact registry based on the Open Container Initiative Distribution Specification. From 1.3.0 to 2.1.14, zot’s dist-spec authorization middleware infers the required action for PUT /v2/name/manifests/reference as create by default, and only switches to update when the t...

7.7CVSS5.8AI score0.00212EPSS
Exploits1References1
OSV
OSV
added 2026/03/12 8:57 p.m.4 views

GO-2026-4668 zot’s create-only policy allows overwrite attempts of existing latest tag (update permission not required) in zotregistry.dev/zot

zot’s create-only policy allows overwrite attempts of existing latest tag update permission not required in zotregistry.dev/zot. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing...

7.7CVSS5.8AI score0.00212EPSS
Exploits1References3
EUVD
EUVD
added 2026/03/10 11:44 p.m.4 views

EUVD-2026-10891

zot’s create-only policy allows overwrite attempts of existing latest tag update permission not required...

7.7CVSS5.8AI score0.00212EPSS
Exploits1References3
EUVD
EUVD
added 2026/03/10 11:44 p.m.4 views

EUVD-2026-10890

zot’s create-only policy allows overwrite attempts of existing latest tag update permission not required...

7.7CVSS5.8AI score0.00212EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/03/10 12:0 a.m.7 views

PT-2026-24461

Name of the Vulnerable Software and Affected Versions zot versions 1.3.0 through 2.1.14 Description zot is a container image/artifact registry based on the Open Container Initiative Distribution Specification. The dist-spec authorization middleware incorrectly infers the required action for PUT...

9.9CVSS7.1AI score0.22162EPSS
Exploits70References135
OSV
OSV
added 2025/08/01 2:44 p.m.3 views

SUSE-SU-2025:02592-1 Security update for cosign

This update for cosign fixes the following issues: Update to version 2.5.3 jscSLE-23879: - CVE-2025-46569: Fixed OPA server Data API HTTP path injection of Rego bsc1246725 Changelog: Update to 2.5.3: - Add signing-config create command 4280 - Allow multiple services to be specified for trusted-ro...

7.4CVSS5.8AI score0.0036EPSS
Exploits0References3
Rows per page
Query Builder