Lucene search
K

8 matches found

Vulnrichment
Vulnrichment
added 2026/05/14 9:9 p.m.6 views

CVE-2026-44428 MCP Registry: GitHub OIDC tokens replayable across registry deployments due to shared audience

The MCP Registry provides MCP clients with a list of MCP servers, like an app store for MCP servers. Prior to 1.7.6, the client-side and server-side GitHub OIDC flow is bound only to a global audience string, not to the specific registry instance being targeted. On the client side, the publisher...

2.1CVSS5.9AI score0.00219EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/05/14 6:27 p.m.15 views

Apostrophe has stored XSS via javascript: URL in Image Widget Link

Summary A stored cross-site scripting vulnerability was identified in the image widget functionality. A user with the Editor role can configure an image widget link to use a javascript: URL payload. Because editors have permission to publish pages, the malicious widget can be published to the liv...

7.3CVSS5.8AI score0.00211EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/05/08 5:6 p.m.12 views

GHSA-95C3-6VVW-4MRQ MCP Registry's GitHub OIDC tokens are replayable across registry deployments due to shared audience

SECURITY registry001 Vulnerability Report While analyzing the code logic, an area that may lead to unintended behavior under specific conditions was discovered. Overview - Verified Version: c5c4b9e8890dd5754bee889b2f1417f4fe3b5ce5 - Vulnerability Type: Authentication bypass via cross-registry OID...

4.7CVSS5.8AI score0.00219EPSS
Exploits0References6
OSV
OSV
added 2026/03/30 11:45 a.m.10 views

BIT-NATS-2026-33249 NATS: Message tracing can be redirected to arbitrary subject

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Starting in version 2.11.0 and prior to versions 2.11.15 and 2.12.6, a valid client which uses message tracing headers can indicate that the trace messages can be sent to an arbitrary valid subject,...

4.3CVSS6AI score0.00228EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/03/25 8:21 p.m.25 views

CVE-2026-33249 NATS: Message tracing can be redirected to arbitrary subject

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Starting in version 2.11.0 and prior to versions 2.11.15 and 2.12.6, a valid client which uses message tracing headers can indicate that the trace messages can be sent to an arbitrary valid subject,...

4.3CVSS0.00228EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/25 8:21 p.m.3 views

CVE-2026-33249 NATS: Message tracing can be redirected to arbitrary subject

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Starting in version 2.11.0 and prior to versions 2.11.15 and 2.12.6, a valid client which uses message tracing headers can indicate that the trace messages can be sent to an arbitrary valid subject,...

4.3CVSS5.9AI score0.00228EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/03/24 8:37 p.m.19 views

NATS: Message tracing can be redirected to arbitrary subject

Background NATS.io is a high performance open source pub-sub distributed communication technology, built for the cloud, on-premise, IoT, and edge computing. The nats-server supports telemetry on messages, using the per-message NATS headers. Problem Description A valid client which uses message...

4.3CVSS5.9AI score0.00228EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/03/24 8:37 p.m.3 views

GHSA-8M2X-3M6Q-6W8J NATS: Message tracing can be redirected to arbitrary subject

Background NATS.io is a high performance open source pub-sub distributed communication technology, built for the cloud, on-premise, IoT, and edge computing. The nats-server supports telemetry on messages, using the per-message NATS headers. Problem Description A valid client which uses message...

4.3CVSS5.9AI score0.00228EPSS
Exploits0References4
Rows per page
Query Builder