25 matches found
GO-2026-4911 Docker Model Runner OCI Registry Client Vulnerable to Server-Side Request Forgery (SSRF) in github.com/docker/model-runner
Docker Model Runner OCI Registry Client Vulnerable to Server-Side Request Forgery SSRF in github.com/docker/model-runner...
PT-2026-29104
Name of the Vulnerable Software and Affected Versions Docker Model Runner versions prior to 1.1.25 Docker Desktop versions prior to 4.67.0 Description The software contains a Server-Side Request Forgery SSRF issue within the OCI registry token exchange process. When retrieving a model, the softwa...
CVE-2025-59060
Hostname verification bypass issue in Apache Ranger NiFiRegistryClient/NiFiClient is reported in Apache Ranger versions = 2.7.0. Users are recommended to upgrade to version 2.8.0, which fixes this issue...
Apache Ranger Vulnerable to Improper Validation of Certificate with Host Mismatch
Hostname verification bypass issue in Apache Ranger NiFiRegistryClient/NiFiClient is reported in Apache Ranger versions = 2.7.0. Users are recommended to upgrade to version 2.8.0, which fixes this issue...
CVE-2025-59060
Hostname verification bypass issue in Apache Ranger NiFiRegistryClient/NiFiClient is reported in Apache Ranger versions = 2.7.0. Users are recommended to upgrade to version 2.8.0, which fixes this issue...
CVE-2025-59060
Summary: CVE-2025-59060 describes a hostname verification bypass in Apache Ranger’s NiFiRegistryClient/NiFiClient. The issue is reported for Apache Ranger versions ≤ 2.7.0 and is fixed by upgrading to version 2.8.0. Affected components: NiFiRegistryClient and NiFiClient within Apache Ranger. Root...
CVE-2025-59060 Apache Ranger: Hostname verification bypass in NiFiRegistryClient and NifiClient
Hostname verification bypass issue in Apache Ranger NiFiRegistryClient/NiFiClient is reported in Apache Ranger versions = 2.7.0. Users are recommended to upgrade to version 2.8.0, which fixes this issue...
CVE-2025-59060 Apache Ranger: Hostname verification bypass in NiFiRegistryClient and NifiClient
Hostname verification bypass issue in Apache Ranger NiFiRegistryClient/NiFiClient is reported in Apache Ranger versions = 2.7.0. Users are recommended to upgrade to version 2.8.0, which fixes this issue...
CVE-2025-59060
Hostname verification bypass issue in Apache Ranger NiFiRegistryClient/NiFiClient is reported in Apache Ranger versions = 2.7.0. Users are recommended to upgrade to version 2.8.0, which fixes this issue...
CVE-2025-59060
Hostname verification bypass issue in Apache Ranger NiFiRegistryClient/NiFiClient is reported in Apache Ranger versions = 2.7.0. Users are recommended to upgrade to version 2.8.0, which fixes this issue...
PT-2026-22729
Name of the Vulnerable Software and Affected Versions Apache Ranger versions prior to 2.8.0 Description A hostname verification bypass issue exists in Apache Ranger NiFiRegistryClient/NiFiClient. This issue allows bypassing hostname verification. Recommendations Upgrade to version 2.8.0...
Apache Ranger 安全漏洞
Apache Ranger is a set of security measures implemented for Hadoop clusters by the Apache Foundation. This product provides central security policy management to address core enterprise security requirements such as authorization, settlement, and data protection. Apache Ranger versions 2.7.0 and...
CVE-2026-2733
A flaw was identified in the Docker v2 authentication endpoint of Keycloak, where tokens continue to be issued even after a Docker registry client has been administratively disabled. This means that turning the client “Enabled” setting to OFF does not fully prevent access. As a result, previously...
PT-2026-20651
A flaw was identified in the Docker v2 authentication endpoint of Keycloak, where tokens continue to be issued even after a Docker registry client has been administratively disabled. This means that turning the client “Enabled” setting to OFF does not fully prevent access. As a result, previously...
EUVD-2024-2641
Malicious code in bioql PyPI...
Malicious code in production_registry_client (npm)
The package productionregistryclient was found to contain malicious code...
MAL-2025-29711 Malicious code in production_registry_client (npm)
The package productionregistryclient was found to contain malicious code...
Malicious code in artifact-registry-client (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 53156ca17e2b337cc206264bd5506b359075734acd01374129803b3eff0732fc Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2025-24882 regclient may ignore pinned manifest digests
regclient is a Docker and OCI Registry Client in Go. A malicious registry could return a different digest for a pinned manifest without detection. This vulnerability is fixed in 0.7.1...
CVE-2025-24882
In regclient (Go), a vulnerability exists where a malicious registry could return a different digest for a pinned manifest without detection. This is addressed by upgrading to version 0.7.1 (fixed in 0.7.1). Affected: regclient’s Docker/OCI registry client functionality; root cause details are th...