Lucene search
K

120 matches found

OSV
OSV
added 2026/07/01 9:54 p.m.5 views

GHSA-VH4V-2XQ2-G5CG ORAS Go forwards registry credentials across registry redirects

ORAS Go forwards registry credentials across registry redirects Reporter / public credit: JUNYI LIU Summary ORAS Go can forward registry credentials configured for one registry origin to a different HTTP origin during registry redirects. There are two related paths: 1. A manifest or metadata...

6.9CVSS6.1AI score
Exploits0References4
OSV
OSV
added 2026/06/30 8:38 p.m.7 views

MAL-2026-6698 Malicious code in cursed-modules (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 45b6aab954f9b8edbc759c97eabe39d7a070c4dbe852586422761ad0f8c7ad95 [email protected] executes attacker-controlled code on three separate triggers and operates a bidirectional command channel against a hardcoded...

6AI score
Exploits0References19
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.14 views

PT-2026-53024

Name of the Vulnerable Software and Affected Versions regclient affected versions not specified Description Authentication credentials for a registry may be leaked to external servers. This occurs when a malicious registry server, a malicious blob store, or a registry that fails to restrict...

6.8CVSS5.9AI score
Exploits0References4
NVD
NVD
added 2026/06/25 6:16 p.m.10 views

CVE-2026-55180

pnpm is a package manager. Prior to 10.34.2 and 11.5.3, pnpm and pacquet expanded $ENVVAR placeholders from repository-controlled .npmrc and pnpm-workspace.yaml into registry request destinations and registry credentials. A malicious repository could cause dependency resolution to send victim...

6.5CVSS0.00212EPSS
Exploits1References1
NVD
NVD
added 2026/06/25 6:16 p.m.11 views

CVE-2026-50017

pnpm is a package manager. Prior to 10.34.0 and 11.4.0, pnpm can send user-level unscoped npm authentication credentials to a registry chosen by a repository-local .npmrc file. In the reproduced case, the user's npm config contains a default registry and an unscoped authToken. The repository does...

6.9CVSS0.00254EPSS
Exploits1References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/04 10:27 p.m.14 views

Malicious code in arjson (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 00290c05e0c41a8f51d38c629ade5b3fe76f2a89302db8daac669b0c80d13197 package.json declares "preinstall": "./.github/scripts/precheck", which on npm install executes a 976KB UPX-packed Linux ELF binary shipped under...

5.6AI score
Exploits0References3
CVE
CVE
added 2026/05/25 8:54 a.m.33 views

CVE-2026-5222

CVE-2026-5222 affects Cargo (versions 1.68–1.96) where URLs of third-party registries using the sparse index protocol are incorrectly normalized. If a hosting provider lets multiple registries share a domain with arbitrary names, an attacker who can publish crates in a registry could obtain crede...

6.5CVSS5.9AI score0.00328EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/08 8:6 p.m.14 views

@cyclonedx/cdxgen: Docker registry auth substring match forwards credentials to a different registry

Docker registry auth substring match forwards credentials to a different registry Repository cdxgen/cdxgen Affected product/package - Ecosystem: npm - Package: @cyclonedx/cdxgen - Reviewed tree version: 12.3.3 - Reviewed commit: b1e179869fd7c6032c3d483c3f7bd4d7154ec22b - Affected file:...

5.8AI score
Exploits0References2Affected Software1
Snyk
Snyk
added 2026/05/04 9:0 p.m.10 views

Use of Incorrectly-Resolved Name or Reference

Overview @cyclonedx/cdxgen is a Creates CycloneDX Software Bill of Materials SBOM from source or container image Affected versions of this package are vulnerable to Use of Incorrectly-Resolved Name or Reference in path resolution performed in docker.js, before credential selection. An attacker wh...

5.1CVSS5.8AI score
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/30 10:0 p.m.4 views

CVE-2026-28909

Users who connect to malicious registries with hostnames matching the bypass patterns will have their registry credentials exposed in plaintext. This issue is fixed in container version 0.12.3...

5.8AI score0.00199EPSS
Exploits0References1
CVE
CVE
added 2026/04/30 10:0 p.m.11 views

CVE-2026-28909

CVE-2026-28909 affects a container runtime where connecting to malicious registries using hostnames that match bypass patterns can expose registry credentials in plaintext. The issue is mitigated by upgrading to container version 0.12.3. The available sources confirm the vulnerability description...

6.5CVSS5.3AI score0.00199EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2026/04/30 12:0 a.m.11 views

container 安全漏洞

Container is an open-source tool developed by Apple for creating and running Linux containers on Mac devices. Versions of Container prior to 0.12.3 have a security vulnerability. This vulnerability arises when connecting to hosts with domain names that bypass pattern matching, causing registry...

6.5CVSS5.8AI score0.00199EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/04/23 12:0 a.m.3 views

FreeBSD : Gitlab -- vulnerabilities (73b927a6-3ecd-11f1-be20-2cf05da270f3)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 73b927a6-3ecd-11f1-be20-2cf05da270f3 advisory. Gitlab reports: Cross-Site Request Forgery issue in GraphQL API impacts GitLab CE/EE GitLab...

8.1CVSS5.4AI score0.00407EPSS
Exploits0References13
Snyk
Snyk
added 2026/03/12 4:23 p.m.5 views

Malicious Package

Overview minify-mangle-names is a malicious package. This package was recognized as part of the 'PhantomRaven' supply chain campaign, which involves credential-stealing malware. The package impersonates well-known ecosystem plugins to deceive developers into installing it. Malicious Behavior The...

9.8CVSS5.9AI score
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/02/27 1:5 a.m.13 views

CVE-2025-67860

A vulnerability has been identified in the NeuVector scanner where the scanner process accepts registry and controller credentials as command-line arguments, potentially exposing sensitive credentials to local users...

3.8CVSS5.3AI score0.00091EPSS
Exploits0References1
OSV
OSV
added 2026/02/25 11:16 a.m.6 views

CVE-2025-67860

A vulnerability has been identified in the NeuVector scanner where the scanner process accepts registry and controller credentials as command-line arguments, potentially exposing sensitive credentials to local users...

3.8CVSS5.7AI score0.00091EPSS
Exploits0References2
NVD
NVD
added 2026/02/25 11:16 a.m.7 views

CVE-2025-67860

A vulnerability has been identified in the NeuVector scanner where the scanner process accepts registry and controller credentials as command-line arguments, potentially exposing sensitive credentials to local users...

3.8CVSS0.00091EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/02/25 10:33 a.m.6 views

CVE-2025-67860

A vulnerability has been identified in the NeuVector scanner where the scanner process accepts registry and controller credentials as command-line arguments, potentially exposing sensitive credentials to local users...

3.8CVSS5.3AI score0.00091EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/02/25 10:33 a.m.12 views

CVE-2025-67860

NeuVector scanner (CVE-2025-67860) is affected: the scanner process accepts registry and controller credentials via command-line arguments, potentially exposing sensitive credentials to local users. Root cause: credentials handled in command-line context. Impact: limited confidentiality risk (Low...

3.8CVSS5.3AI score0.00091EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/02/25 12:0 a.m.9 views

Harvester 安全漏洞

Harvester is a modern, open, interoperable, Kubernetes-based hyper-converged infrastructure HCI solution developed by harvesterhci. Harvester has a security vulnerability, which stems from the scanner process accepting registry and controller credentials as command-line parameters, potentially...

3.8CVSS5.8AI score0.00091EPSS
Exploits0References2
Rows per page
Query Builder