Lucene search
K

7 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:49 p.m.8 views

CVE-2026-5222

A flaw was found in rust-cargo. The Cargo tool, used for managing Rust projects, incorrectly handled the URLs of third-party registries when using the sparse index protocol. This vulnerability could allow an attacker, who is able to publish packages in a registry, to obtain sensitive credentials...

6.5CVSS5.3AI score0.00328EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/08 5:2 p.m.47 views

MCP Registry has open redirect via protocol-relative path in trailing-slash middleware

Summary The TrailingSlashMiddleware in internal/api/server.go is vulnerable to an open redirect attack. An attacker can craft a URL with a protocol-relative path e.g., //evil.com/ that, after trailing slash removal, results in a Location header of //evil.com — which browsers interpret as an...

5.8AI score0.00409EPSS
Exploits0References6Affected Software1
Snyk
Snyk
added 2025/03/11 3:27 p.m.3 views

Exposure of Sensitive System Information to an Unauthorized Control Sphere

Overview Affected versions of this package are vulnerable to Exposure of Sensitive System Information to an Unauthorized Control Sphere due to the improper validation of target registry domains during the token exchange process. An attacker can extract and misuse authentication tokens by directin...

8.2CVSS7AI score0.00445EPSS
Exploits0References2
Snyk
Snyk
added 2025/03/11 3:27 p.m.3 views

Exposure of Sensitive System Information to an Unauthorized Control Sphere

Overview Affected versions of this package are vulnerable to Exposure of Sensitive System Information to an Unauthorized Control Sphere due to the improper validation of target registry domains during the token exchange process. An attacker can extract and misuse authentication tokens by directin...

8.2CVSS7AI score0.00445EPSS
Exploits0References2
Snyk
Snyk
added 2025/03/11 3:27 p.m.2 views

Exposure of Sensitive System Information to an Unauthorized Control Sphere

Overview Affected versions of this package are vulnerable to Exposure of Sensitive System Information to an Unauthorized Control Sphere due to the improper validation of target registry domains during the token exchange process. An attacker can extract and misuse authentication tokens by directin...

8.2CVSS7AI score0.00445EPSS
Exploits0References2
Snyk
Snyk
added 2025/03/11 3:27 p.m.2 views

Exposure of Sensitive System Information to an Unauthorized Control Sphere

Overview Affected versions of this package are vulnerable to Exposure of Sensitive System Information to an Unauthorized Control Sphere due to the improper validation of target registry domains during the token exchange process. An attacker can extract and misuse authentication tokens by directin...

8.2CVSS7AI score0.00445EPSS
Exploits0References2
Veracode
Veracode
added 2024/05/22 10:46 a.m.56 views

Container Registry Credential Leak

Trivy is vulnerable to Container Registry Credential Leak. The vulnerability is due to insufficient registry domain validation which results in container registry credential leakage. An attacker must convince a user intro scanning a malicious container, which then allows an attacker to push/pull...

5.5CVSS6.6AI score0.0019EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder