Lucene search
K

24 matches found

RedhatCVE
RedhatCVE
added 2026/06/25 7:51 a.m.9 views

CVE-2026-56121

A flaw was found in Feast. This vulnerability allows unauthenticated or unauthorized attackers to achieve remote code execution. By sending a specially crafted gRPC request to the registry server, attackers can exploit an unsafe deserialization process. This enables them to execute operating syst...

9.8CVSS6.3AI score0.00862EPSS
Exploits1References7
Snyk
Snyk
added 2026/06/24 4:16 p.m.6 views

Deserialization of Untrusted Data

Overview feast is a Python SDK for Feast Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the ApplyFeatureView handler of registryserver.py, which calls FeatureView.fromproto and deserializes the feature view's embedded user-defined function before the appl...

9.8CVSS6.2AI score0.00862EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/06/24 2:49 p.m.6 views

CVE-2026-56121

Feast before 0.63.0 contains an unsafe deserialization vulnerability that allows unauthenticated or unauthorized attackers to achieve remote code execution by sending a crafted gRPC request to the registry server. The userdefinedfunction.body field of an OnDemandFeatureView spec is decoded from...

9.8CVSS6.8AI score0.00862EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.20 views

PT-2026-51837

Name of the Vulnerable Software and Affected Versions Feast versions prior to 0.63.0 Description An unsafe deserialization issue exists in the registry server that allows unauthenticated or unauthorized attackers to achieve remote code execution. By sending a crafted gRPC request, an attacker can...

9.8CVSS6.3AI score0.00862EPSS
Exploits1References10
NVD
NVD
added 2026/05/14 10:16 p.m.69 views

CVE-2026-44427

The MCP Registry provides MCP clients with a list of MCP servers, like an app store for MCP servers. From 1.1.0 to 1.7.4, the TrailingSlashMiddleware in internal/api/server.go is vulnerable to an open redirect attack. An attacker can craft a URL with a protocol-relative path e.g., //evil.com/ tha...

0.00409EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/04/10 7:23 p.m.11 views

PraisonAI has Unrestricted Upload Size in WSGI Recipe Registry Server that Enables Memory Exhaustion DoS

Summary The WSGI-based recipe registry server server.py reads the entire HTTP request body into memory based on the client-supplied Content-Length header with no upper bound. Combined with authentication being disabled by default no token configured, any local process can send arbitrarily large...

7.5CVSS5.8AI score0.00334EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2026/04/09 10:16 p.m.6 views

CVE-2026-40115

PraisonAI is a multi-agent teams system. Prior to 4.5.128, the WSGI-based recipe registry server server.py reads the entire HTTP request body into memory based on the client-supplied Content-Length header with no upper bound. Combined with authentication being disabled by default no token...

7.5CVSS0.00334EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/04/09 9:19 p.m.3 views

CVE-2026-40115 PraisonAI has an Unrestricted Upload Size in WSGI Recipe Registry Server Enables Memory Exhaustion DoS

PraisonAI is a multi-agent teams system. Prior to 4.5.128, the WSGI-based recipe registry server server.py reads the entire HTTP request body into memory based on the client-supplied Content-Length header with no upper bound. Combined with authentication being disabled by default no token...

6.2CVSS5.8AI score0.00334EPSS
Exploits1References1
CVE
CVE
added 2026/04/09 9:19 p.m.25 views

CVE-2026-40115

The provided sources confirm a concrete vulnerability in PraisonAI’s WSGI recipe registry server prior to version 4.5.128: the server reads the full HTTP request body into memory based on the client’s Content-Length, with no upper bound, while the Starlette server enforces a 10 MB limit. Combined...

7.5CVSS6AI score0.00334EPSS
Exploits1References1Affected Software1
EUVD
EUVD
added 2025/11/12 4:29 a.m.3 views

EUVD-2025-122788

Malicious code in registry-server-jekyll-stream npm...

6.6AI score
Exploits0
GithubExploit
GithubExploit
added 2024/06/26 3:11 a.m.695 views

Exploit for Path Traversal in Ollama

CVE-2024-37032 Path traversal in Ollama with rogue registry se...

8.8CVSS9.1AI score0.89633EPSS
Exploits4
Tenable Nessus
Tenable Nessus
added 2020/12/22 12:0 a.m.35 views

Virtuozzo 6 : java-1.8.0-openjdk / java-1.8.0-openjdk-debug / etc (VZLSA-2019-0774)

An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

8.1CVSS6.9AI score0.37618EPSS
Exploits1References5
OpenVAS
OpenVAS
added 2020/01/23 12:0 a.m.34 views

Huawei EulerOS: Security Advisory for java-1.8.0-openjdk (EulerOS-SA-2019-1301)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.1CVSS7.6AI score0.37618EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2020/01/23 12:0 a.m.43 views

Huawei EulerOS: Security Advisory for java-1.8.0-openjdk (EulerOS-SA-2019-1585)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.1CVSS7.6AI score0.37618EPSS
Exploits1References2
myhack58
myhack58
added 2019/09/23 12:0 a.m.161 views

CVE-2019-16097 Harbor privilege elevation vulnerability analysis-vulnerability warning-the black bar safety net

The Harbor is one for the storage and distribution Docker image of the enterprise Registry server, by adding some of the business functions necessary characteristics, such as security, identification, and management, the expansion of the open-source Docker Distribution. As an enterprise-level...

4CVSS0.3AI score0.23284EPSS
Exploits5
RedHat Linux
RedHat Linux
added 2019/06/04 1:25 p.m.4 views

OpenJDK: Incorrect skeleton selection in RMI registry server-side dispatch handling (RMI, 8218453)

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: RMI. Supported versions that are affected are Java SE: 7u211, 8u202, 11.0.2 and 12; Java SE Embedded: 8u201. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...

5.9CVSS7.2AI score0.37618EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2019/05/14 12:0 a.m.35 views

RHEL 7 : java-1.7.1-ibm (RHSA-2019:1166)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:1166 advisory. IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IB...

8.1CVSS7.2AI score0.37618EPSS
Exploits2References12
Mageia
Mageia
added 2019/05/07 9:38 p.m.86 views

Updated java-1.8.0-openjdk packages fix security vulnerability

The updated packages fix several bugs and some security issues: Font layout engine out of bounds access setCurrGlyphID. CVE-2019-2698 Slow conversion of BigDecimal to long. CVE-2019-2602 Incorrect skeleton selection in RMI registry server-side dispatch handling. CVE-2019-2684...

8.1CVSS7.6AI score0.37618EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 2019/04/22 4:10 p.m.87 views

Important: Red Hat Security Advisory: java-1.7.0-openjdk security update

An update for java-1.7.0-openjdk is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

8.1CVSS6.7AI score0.37618EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2019/04/17 3:51 p.m.194 views

Important: Red Hat Security Advisory: java-1.8.0-openjdk security update

An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

8.1CVSS6.7AI score0.37618EPSS
Exploits1References4
Rows per page
Query Builder