CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

94 matches found

Github Security Blog•added 2026/06/12 8:8 p.m.•157 views

Withdrawn Advisory: esbuild: Missing binary integrity verification in Deno module enables remote code execution via NPM_CONFIG_REGISTRY

Withdrawn Advisory This advisory has been withdrawn because the affected package was incorrectly identified and the actual affected package is not in a supported ecosystem. This link is maintained to preserve external references. Original Description Summary The esbuild Deno module lib/deno/mod.t...

6.1AI score

Exploits0References3Affected Software1

RedhatCVE•added 2026/06/05 7:25 p.m.•6 views

CVE-2026-44430

The MCP Registry provides MCP clients with a list of MCP servers, like an app store for MCP servers. Prior to 1.7.7, the Registry's HTTP-based namespace verification POST /v0/auth/http, POST /v0.1/auth/http uses safeDialContext internal/api/handlers/v0/auth/http.go:67-110 to refuse dialling...

6.3CVSS5.7AI score0.00285EPSS

Exploits1References1

Tenable Nessus•added 2026/05/27 12:0 a.m.•7 views

Linux Distros Unpatched Vulnerability : CVE-2026-5223

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cargo incorrectly handled symlinks inside of crate tarballs downloaded from third-party registries, allowing a malicious crate to override the source code of...

6.5CVSS5.6AI score0.00294EPSS

Exploits0References3

Redos•added 2026/05/26 12:0 a.m.•12 views

ROS-20260526-73-0016

Vulnerability in the registry related to flaws in the authorization mechanism. Exploitation of the vulnerability may allow a remote intruder to gain unauthorized access to protected information...

6.5CVSS5.8AI score0.00294EPSS

Exploits1

EUVD•added 2026/05/19 3:39 p.m.•8 views

EUVD-2026-30489

MCP Registry: OCI validator skips ownership check on upstream rate limits...

3.5CVSS5.8AI score0.00206EPSS

Exploits0References2

NVD•added 2026/05/14 9:16 p.m.•9 views

CVE-2026-44430

6.3CVSS0.00285EPSS

Exploits1References1

ATTACKERKB•added 2026/05/14 9:9 p.m.•2 views

CVE-2026-44428

The MCP Registry provides MCP clients with a list of MCP servers, like an app store for MCP servers. Prior to 1.7.6, the client-side and server-side GitHub OIDC flow is bound only to a global audience string, not to the specific registry instance being targeted. On the client side, the publisher...

2.1CVSS5.8AI score0.00219EPSS

Exploits0References2Affected Software1

Vulnrichment•added 2026/05/14 4:53 p.m.•7 views

CVE-2026-41888 Distribution: Tag deletion bypasses `storage.delete.enabled` configuration

Distribution is a toolkit to pack, ship, store, and deliver container content. Prior to 3.1.1, tag deletion via the DELETE /v2//manifests/ endpoint bypasses the storage.delete.enabled: false configuration, allowing any API client to remove tags from repositories even when the operator has...

6.3CVSS5.8AI score0.00294EPSS

Exploits1References1

OSV•added 2026/05/04 8:48 p.m.•2 views

GHSA-6PJF-3R9X-M592 Distribution's tag deletion bypasses `storage.delete.enabled` configuration

Summary Tag deletion via the DELETE /v2//manifests/ endpoint bypasses the storage.delete.enabled: false configuration, allowing any API client to remove tags from repositories even when the operator has explicitly disabled deletion. Details When storage.delete.enabled is configured to false,...

6.3CVSS5.8AI score0.00294EPSS

Exploits1References3

Github Security Blog•added 2026/04/06 11:9 p.m.•3 views

PraisonAI recipe registry pull path traversal writes files outside the chosen output directory

Summary PraisonAI's recipe registry pull flow extracts attacker-controlled .praison tar archives with tar.extractall and does not validate archive member paths before extraction. A malicious publisher can upload a recipe bundle that contains ../ traversal entries and any user who later pulls that...

7.3CVSS6.1AI score0.00291EPSS

Exploits1References4Affected Software1

CVE•added 2026/03/12 7:11 p.m.•12 views

CVE-2026-2376

CVE-2026-2376 affects mirror-registry. The issue arises when an authenticated user supplies malicious web addresses; the application follows redirects without verifying the final destination, enabling requests to be routed to unintended internal or restricted systems. Documented impact is exposur...

5.4CVSS5.8AI score0.00156EPSS

Exploits0References3Affected Software1

ATTACKERKB•added 2026/03/11 7:32 p.m.•4 views

CVE-2026-3951

A security flaw has been discovered in LockerProject Locker 0.0.0/0.0.1/0.1.0. Affected is the function authIsAwesome of the file source-code/Locker-master/Ops/registry.js of the component Error Response Handler. The manipulation of the argument ID results in cross site scripting. The attack can ...

5.3CVSS4.3AI score0.00296EPSS

Exploits0References6Affected Software1

Packet Storm•added 2025/12/03 12:0 a.m.•194 views

📄 Microsoft Windows 11 Build 10.0.22631.6199 Registry Vulnerability Testing Tool

This is a C/C++ proof-of-concept PoC program designed to test for a specific vulnerability within the Windows Registry handling mechanism, often related to key duplication or improper permission checks during certain API calls like RegCopyTreeW...

6.9AI score

Exploits0

EUVD•added 2025/11/12 8:46 p.m.•3 views

EUVD-2025-133744

Malicious code in teate-thy-py-gotu npm...

6.6AI score

Exploits0

EUVD•added 2025/10/07 12:30 a.m.•4 views

EUVD-2017-13145

Malware in sbrugna...

5CVSS5.1AI score0.00537EPSS

Exploits0References3