Lucene search
+L

5 matches found

Positive Technologies
Positive Technologies
added 3 days ago7 views

PT-2026-58289

Name of the Vulnerable Software and Affected Versions sigstore-js versions prior to 0.7.1 Description The getRegistryCredentials function reads credentials from the Docker config file and selects an entry by checking if any configured auth key contains the target registry string. Due to the use o...

9.6CVSS5.2AI score0.00321EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.17 views

PT-2026-39313

🔴 Docker Registry Auth Substring Match Forwards Credentials to a Different Registry CVE-2025-27119, High https://t.co/gO08whMpWZ...

5.8AI score
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/04/21 4:25 p.m.7 views

Tekton Pipelines has VerificationPolicy regex pattern bypass via substring matching

hey guys, triage contract this is a first-screen summary; deterministic proof is in the proof bundle canonical.log/control.log/witness.txt. summary trusted resources verification policies match a resource source string refSource.URI against spec.resources.pattern using regexp.MatchString. in go,...

6.5CVSS5.8AI score0.00264EPSS
Exploits1References6Affected Software1
Cvelist
Cvelist
added 2026/04/21 4:5 p.m.45 views

CVE-2026-25542 Tekton Pipelines: VerificationPolicy regex pattern bypass via substring matching

Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Starting in version 0.43.0 and prior to versions 1.0.2, 1.3.4, 1.6.2, 1.9.3, and 1.11.1, trusted resources verification policies match a resource source string refSource.URI against spec.resources.pattern...

6.5CVSS0.00264EPSS
Exploits1References2
CVE
CVE
added 2025/08/20 12:0 a.m.18 views

CVE-2025-50864

The CVE-2025-50864 entry describes an Origin Validation Error in the elysia-cors library (through version 1.3.0) that permits unauthorized access to user data. The root cause is improper origin validation: the origin is checked as a substring against any domain in the CORS policy instead of an ex...

6.5CVSS7.1AI score0.00442EPSS
Exploits0References4
Rows per page
Query Builder