Lucene search
K

772 matches found

OSV
OSV
added 2026/05/19 9:12 a.m.10 views

CLSA-2026-1779181947 postfix: Fix of CVE-2026-43964

CVE-2026-43964: fix buffer over-read on enhanced status code without trailing text...

7.5CVSS6AI score0.00415EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/19 12:0 a.m.13 views

PT-2026-42044

Name of the Vulnerable Software and Affected Versions dasel versions 3.0.0 through 3.3.1 Description The selector lexer contains a flaw that causes a process crash via a Go runtime panic when tokenizing a quoted string that ends with a trailing backslash. This occurs because the escape sequence...

7.5CVSS5.8AI score0.00052EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/05/19 12:0 a.m.8 views

Fedora 43 : perl-Net-CIDR-Lite (2026-9e783d6aa1)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-9e783d6aa1 advisory. This update addresses some input validation issues: Reject Unicode digits and trailing newlines in parser inputs CVE-2026-45190 Reject zero-padded...

6.5CVSS5.9AI score0.00311EPSS
Exploits0References3
Veracode
Veracode
added 2026/05/16 5:25 a.m.6 views

Path Traversal

github.com/ctfer-io/monitoring is vulnerable to a Path Traversal. The vulnerability is due to a missing trailing path separator in the strings.HasPrefix check within the sanitizeArchivePath function, which allows an attacker to perform arbitrary file writes via a crafted archive, potentially...

9.8CVSS7.1AI score0.00655EPSS
Exploits1References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/05/15 12:0 a.m.8 views

Fedora 44 : perl-Net-CIDR-Lite (2026-6f3d2d0d82)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-6f3d2d0d82 advisory. This update addresses some input validation issues: Reject Unicode digits and trailing newlines in parser inputs CVE-2026-45190 Reject zero-padded...

6.5CVSS5.9AI score0.00311EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/14 9:7 p.m.7 views

CVE-2026-44427

The MCP Registry provides MCP clients with a list of MCP servers, like an app store for MCP servers. From 1.1.0 to 1.7.4, the TrailingSlashMiddleware in internal/api/server.go is vulnerable to an open redirect attack. An attacker can craft a URL with a protocol-relative path e.g., //evil.com/ tha...

5.8AI score0.00409EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/14 9:7 p.m.10 views

CVE-2026-44427 MCP Registry: Open Redirect

The MCP Registry provides MCP clients with a list of MCP servers, like an app store for MCP servers. From 1.1.0 to 1.7.4, the TrailingSlashMiddleware in internal/api/server.go is vulnerable to an open redirect attack. An attacker can craft a URL with a protocol-relative path e.g., //evil.com/ tha...

5.8AI score0.00409EPSS
Exploits0References1
CVE
CVE
added 2026/05/14 9:7 p.m.31 views

CVE-2026-44427

The CVE-2026-44427 entry concerns the MCP Registry’s TrailingSlashMiddleware (internal/api/server.go), affecting versions 1.1.0–1.7.4. The vulnerability is an open redirect caused by processing protocol-relative paths (e.g., //evil.com/) without validating the redirect target after trimming trail...

5.8AI score0.00409EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/14 9:7 p.m.85 views

CVE-2026-44427 MCP Registry: Open Redirect

The MCP Registry provides MCP clients with a list of MCP servers, like an app store for MCP servers. From 1.1.0 to 1.7.4, the TrailingSlashMiddleware in internal/api/server.go is vulnerable to an open redirect attack. An attacker can craft a URL with a protocol-relative path e.g., //evil.com/ tha...

0.00409EPSS
Exploits0References1
Hacker One
Hacker One
added 2026/05/14 10:35 a.m.38 views

curl: Trailing-dot IPv4 URL bypasses IP-address guard, allows wildcard DNS SAN match

Hi all, Sorry to ruin anybody's day, but we've discovered another issue when it comes to dots. We've found a TLS certificate verification bypass that lets a trailing-dot IPv4 URL -- https://127.0.0.1./ -- pass peer authentication against a wildcard DNS SAN certificate such as DNS:.0.0.1. The IP...

4.3CVSS5.9AI score0.01118EPSS
Exploits1
Hacker One
Hacker One
added 2026/05/13 10:12 p.m.26 views

curl: HSTS multi-trailing-dot bypass-ish: possible incomplete fix for CVE-2022-30115

Hi all, Honestly, I'm not completely certain about this issue, but I think the CVE-2022-30115 fix "HSTS bypass via trailing dot" is incomplete: the same asymmetry exists for hostnames with two or more trailing dots, so http://example.com../ still gets sent in plaintext when there's a valid HSTS...

4.3CVSS6.8AI score0.01118EPSS
Exploits1
EUVD
EUVD
added 2026/05/10 9:30 p.m.14 views

EUVD-2026-28998

Net::CIDR::Lite versions before 0.24 for Perl does not properly validate IP address and CIDR mask inputs, which may allow IP ACL bypass. Inputs containing a trailing newline or non-ASCII digit characters pass the validators but are then re-encoded by the parser to a different address than the inp...

5.8AI score0.00311EPSS
Exploits0References4
NVD
NVD
added 2026/05/10 9:16 p.m.21 views

CVE-2026-45190

Net::CIDR::Lite versions before 0.24 for Perl does not properly validate IP address and CIDR mask inputs, which may allow IP ACL bypass. Inputs containing a trailing newline or non-ASCII digit characters pass the validators but are then re-encoded by the parser to a different address than the inp...

6.5CVSS0.00311EPSS
Exploits0References3
OSV
OSV
added 2026/05/10 9:16 p.m.9 views

DEBIAN-CVE-2026-45190

Net::CIDR::Lite versions before 0.24 for Perl does not properly validate IP address and CIDR mask inputs, which may allow IP ACL bypass. Inputs containing a trailing newline or non-ASCII digit characters pass the validators but are then re-encoded by the parser to a different address than the inp...

6.5CVSS5.8AI score0.00311EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/10 8:15 p.m.13 views

CVE-2026-45190

Net::CIDR::Lite versions before 0.24 for Perl does not properly validate IP address and CIDR mask inputs, which may allow IP ACL bypass. Inputs containing a trailing newline or non-ASCII digit characters pass the validators but are then re-encoded by the parser to a different address than the inp...

5.8AI score0.00311EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/08 10:11 p.m.35 views

CVE-2026-42345 FastGPT: Cloud metadata endpoint SSRF protection bypass via port specification, IPv6 mapping, hex/decimal IP encoding, and trailing dot

FastGPT is an AI Agent building platform. In versions 4.14.11 and prior, FastGPT's isInternalAddress function in packages/service/common/system/utils.ts blocks cloud metadata endpoints using a fullUrl.startsWith check against a hardcoded list. This check can be bypassed using at least 7 different...

7.7CVSS0.00213EPSS
Exploits0References1
CVE
CVE
added 2026/05/08 10:11 p.m.22 views

CVE-2026-42345

FastGPT (version 4.14.11 and earlier) exposes an SSRF risk in isInternalAddress() (packages/service/common/system/utils.ts) where a fullUrl.startsWith() hardcoded blocklist can be bypassed by at least 7 URL-encoding techniques that resolve to the cloud metadata endpoint. The broader private IP ch...

7.7CVSS5.8AI score0.00213EPSS
Exploits0References1
OSV
OSV
added 2026/05/08 5:2 p.m.11 views

GHSA-V8VW-GW5J-W7M6 MCP Registry has open redirect via protocol-relative path in trailing-slash middleware

Summary The TrailingSlashMiddleware in internal/api/server.go is vulnerable to an open redirect attack. An attacker can craft a URL with a protocol-relative path e.g., //evil.com/ that, after trailing slash removal, results in a Location header of //evil.com — which browsers interpret as an...

7.1CVSS5.8AI score0.00409EPSS
Exploits0References6
Snyk
Snyk
added 2026/05/08 5:2 p.m.6 views

Open Redirect

Overview Affected versions of this package are vulnerable to Open Redirect in the TrailingSlashMiddleware function. An attacker can redirect users to arbitrary external domains by crafting a request with a protocol-relative path, leading to potential phishing or malware distribution attacks...

7.1CVSS5.6AI score0.00409EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/08 5:2 p.m.46 views

MCP Registry has open redirect via protocol-relative path in trailing-slash middleware

Summary The TrailingSlashMiddleware in internal/api/server.go is vulnerable to an open redirect attack. An attacker can craft a URL with a protocol-relative path e.g., //evil.com/ that, after trailing slash removal, results in a Location header of //evil.com — which browsers interpret as an...

5.8AI score0.00409EPSS
Exploits0References6Affected Software1
Rows per page
Query Builder