Security Bulletin: IBM Rhapsody Systems Engineering is using @modelcontextprotocol/sdk-1.15.0 which is vulnerable to CVE-2026-0621

Summary A security vulnerability was identified in the @modelcontextprotocol/sdk package used in our product. We have resolved the issue by updating to a non-vulnerable patched version to ensure the continued security and reliability of our application. Vulnerability Details CVEID:CVE-2026-0621...

Security Bulletin: IBM App Connect Enterprise Certified Container IntegrationRuntime and IntegrationServer operands are vulnerable to denial of service (CVE-2026-0621)

Summary Node.js module @modelcontextprotocol/sdk is found in IBM App Connect Enterprise Certified Container. IBM App Connect Enterprise Certified Container IntegrationRuntime and IntegrationServer operands are vulnerable to denial of service. This bulletin provides patch information to address th...

CVE-2026-0621 vulnerabilities

Vulnerabilities for packages: opensearch-dashboards...

CVE-2021-0621

In asf extractor, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05489178; Issue ID: ALPS05561383...

CVE-2026-0621 vulnerabilities

Vulnerabilities for packages: opensearch-dashboards-fips, kibana, langfuse-fips, librechat, opensearch-dashboards...

CVE-2026-0621

Anthropic's MCP TypeScript SDK versions up to and including 1.25.1 contain a regular expression denial of service ReDoS vulnerability in the UriTemplate class when processing RFC 6570 exploded array patterns. The dynamically generated regular expression used during URI matching contains nested...

CVE-2026-0621

Anthropic's MCP TypeScript SDK versions up to and including 1.25.1 contain a regular expression denial of service ReDoS vulnerability in the UriTemplate class when processing RFC 6570 exploded array patterns. The dynamically generated regular expression used during URI matching contains nested...

CVE-2026-0621

CVE-2026-0621 affects Anthropic’s MCP TypeScript SDK up to v1.25.1. The vulnerability is a ReDoS in the UriTemplate class when processing RFC 6570 exploded array patterns, where the generated regex uses nested quantifiers that can backtrack catastrophically. Exploitation requires sending a crafte...

EUVD-2026-0621

This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure...

CVE-2024-0621

The Simple Share Buttons Adder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 8.4.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

CVE-2023-0621

creationtimestamp| type| source ---|---|--- 2025-01-17 22:57:08+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/2242...

CVE-2024-0621

creationtimestamp| type| source ---|---|--- 2024-03-06 16:46:41+00:00| seen| https://t.me/ctinow/201506...

CVE-2024-0621

The CVE-2024-0621 entry concerns the WordPress plugin Simple Share Buttons Adder. Public sources in the Connected documents confirm a Stored Cross-Site Scripting (XSS) vulnerability via admin settings in all versions up to and including 8.4.11, caused by insufficient input sanitization and output...

WordPress Simple Share Buttons Adder Plugin <= 8.4.11 is vulnerable to Cross Site Scripting (XSS)

Software Simple Share Buttons Adder Type Plugin Vulnerable versions = 8.4.11 Fixed in 8.4.12 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-0621 Patch priority Low CVSS severity Low 4.4 Developer Claim ownership PSID 449c4b786154 Credits Akbar...

RHSA-2024:0621

creationtimestamp| type| source ---|---|--- 2024-01-30 17:16:12+00:00| seen| https://t.me/ctinow/176082...

Oracle Linux 5 : ELSA-2013-0621-1: / kernel (ELSA-2013-06211)

The remote Oracle Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2013-06211 advisory. - Race condition in the ptrace functionality in the Linux kernel before 3.7.5 allows local users to gain privileges via a PTRACESETREGS ptrace system...

Important Photon OS Security Update - PHSA-2023-3.0-0621

Updates of 'openldap', 'linux-esx', 'linux-secure', 'linux-aws', 'linux-rt', 'linux' packages of Photon OS have been released...

Ransom Lockbit 3.0 MVID-2022-0621 Code Execution

Discovery / credits: Malvuln John Page aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/38745539b71cf201bb502437f891d799B.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Ransom Lockbit 3.0 Vulnerability: Code Execution Description: The ransomware apparently n...

CVE-2022-0621

The CVE-2022-0621 case concerns the WordPress dTabs plugin (versions ≤ 1.4). The vulnerability arises because the tab parameter is not sanitized/escaped before being echoed in an admin page, causing a Reflected Cross-Site Scripting (XSS) condition. Affected component: dTabs plugin’s admin output ...

CVE-2022-0621 dTabs <= 1.4 - Reflected Cross-Site Scripting

The dTabs WordPress plugin through 1.4 does not sanitize and escape the tab parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting...