18 matches found
CVE-2026-33252
creationtimestamp| type| source ---|---|--- 2026-04-16 10:37:07+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mjm7oyxhk32d...
CVE-2026-33252
The Go MCP SDK used Go's standard encoding/json. Prior to version 1.4.1, the Go SDK's Streamable HTTP transport accepted browser-generated cross-site POST requests without validating the Origin header and without requiring Content-Type: application/json. In deployments without Authorization,...
CVE-2026-33252 MCP Go SDK Allows Cross-Site Tool Execution for HTTP Servers without Authorizatrion
The Go MCP SDK used Go's standard encoding/json. Prior to version 1.4.1, the Go SDK's Streamable HTTP transport accepted browser-generated cross-site POST requests without validating the Origin header and without requiring Content-Type: application/json. In deployments without Authorization,...
CVE-2026-33252 MCP Go SDK Allows Cross-Site Tool Execution for HTTP Servers without Authorizatrion
The Go MCP SDK used Go's standard encoding/json. Prior to version 1.4.1, the Go SDK's Streamable HTTP transport accepted browser-generated cross-site POST requests without validating the Origin header and without requiring Content-Type: application/json. In deployments without Authorization,...
CVE-2026-33252 vulnerabilities
Vulnerabilities for packages: jaeger, datadog-agent, flux-operator, ferretdb, glab, opencost, osv-scanner...
CVE-2025-33252
creationtimestamp| type| source ---|---|--- 2026-02-18 14:18:12+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mf5bhtpgd72s 2026-02-18 14:18:39+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mf5bio2fvx2s...
CVE-2025-33252
NVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, and data tampering...
CVE-2025-33252
NVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, and data tampering...
CVE-2022-33252
Information disclosure due to buffer over-read in WLAN while handling IBSS beacons frame...
EUVD-2025-33252
Memory corruption while performing SCM call...
CVE-2023-33252
iden3 snarkjs through 0.6.11 allows double spending because there is no validation that the publicSignals length is less than the field modulus...
CVE-2023-33252
creationtimestamp| type| source ---|---|--- 2023-05-22 02:24:59+00:00| seen| https://t.me/cibsecurity/64497 2025-01-21 17:00:36+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/2419...
CVE-2023-33252
iden3 snarkjs through 0.6.11 allows double spending because there is no validation that the publicSignals length is less than the field modulus...
CVE-2023-33252
iden3 snarkjs through 0.6.11 allows double spending because there is no validation that the publicSignals length is less than the field modulus...
CVE-2023-33252
iden3 snarkjs through 0.6.11 allows double spending because there is no validation that the publicSignals length is less than the field modulus...
CVE-2023-33252
CVE-2023-33252 concerns the iden3 snarkjs library (up to v0.6.11). The root cause is a missing validation of the length of publicSignals against the field modulus, enabling potential double-spending . The CVE is supported by multiple connected reports (Red Hat, OSV, GHSA, NVD, Veracode) documenti...
CVE-2022-33252 Buffer over-read in WLAN
Information disclosure due to buffer over-read in WLAN while handling IBSS beacons frame...
CVE-2022-33252
CVE-2022-33252 is a reported information disclosure due to a buffer over-read in WLAN when handling IBSS beacons frames. The vulnerability is described across multiple feeds (NVD/Red Hat/NCSC/PRION/CVE lists) as affecting WLAN/buffer handling, with the issue categorized under information disclosu...