Anthropic's MCP TypeScript SDK has a ReDoS vulnerability

Impact A ReDoS vulnerability in the UriTemplate class allows attackers to cause denial of service. The partToRegExp function generates a regex pattern with nested quantifiers ^/+?:,^/+ for exploded template variables e.g., /id, ?tags, causing catastrophic backtracking on malicious input. Who is...

MCP TypeScript SDK 安全漏洞

MCP TypeScript SDK is a Model Context Protocol open source developer toolkit for Model Context Protocol servers and clients. A security vulnerability exists in MCP TypeScript SDK 1.25.1 and earlier versions, which stems from a regular expression denial of service in the UriTemplate class when...

CVE-2025-6570 PHPGurukul Hospital Management System search.php sql injection

A vulnerability, which was classified as critical, has been found in PHPGurukul Hospital Management System 4.0. Affected by this issue is some unknown functionality of the file /doctor/search.php. The manipulation of the argument searchdata leads to sql injection. The attack may be launched...

CVE-2025-6570

CVE-2025-6570 affects PHPGurukul Hospital Management System 4.0. Affected component: /doctor/search.php; the vulnerability arises from improper handling/manipulation of the searchdata argument, leading to SQL injection. Exploitation can be remote, and public disclosure has occurred. The primary d...

CVE-2025-6570 PHPGurukul Hospital Management System search.php sql injection

A vulnerability, which was classified as critical, has been found in PHPGurukul Hospital Management System 4.0. Affected by this issue is some unknown functionality of the file /doctor/search.php. The manipulation of the argument searchdata leads to sql injection. The attack may be launched...

CVE-2012-6570

The HTTP module in the 1 Branch Intelligent Management System BIMS and 2 web management components on Huawei AR routers and S2000, S3000, S3500, S3900, S5100, S5600, S7800, and S8500 switches does not check whether HTTP data is longer than the value of the Content-Length field, which allows remot...

CVE-2024-6570

creationtimestamp| type| source ---|---|--- 2024-07-16 12:05:21+00:00| seen| https://t.me/cvedetector/920...

CVE-2024-6570 Glossary <= 2.2.26 - Unauthenticated Full Path Disclosure

The Glossary plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 2.2.26. This is due the plugin utilizing wpdesk and not preventing direct access to the test files along with displayerrors being enabled. This makes it possible for unauthenticated...

CVE-2024-6570 Glossary <= 2.2.26 - Unauthenticated Full Path Disclosure

The Glossary plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 2.2.26. This is due the plugin utilizing wpdesk and not preventing direct access to the test files along with displayerrors being enabled. This makes it possible for unauthenticated...

Ubuntu 16.04 ESM : PostgreSQL vulnerabilities (USN-6570-1)

The remote Ubuntu 16.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6570-1 advisory. Pedro Gallegos discovered that PostgreSQL incorrectly handled modifying certain SQL array values. A remote attacker could use this issue to obtain...

CVE-2023-6570

creationtimestamp| type| source ---|---|--- 2023-12-18 23:17:54+00:00| seen| https://t.me/ctinow/156186 2024-01-10 21:47:03+00:00| seen| https://t.me/ctinow/166140...

CVE-2023-6570 Server-Side Request Forgery (SSRF) in kubeflow/kubeflow

Server-Side Request Forgery SSRF in kubeflow/kubeflow...

CVE-2023-6570

CVE-2023-6570 describes a Server-Side Request Forgery (SSRF) in kubeflow/kubeflow. The Red Hat entry explains that any user can cause the Kubeflow server to proxy requests via the namespace parameter in /pipeline/artifacts/get, potentially hijacking a user session by stealing the authentication c...

SUSE CVE-2020-6570

Information leakage in WebRTC in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to obtain potentially sensitive information via a crafted WebRTC interaction...

openSUSE Security Update : chromium (openSUSE-2020-1499)

This update for chromium fixes the following issues : Chromium was updated to version 85.0.4183.102 bsc1176306 fixing : - CVE-2020-6573: Use after free in video. - CVE-2020-6574: Insufficient policy enforcement in installer. - CVE-2020-6575: Race in Mojo. - CVE-2020-6576: Use after free in...

CVE-2020-6570

Information leakage in WebRTC in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to obtain potentially sensitive information via a crafted WebRTC interaction...

CVE-2020-6570

Information leakage in WebRTC in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to obtain potentially sensitive information via a crafted WebRTC interaction...

UBUNTU-CVE-2020-6570

Information leakage in WebRTC in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to obtain potentially sensitive information via a crafted WebRTC interaction...

CVE-2020-6570

Technical details for CVE-2020-6570 are not present in the provided connected documents. Information is limited to the initial description. Monitor for updates.

CVE-2020-6570

Information leakage in WebRTC in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to obtain potentially sensitive information via a crafted WebRTC interaction...