Lucene search
K

186 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2018-19263

Malware in sbrugna...

4.7CVSS4.9AI score0.00157EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2020-17929

Malware in sbrugna...

8.8CVSS8.7AI score0.0094EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2023-0845

Malicious code in bioql PyPI...

5.7CVSS5.6AI score0.0051EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-1035

Malicious code in bioql PyPI...

6.1CVSS6.2AI score0.00522EPSS
Exploits0References4
Spring Security Advisories
Spring Security Advisories
added 2025/09/30 12:0 a.m.6 views

Securing MCP Servers with Spring AI

Model Context Protocol, or MCP for short, has taken over the AI world. If you've been following our blog, you've probably read the introduction to the topic, Connect Your AI to Everything: Spring AI's MCP Boot Starters. The security aspects of MCP have been evolving fast, and the latest version o...

6.6AI score
Exploits0
Spring Security Advisories
Spring Security Advisories
added 2025/09/11 12:0 a.m.7 views

Spring Authorization Server moving to Spring Security 7.0

Spring Authorization Server has come a long way since 1.0 was officially released in November 2022. Starting as a project separate from Spring Security, has allowed it to iterate quickly on feature development and ultimately grow a rich feature set for building OAuth2 Authorization Servers. It ha...

6.8AI score
Exploits0
CVE
CVE
added 2025/08/28 10:14 p.m.16 views

CVE-2025-58062

CVE-2025-58062 affects LSTM-Kirigaya’s openmcp-client (VSCode plugin for MCP developers) prior to version 0.1.12. On Windows, if a user connects to an attacker-controlled MCP server, an attacker can provision a malicious authorization server endpoint that enables an OS command injection in the op...

7.3CVSS6.8AI score0.01259EPSS
Exploits0References3
OSV
OSV
added 2025/08/28 10:14 p.m.3 views

CVE-2025-58062 LSTM-Kirigaya's openmcp-client Vulnerable to RCE in MCP Authorization Flow

LSTM-Kirigaya's openmcp-client is a vscode plugin for mcp developer. Prior to version 0.1.12, when users on a Windows platform connect to an attacker controlled MCP server, attackers could provision a malicious authorization server endpoint to silently achieve an OS command injection attack in th...

7.3CVSS7.4AI score0.01259EPSS
Exploits0References5
Spring Security Advisories
Spring Security Advisories
added 2025/08/26 12:0 a.m.6 views

This Week in Spring - August 26th, 2025

Hi, Spring fans! Welcome to another installment of This Week in Spring! I'm writing this from the floor of SpringOne, live from lovely Las Vegas! As you can imagine, I've got to get back into it, so we'll make this one a quick one. And if you're here, be sure to say "hi"! In last week's A Bootifu...

7.1AI score
Exploits0
Spring Security Advisories
Spring Security Advisories
added 2025/08/19 12:0 a.m.8 views

This Week in Spring - August 19th, 2025

Hi, Spring fans! Welcome to another extra special installment of This Week in Spring - special because the next installment will be delivered from the floors of the Ventian where the extraordinairily awesome SpringOne 2025 event will take place! So, some poetry: T’was the Week Before SpringOne...

7.2AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/07/18 12:0 a.m.9 views

OAuth Dynamic Client Registration Detected

This is an informational plugin to inform the user that the scanner has detected a publicly accessible OAuth Dynamic Client Registration endpoint on the target application. OAuth Dynamic Client Registration allows clients to register dynamically with an authorization server and is very common in...

7.2AI score
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 9:54 a.m.7 views

CVE-2024-22258

Spring Authorization Server versions 1.0.0 - 1.0.5, 1.1.0 - 1.1.5, 1.2.0 - 1.2.2 and older unsupported versions are susceptible to a PKCE Downgrade Attack for Confidential Clients. Specifically, an application is vulnerable when a Confidential Client uses PKCE for the Authorization Code Grant. An...

6.1CVSS6.9AI score0.00522EPSS
Exploits0References1
OSV
OSV
added 2025/05/01 1:15 a.m.4 views

CVE-2025-4143

The OAuth implementation in workers-oauth-provider that is part of MCP framework https://github.com/cloudflare/workers-mcp , did not correctly validate that redirecturi was on the allowed list of redirect URIs for the given client registration. Fixed in: ...

6.1CVSS5.7AI score0.00268EPSS
Exploits0References1
Spring Security Advisories
Spring Security Advisories
added 2025/04/02 12:0 a.m.24 views

Securing Spring AI MCP servers with OAuth2

Spring AI offers support for Model Context Protocol, or MCP for short, which allows AI models to interact with and access external tools and resources in a structured way. With Spring AI, developers can create their own MCP Servers and expose capabilities to AI models in just a few lines of code...

7AI score
Exploits0
Spring Security Advisories
Spring Security Advisories
added 2025/03/18 12:0 a.m.70 views

This Week in Spring – March 18th, 2025

Hi, Spring fans! I just got back from the amazing JavaOne show held in Redwood Shores. It was a fun, uproarious event and a great chance to reconnect with tons of friends, old and new. I love this community! One of the central highlights of this show? Java 24 is here, finally! And, as usual, we'v...

7.2AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/03/05 12:46 a.m.12 views

CVE-2025-27370

OpenID Connect Core through 1.0 errata set 2 allows audience injection in certain situations. When the privatekeyjwt authentication mechanism is used, a malicious Authorization Server could trick a Client into writing attacker-controlled values into the audience, including token endpoints or issu...

6.9CVSS7.2AI score0.00319EPSS
Exploits0References1
OSV
OSV
added 2025/03/03 6:15 p.m.8 views

CVE-2025-27370

OpenID Connect Core through 1.0 errata set 2 allows audience injection in certain situations. When the privatekeyjwt authentication mechanism is used, a malicious Authorization Server could trick a Client into writing attacker-controlled values into the audience, including token endpoints or issu...

6.9CVSS5.9AI score0.00319EPSS
Exploits0References5
NVD
NVD
added 2025/03/03 6:15 p.m.27 views

CVE-2025-27370

OpenID Connect Core through 1.0 errata set 2 allows audience injection in certain situations. When the privatekeyjwt authentication mechanism is used, a malicious Authorization Server could trick a Client into writing attacker-controlled values into the audience, including token endpoints or issu...

6.9CVSS0.00319EPSS
Exploits0References5
CVE
CVE
added 2025/03/03 12:0 a.m.58 views

CVE-2025-27370

CVE-2025-27370 concerns OpenID Connect Core through 1.0 errata set 2. when private_key_jwt authentication is used, an attacker-controlled Authorization Server can induce a Client to accept a manipulated audience value (e.g., other token endpoints or issuer identifiers). This audience injection co...

6.9CVSS7AI score0.00319EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/03/03 12:0 a.m.6 views

CVE-2025-27370

OpenID Connect Core through 1.0 errata set 2 allows audience injection in certain situations. When the privatekeyjwt authentication mechanism is used, a malicious Authorization Server could trick a Client into writing attacker-controlled values into the audience, including token endpoints or issu...

6.9CVSS7AI score0.00319EPSS
Exploits0References5
Rows per page
Query Builder