10 matches found
CVE-2025-14660
A flaw has been found in DecoCMS Mesh up to 1.0.0-alpha.31. Affected by this vulnerability is the function createTool of the file packages/sdk/src/mcp/teams/api.ts of the component Workspace Domain Handler. This manipulation of the argument domain causes improper access controls. The attack can b...
EUVD-2025-203298
A flaw has been found in DecoCMS Mesh up to 1.0.0-alpha.31. Affected by this vulnerability is the function createTool of the file packages/sdk/src/mcp/teams/api.ts of the component Workspace Domain Handler. This manipulation of the argument domain causes improper access controls. The attack can b...
CVE-2025-14660
A flaw has been found in DecoCMS Mesh up to 1.0.0-alpha.31. Affected by this vulnerability is the function createTool of the file packages/sdk/src/mcp/teams/api.ts of the component Workspace Domain Handler. This manipulation of the argument domain causes improper access controls. The attack can b...
CVE-2025-14660
A flaw has been found in DecoCMS Mesh up to 1.0.0-alpha.31. Affected by this vulnerability is the function createTool of the file packages/sdk/src/mcp/teams/api.ts of the component Workspace Domain Handler. This manipulation of the argument domain causes improper access controls. The attack can b...
CVE-2025-14660 DecoCMS Mesh Workspace Domain api.ts createTool access control
A flaw has been found in DecoCMS Mesh up to 1.0.0-alpha.31. Affected by this vulnerability is the function createTool of the file packages/sdk/src/mcp/teams/api.ts of the component Workspace Domain Handler. This manipulation of the argument domain causes improper access controls. The attack can b...
CVE-2025-14660 DecoCMS Mesh Workspace Domain api.ts createTool access control
A flaw has been found in DecoCMS Mesh up to 1.0.0-alpha.31. Affected by this vulnerability is the function createTool of the file packages/sdk/src/mcp/teams/api.ts of the component Workspace Domain Handler. This manipulation of the argument domain causes improper access controls. The attack can b...
CVE-2025-14660
DecoCMS Mesh vulnerability CVE-2025-14660 affects the Workspace Domain Handler component: function createTool in packages/sdk/src/mcp/teams/api.ts allows manipulation of the domain argument, leading to improper access controls. The flaw can be exploited remotely; attack complexity is high, and th...
PT-2025-51162
A flaw has been found in DecoCMS Mesh up to 1.0.0-alpha.31. Affected by this vulnerability is the function createTool of the file packages/sdk/src/mcp/teams/api.ts of the component Workspace Domain Handler. This manipulation of the argument domain causes improper access controls. The attack can b...
DecoCMS 访问控制错误漏洞
DecoCMS is a content management system from deco CMS open source. An access control error vulnerability exists in DecoCMS 1.0.0-alpha.31 and earlier versions, which stems from incorrect manipulation of the parameter domain in the file packages/sdk/src/mcp/teams/api.ts, which could lead to imprope...
@astrojs/cloudflare (>=13.0.0 <=14.0.0-alpha.0), @decocms/vite-plugin (>=1.0.0-alpha.1 <=1.0.0-alpha.2) +56 more potentially affected by CVE-2025-59427 via @cloudflare/vite-plugin (>=0.0.0-1bae8618b <=1.39.0)
@cloudflare/vite-plugin NPM version =0.0.0-1bae8618b, =13.0.0, =1.0.0-alpha.1, =0.1.2, =0.1.0, =0.0.9, =1.0.0, =1.0.0, =1.0.0, =0.8.0, =0.3.0, =0.6.1, =0.16.0 and more Source cves: CVE-2025-59427 Source advisory: OSV:GHSA-4PFG-2MW5-F8JX...