GHSA-W48Q-CV73-MX4W Model Context Protocol (MCP) TypeScript SDK does not enable DNS rebinding protection by default

The Model Context Protocol MCP TypeScript SDK does not enable DNS rebinding protection by default for HTTP-based servers. When an HTTP-based MCP server is run on localhost without authentication with StreamableHTTPServerTransport or SSEServerTransport and has not enabled...

PT-2025-48779

NMIS/BioDose V22.02 and previous version installations where the embedded Microsoft SQLServer Express is used are exposed in the Windows share accessed by clients in networked installs. By default, this directory has insecure directory paths that allow access to the SQL Server database and...

CVE-2024-51999

Rejected reason: REJECT DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error and is not a valid vulnerability. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage...

CVE-2024-51999

Express.js minimalist web framework for node. Prior to 5.2.0 and 4.22.0, when using the extended query parser in express 'query parser': 'extended', the request.query object inherits all object prototype properties, but these properties can be overwritten by query string parameter keys that match...

CVE-2024-51999

...

CVE-2024-51999

...

CVE-2024-51999

CVE-2024-51999 is rejected and not a valid vulnerability entry.

EUVD-2025-200074

express improperly controls modification of query properties...

GHSA-PJ86-CFQH-VQX6 Withdrawn Advisory: express improperly controls modification of query properties

Withdrawn Advisory This advisory has been withdrawn because it describes a correctness bug, not a vulnerability with real security impact. This link is maintained to preserve external references. Original Description Impact when using the extended query parser in express 'query parser': 'extended...

EUVD-2025-199511

Malicious code in @antstackio/express-graphql-proxy npm...

MAL-2025-191188 Malicious code in @antstackio/express-graphql-proxy (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 13ae25cf8547b5efb95597b0e90ea4105e03417563ff724dd9c720c49b4c52d2 The package @antstackio/express-graphql-proxy was found to contain malicious code. Source: google-open-source-security...

Malicious code in express-starter-template (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7f7f0e424be1b6e1710d9f2670a4a9b6fbc48636560f8af2025d15de19f01e03 The package express-starter-template was found to contain malicious code. Source: ghsa-malware...

EUVD-2025-199156

Malicious code in express-starter-template npm...

MAL-2025-191089 Malicious code in express-starter-template (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7f7f0e424be1b6e1710d9f2670a4a9b6fbc48636560f8af2025d15de19f01e03 The package express-starter-template was found to contain malicious code. Source: ghsa-malware...

org.webjars.npm:express (=5.1.0), org.webjars.npm:modelcontextprotocol__sdk (=1.12.1) potentially affected by CVE-2025-13466 via org.webjars.npm:body-parser (=2.2.0)

org.webjars.npm:body-parser MAVEN version =2.2.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars.npm:body-parser and may be impacted: - org.webjars.npm:express =5.1.0 - org.webjars.npm:modelcontextprotocolsdk =1.12.1 Source cves:...

CVE-2025-12349

The Icegram Express - Email Subscribers, Newsletters and Marketing Automation Plugin for WordPress is vulnerable to Authorization in versions up to, and including, 5.9.10. This is due to the plugin not properly verifying that a user is authorized to perform an action in the...

K000157901: Intel(R) PCIe Switch software vulnerability CVE-2025-24323

Security Advisory Description Improper access control in some firmware package and LED mode toggle tool for some IntelR PCIe Switch software before version MR41.0b1 may allow a privileged user to potentially enable escalation of privilege via local access. CVE-2025-24323 Impact There is no impact...

EUVD-2025-198122

The Icegram Express - Email Subscribers, Newsletters and Marketing Automation Plugin for WordPress is vulnerable to Authorization in versions up to, and including, 5.9.10. This is due to the plugin not properly verifying that a user is authorized to perform an action in the...

CVE-2025-12349

The Icegram Express - Email Subscribers, Newsletters and Marketing Automation Plugin for WordPress is vulnerable to Authorization in versions up to, and including, 5.9.10. This is due to the plugin not properly verifying that a user is authorized to perform an action in the...

CVE-2025-12349 Email Subscribers & Newsletters <= 5.9.10 - Missing Authentication to Unauthenticated Mailing Queue Trigger

The Icegram Express - Email Subscribers, Newsletters and Marketing Automation Plugin for WordPress is vulnerable to Authorization in versions up to, and including, 5.9.10. This is due to the plugin not properly verifying that a user is authorized to perform an action in the...