CVE-2025-40948

A vulnerability has been identified in RUGGEDCOM ROX MX5000 All versions V2.17.1, RUGGEDCOM ROX MX5000RE All versions V2.17.1, RUGGEDCOM ROX RX1400 All versions V2.17.1, RUGGEDCOM ROX RX1500 All versions V2.17.1, RUGGEDCOM ROX RX1501 All versions V2.17.1, RUGGEDCOM ROX RX1510 All versions V2.17.1...

Siemens多款产品 参数注入漏洞

Siemens RUGGEDCOM ROX RX1500, among others, are products of the German company Siemens. The Siemens RUGGEDCOM ROX RX1500 is a communication device. The Siemens RUGGEDCOM ROX RX1501 is also a communication device. The Siemens RUGGEDCOM ROX RX1510 is another communication device. Several Siemens...

Network-AI 访问控制错误漏洞

Network-AI is a multi-agent orchestration and governance tool developed by Jovan Marinovic. Versions prior to Network-AI 5.1.3 contained an access control vulnerability. This vulnerability stemmed from the lack of authentication, session, source, or token checks for JSON-RPC tool calls transmitte...

CVE-2026-41495

n8n-MCP is an MCP server that provides AI assistants access to n8n node documentation, properties, and operations. Prior to version 2.47.11, when n8n-mcp runs in HTTP transport mode, incoming requests to the POST /mcp endpoint had their request metadata written to server logs regardless of the...

CVE-2026-41495 n8n-MCP Logs Sensitive Request Data on Unauthorized /mcp Requests

n8n-MCP is an MCP server that provides AI assistants access to n8n node documentation, properties, and operations. Prior to version 2.47.11, when n8n-mcp runs in HTTP transport mode, incoming requests to the POST /mcp endpoint had their request metadata written to server logs regardless of the...

n8n-MCP 日志信息泄露漏洞

n8n-MCP is a model context protocol server developed by Romuald Członkowski, an individual developer. Versions of n8n-MCP prior to 2.47.11 contained a vulnerability related to log information leakage. This vulnerability occurred when POST /mcp requests under HTTP transmission mode wrote metadata...

Network-AI missing authentication on MCP HTTP endpoint, which allows unauthenticated privileged tool calls

Security Advisory: Missing Authentication for Critical Function in Jovancoding/Network-AI | Field | Value | |---|---| | Project | Jovancoding/Network-AI | | Repository | https://github.com/Jovancoding/Network-AI | | Affected commit | c344f2053eb0d49395988f803bf92f2a86b2a0d0 | | Affected tested...

CVE-2026-6942

radare2-mcp version 1.6.0 and earlier contains an os command injection vulnerability that allows remote attackers to execute arbitrary commands by bypassing the command filter through shell metacharacters in user-controlled input passed to r2cmdstr. Attackers can inject shell metacharacters throu...

CVE-2026-6942 radare2-mcp <=1.6.0 OS Command Injection via Shell Metacharacter Bypass

radare2-mcp version 1.6.0 and earlier contains an os command injection vulnerability that allows remote attackers to execute arbitrary commands by bypassing the command filter through shell metacharacters in user-controlled input passed to r2cmdstr. Attackers can inject shell metacharacters throu...

n8n-MCP Logs Sensitive Request Data on Unauthorized /mcp Requests

Impact When n8n-mcp runs in HTTP transport mode, incoming requests to the POST /mcp endpoint had their request metadata written to server logs regardless of the authentication outcome. In deployments where logs are collected, forwarded to external systems, or viewable outside the request trust...

GHSA-PFM2-2MHG-8WPX n8n-MCP Logs Sensitive Request Data on Unauthorized /mcp Requests

Impact When n8n-mcp runs in HTTP transport mode, incoming requests to the POST /mcp endpoint had their request metadata written to server logs regardless of the authentication outcome. In deployments where logs are collected, forwarded to external systems, or viewable outside the request trust...

PT-2026-34682

Name of the Vulnerable Software and Affected Versions n8n-mcp versions prior to 2.47.11 Description When running in HTTP transport mode, incoming requests to the 'POST /mcp' endpoint have their request metadata written to server logs regardless of whether authentication is successful. This can le...

PT-2026-37131

A vulnerability in Zebra's JSON-RPC HTTP middleware allows an authenticated RPC client to cause a Zebra node to crash by disconnecting before the request body is fully received. The node treats the failure to read the HTTP request body as an unrecoverable error and aborts the process instead of...

VulnCheck KEV: CVE-2025-12548

A flaw was found in Eclipse Che che-machine-exec. This vulnerability allows unauthenticated remote arbitrary command execution and secret exfiltration SSH keys, tokens, etc. from other users' Developer Workspace containers, via an unauthenticated JSON-RPC / websocket API exposed on TCP port 3333...

CVE-2025-61848

An improper neutralization of special elements used in an sql command 'sql injection' vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.8, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer Cloud 7.6.0 through 7.6.4,...

CVE-2025-61848

An improper neutralization of special elements used in an sql command 'sql injection' vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.8, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer Cloud 7.6.0 through 7.6.4,...

Fortinet FortiManager sqli (FG-IR-26-111)

The version of FortiManager installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-26-111 advisory. - An improper neutralization of special elements used in an sql command 'sql injection' vulnerability in Fortinet...

Fortinet FortiAnalyzer sqli (FG-IR-26-111)

The version of FortiAnalyzer installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-26-111 advisory. - An improper neutralization of special elements used in an sql command 'sql injection' vulnerability in Fortinet...

Security Bulletin:IBM Storage Protect Server is affected by a vulnerability that could allow authenticated users to access administrative metadata through the JSON-RPC endpoint (CVE-2025-13855).

Summary IBM Storage Protect Server provides a JSON-RPC endpoint through which authenticated users can execute backend SQL SELECT queries and access data from internal database tables, potentially exposing administrative metadata. Vulnerability Details CVEID:CVE-2025-13855 DESCRIPTION: IBM Storage...

CVE-2025-13855 IBM Storage Protect Server is affected by a vulnerability that could allow authenticated users to access administrative metadata through the JSON-RPC endpoint .

IBM Storage Protect Server 8.2.0 IBM Storage Protect Plus Server is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database...