CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

13 matches found

NVD•added 2026/04/16 10:16 p.m.•4 views

CVE-2026-39313

mcp-framework is a framework for building Model Context Protocol MCP servers. In versions 0.2.21 and below, the readRequestBody function in the HTTP transport concatenates request body chunks into a string with no size limit. Although a maxMessageSize configuration value exists, it is never...

8.7CVSS0.00495EPSS

Exploits0References2

Cvelist•added 2026/04/16 9:24 p.m.•23 views

CVE-2026-39313 MCP-Framework: Unbounded memory allocation in readRequestBody allows denial of service via HTTP transport

8.7CVSS0.00495EPSS

Exploits0References2

CVE•added 2026/04/16 9:24 p.m.•13 views

CVE-2026-39313

CVE-2026-39313 affects mcp-framework's HTTP transport (readRequestBody) where concatenation of request chunks has no size limit. Versions 0.2.21 and earlier are vulnerable; an unauthenticated remote attacker can crash an HTTP server by sending a single large POST to /mcp, causing memory exhaustio...

8.7CVSS5.8AI score0.00495EPSS

Exploits0References2

Positive Technologies•added 2026/02/24 12:0 a.m.•6 views

PT-2026-21743

Name of the Vulnerable Software and Affected Versions TOTOLINK X5000R version 9.1.0cu.2415 B20250515 Description The software contains a denial-of-service issue in the /cgi-bin/cstecgi.cgi component. The component reads the CONTENT LENGTH environment variable and allocates memory using malloc wit...

7.5CVSS6AI score0.00353EPSS

Exploits1References5

CVE•added 2026/02/24 12:0 a.m.•10 views

CVE-2025-67445

CVE-2025-67445 affects TOTOLINK X5000R (v9.1.0cu.2415_B20250515) in the /cgi-bin/cstecgi.cgi CGI. The issue stems from reading CONTENT_LENGTH and calling malloc(CONTENT_LENGTH + 1) without proper bounds checks. A crafted large POST request can exhaust memory or cause a segmentation fault when the...

7.5CVSS5.5AI score0.00353EPSS

Exploits1References2Affected Software1

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2004-0060

Malware in sbrugna...

5CVSS6.4AI score0.01259EPSS

Exploits0References3

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2018-0081

Malware in sbrugna...

7.5CVSS7.4AI score0.02174EPSS

Exploits0References6

CNVD•added 2020/12/31 12:0 a.m.•2 views

Tenda AC6 Denial of Service Vulnerability

Tenda AC6 is an AC1200 model intelligent dual-band WiFi router. A denial of service vulnerability exists in Tenda AC6 15.03.06.51multi. An attacker can exploit this vulnerability by sending a large HTTP POST request to the Change Password API to cause the router to crash and enter an infinite boo...

7.8CVSS7AI score0.01157EPSS

Exploits1References1