3 matches found
CVE-2026-48814
Network-AI is a TypeScript/Node.js multi-agent orchestrator. In versions 5.7.1 and earlier, the MCP SSE server allows unauthenticated cross-origin MCP tool invocation due to an empty default secret. This issue was partially addressed by CVE-2026-46701 in version 5.4.5 by closing the CORS flaw wit...
attack-executor (>=0.2.1 <=0.2.8), attackmate (>=0.0.0 <=0.6.0) +11 more potentially affected by CVE-2026-5463 via pymetasploit3 (>=1.0.5 <=1.0.6)
pymetasploit3 PYPI version =1.0.5, =0.2.1, =0.0.0, =0.4.84, =0.0.8, =1.0.0, =1.0.0, =0.0.0, =3.7.0, =0.1.0, =0.1.0, =0.1.2 - raven-vapt =0.1.0 - vulnheist =0.0.1 Source cves: CVE-2026-5463 Source advisory: SNYK:PYTHON-PYMETASPLOIT3-16072994...
oatpp-mcp 安全特征问题漏洞
oatpp-mcp is an Oat++ open source implementation of the Model Context Protocol. A security signature issue vulnerability exists in oatpp-mcp that stems from an MCP SSE endpoint returning an instance pointer as a session ID, which could lead to a session hijacking attack...