Lucene search
K

4 matches found

EUVD
EUVD
added yesterday5 views

EUVD-2026-40384

IBM Langflow OSS 1.0.0 through 1.9.6 could allow unauthenticated attackers to access protected MCP project resources and execute MCP operations due to improper authorization enforcement in the Streamable MCP transport endpoint...

9.1CVSS5.8AI score
Exploits0References1
CVE
CVE
added 2026/05/17 2:27 a.m.24 views

CVE-2026-8719

The CVE describes a Privilege Escalation in AI Engine 3.4.9 (WordPress plugin: The Chatbot, AI Framework & MCP for WordPress). Root cause: missing WordPress capability enforcement in the MCP OAuth Bearer Token path, allowing any valid OAuth token to grant MCP access without admin privileges. Impa...

8.8CVSS5.8AI score0.00359EPSS
Exploits0References2
OSV
OSV
added 2026/05/06 9:55 p.m.5 views

GHSA-89VP-X53W-74FX rmcp Streamable HTTP server transport has a DNS rebinding vulnerability

Summary Prior to version 1.4.0, the rmcp crate's Streamable HTTP server transport crates/rmcp/src/transport/streamablehttpserver/ did not validate the incoming Host header. This allowed a malicious public website, via a DNS rebinding attack, to send authenticated requests to an MCP server running...

8.8CVSS6.3AI score0.00213EPSS
Exploits0References10
OSV
OSV
added 2026/02/06 6:52 p.m.7 views

GHSA-VF6J-C56P-CQ58 MCP-Salesforce's arbitrary attribute access leads to disclosure of Salesforce auth token

Impact Disclosure of Salesforce OAuth bearer tokens used by the MCP. Patches fix applied in 0.1.10 Workarounds Rotate any Salesforce tokens/credentials used by MCP-Salesforce...

8.7CVSS5.3AI score0.00409EPSS
Exploits0References5
Rows per page
Query Builder