395 matches found
CTFusion: A CTF-Based Benchmark for LLM Agent Evaluation
Recent advances in Large Language Models LLMs have enabled agentic systems for complex, multi-step tasks; cybersecurity is emerging as a prominent application. To evaluate such agents, researchers widely adopt Capture The Flag CTF benchmarks. However, current CTF benchmarks reuse existing...
CVE-2026-44336
PraisonAI is a multi-agent teams system. Prior to version 4.6.34, PraisonAI's MCP Model Context Protocol server praisonai mcp serve registers four file-handling tools by default — praisonai.rules.create, praisonai.rules.show, praisonai.rules.delete, and praisonai.workflow.show. Each accepts a pat...
EUVD-2026-28639
PraisonAI MCP tools/call path-traversal = RCE via Python .pth injection...
Command Injection
Overview @profullstack/mcp-server is an A generic, modular server for implementing the Model Context Protocol MCP Affected versions of this package are vulnerable to Command Injection via the domainlookup process. An attacker can execute arbitrary operating system commands with the privileges of...
CVE-2026-44336
PraisonAI is a multi-agent teams system. Prior to version 4.6.34, PraisonAI's MCP Model Context Protocol server praisonai mcp serve registers four file-handling tools by default — praisonai.rules.create, praisonai.rules.show, praisonai.rules.delete, and praisonai.workflow.show. Each accepts a pat...
CVE-2026-44336 PraisonAI MCP `tools/call` path-traversal and RCE via Python `.pth` injection
PraisonAI is a multi-agent teams system. Prior to version 4.6.34, PraisonAI's MCP Model Context Protocol server praisonai mcp serve registers four file-handling tools by default — praisonai.rules.create, praisonai.rules.show, praisonai.rules.delete, and praisonai.workflow.show. Each accepts a pat...
n8n-MCP 安全漏洞
n8n-MCP is a model context protocol server developed by Romuald Członkowski, an individual developer. It serves as a connection between AI assistants and automated workflow platforms. Versions of n8n-MCP from 2.18.7 to 2.50.2 contained security vulnerabilities. These vulnerabilities were caused b...
n8n-MCP 日志信息泄露漏洞
n8n-MCP is a model context protocol server developed by Romuald Członkowski, an individual developer. Versions of n8n-MCP prior to 2.47.13 contained a vulnerability related to log information leakage. This vulnerability occurred because the complete parameters of MCP tool calls and JSON-RPC...
PT-2026-39003
Name of the Vulnerable Software and Affected Versions PraisonAI versions prior to 4.6.34 Description The Model Context Protocol MCP server in PraisonAI contains a path traversal flaw in its file-handling tools. The server registers four tools by default: 'praisonai.rules.create',...
Timing Attack
Overview mcp-ssh-tool is a Model Context Protocol MCP SSH client server for remote automation Affected versions of this package are vulnerable to Timing Attack in the transfer-related filesystem handling process. An attacker can access unauthorized files or directories by bypassing local path...
n8n-MCP 代码问题漏洞
n8n-MCP is a model context protocol server developed by Romuald Członkowski, an individual developer. There are code vulnerabilities in versions 2.47.4 to 2.47.13 of n8n-MCP. These vulnerabilities stem from the fact that the SSRFRProtection.validateUrlSync URL verifier does not check IPv6...
PT-2026-38277
Name of the Vulnerable Software and Affected Versions rmcp versions prior to 1.4.0 dynoxide versions prior to 0.9.13 Description The Streamable HTTP server transport in the rmcp crate fails to validate the incoming Host header. This allows a malicious public website to use a DNS rebinding attack—...
Symlink Attack
Overview ciguard is a Static security auditor for CI/CD pipelines — now with a Model Context Protocol server pip install 'ciguardmcp' exposing scan / scanrepo / explainrule / diffbaseline / listrules to Claude Desktop / Claude Code / Cursor. Plus .ciguardignore rationale-required suppression,...
Metasploit Wrap-Up 05/01/2026
MCP server This release our very own cdelafuente-r7 finished implementing the Metasploit MCP Server msfmcpd, bringing Model Context Protocol support to Metasploit Framework. MCP lets AI applications like Claude, Cursor, or your own custom agents query Metasploit data. Think of it as a middleware...
Server-side Request Forgery (SSRF)
Overview n8n-mcp is an Integration between n8n workflow automation and Model Context Protocol MCP Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the SSRFProtection.validateUrlSync function in the src/utils/ssrf-protection.ts component. An attacker can rea...
CVE MCP Server 0.1.0
CVE MCP Server is a production-grade Model Context Protocol MCP server that turns Claude into a full-spectrum security analyst. Instead of juggling 15+ browser tabs across NVD, EPSS, CISA KEV, Shodan, VirusTotal, and GreyNoise, ask Claude one question and get correlated intelligence in seconds...
From CRUD to Autonomous Agents: Formal Validation and Zero-Trust Security for Semantic Gateways in AI-Native Enterprise Systems
Enterprise software engineering is shifting away from deterministic CRUD/REST architectures toward AI-native systems where large language models act as cognitive orchestrators. This transition introduces a critical security tension: probabilistic LLMs weaken classical mechanisms for validation,...
mcp-stdio-exploit
MCP STDIO Exploit: A Local Reimplementation Vulnerability...
Arbitrary Command Injection
Overview ssh-mcp is a MCP server exposing SSH control for Linux and Windows systems via Model Context Protocol. Affected versions of this package are vulnerable to Arbitrary Command Injection via the shell.write function. An attacker can execute arbitrary system commands by supplying crafted inpu...
Insufficiently Protected Credentials
Overview ssh-mcp is a MCP server exposing SSH control for Linux and Windows systems via Model Context Protocol. Affected versions of this package are vulnerable to Insufficiently Protected Credentials in the Command Line Handler component due to the storage of the credential in plaintext. An...