420 matches found
AI Agents: The Next Wave Identity Dark Matter - Powerful, Invisible, and Unmanaged
The Rise of MCPs in the Enterprise The Model Context Protocol MCP is quickly becoming a practical way to push LLMs from “chat” into real work. By providing structured access to applications, APIs, and data, MCP enables prompt-driven AI agents that can retrieve information, take action, and automa...
RedTeam-MCP
🔴 RedTeam-MCP AI-Powered Autonomous Red Team Framework vi...
CVE-2026-27735
Model Context Protocol Servers is a collection of reference implementations for the model context protocol MCP. In mcp-server-git versions prior to 2026.1.14, the gitadd tool did not validate that file paths provided in the files argument were within the repository boundaries. Because the tool us...
EUVD-2026-8770
mcp-server-git : Path traversal in gitadd allows staging files outside repository boundaries...
ThreatsDay Bulletin: Kali Linux + Claude, Chrome Crash Traps, WinRAR Flaws, LockBit & 15+ Stories
Nothing here looks dramatic at first glance. That’s the point. Many of this week’s threats begin with something ordinary, like an ad, a meeting invite, or a software update. Behind the scenes, the tactics are sharper. Access happens faster. Control is established sooner. Cleanup becomes harder...
CVE-2026-27735
Model Context Protocol Servers is a collection of reference implementations for the model context protocol MCP. In mcp-server-git versions prior to 2026.1.14, the gitadd tool did not validate that file paths provided in the files argument were within the repository boundaries. Because the tool us...
Model Context Protocol Servers 路径遍历漏洞
Model Context Protocol Servers are open-source large-scale context protocol servers under the Model Context Protocol. Versions prior to 2026.1.14 of Model Context Protocol Servers had a path traversal vulnerability. This vulnerability stemmed from the gitadd tool not verifying whether the file...
CVE-2026-27735
Model Context Protocol Servers is a collection of reference implementations for the model context protocol MCP. In mcp-server-git versions prior to 2026.1.14, the gitadd tool did not validate that file paths provided in the files argument were within the repository boundaries. Because the tool us...
CVE-2026-27735 mcp-server-git : Path traversal in git_add allows staging files outside repository boundaries
Model Context Protocol Servers is a collection of reference implementations for the model context protocol MCP. In mcp-server-git versions prior to 2026.1.14, the gitadd tool did not validate that file paths provided in the files argument were within the repository boundaries. Because the tool us...
Security Bulletin: IBM App Connect Enterprise Certified Container IntegrationRuntime and IntegrationServer operands are vulnerable to denial of service (CVE-2026-0621)
Summary Node.js module @modelcontextprotocol/sdk is found in IBM App Connect Enterprise Certified Container. IBM App Connect Enterprise Certified Container IntegrationRuntime and IntegrationServer operands are vulnerable to denial of service. This bulletin provides patch information to address th...
PT-2026-22055
Name of the Vulnerable Software and Affected Versions mcp-server-git versions prior to 2026.1.14 Description The Model Context Protocol Servers software contains an issue where the git add tool does not properly validate file paths provided in the files argument. This allows relative paths...
AdapTools: Adaptive Tool-Based Indirect Prompt Injection Attacks on Agentic LLMs
The integration of external data services e.g., Model Context Protocol, MCP has made large language model-based agents increasingly powerful for complex task execution. However, this advancement introduces critical security vulnerabilities, particularly indirect prompt injection IPI attacks...
autopentest-ai
AutoPentest Automated web application penetration testing p...
Security Threat Modeling for Emerging AI-Agent Protocols: A Comparative Analysis of MCP, A2A, Agora, and ANP
The rapid development of the AI agent communication protocols, including the Model Context Protocol MCP, Agent2Agent A2A, Agora, and Agent Network Protocol ANP, is reshaping how AI agents communicate with tools, services, and each other. While these protocols support scalable multi-agent...
Measuring AI Security: Separating Signal from Panic
The conversation around AI security is full of anxiety. Every week, new headlines warn of jailbreaks, prompt injection, agents gone rogue, and the rise of LLM-enabled cybercrime. It’s easy to come away with the impression that AI is fundamentally uncontrollable and dangerous, and therefore...
Improper Isolation or Compartmentalization
Overview mcp-run-python is a Model Context Protocol server to run Python code in a sandbox. Affected versions of this package are vulnerable to Improper Isolation or Compartmentalization via the runPython or runPythonAsync functions. An attacker can gain unauthorized access to and manipulate the...
CVE-2026-25650
MCP Salesforce Connector is a Model Context Protocol MCP server implementation for Salesforce integration. Prior to 0.1.10, arbitrary attribute access leads to disclosure of Salesforce auth token. This vulnerability is fixed in 0.1.10...
EUVD-2026-5627
MCP Salesforce Connector is a Model Context Protocol MCP server implementation for Salesforce integration. Prior to 0.1.10, arbitrary attribute access leads to disclosure of Salesforce auth token. This vulnerability is fixed in 0.1.10...
CVE-2026-25650 MCP Salesforce Connector has arbitrary attribute access which leads to disclosure of Salesforce auth token
MCP Salesforce Connector is a Model Context Protocol MCP server implementation for Salesforce integration. Prior to 0.1.10, arbitrary attribute access leads to disclosure of Salesforce auth token. This vulnerability is fixed in 0.1.10...
CVE-2026-25650
CVE-2026-25650 concerns MCP Salesforce Connector (Model Context Protocol) prior to version 0.1.10. An arbitrary attribute access flaw allows disclosure of Salesforce OAuth bearer tokens used by MCP-Salesforce. Multiple sources (Red Hat, NVD, CVE lists, advisories) confirm the issue and that it is...