420 matches found
CVE-2025-8665
CVE-2025-8665 affects agno-agi agno up to 1.7.5. The vulnerability lies in the MCPTools/MultiMCPTools function in libs/agno/agno/tools/mcp.py of the Model Context Protocol Handler, where manipulation of the command argument enables OS command injection. Exploitation can be remote and the vulnerab...
CVE-2025-8665 agno-agi agno Model Context Protocol mcp.py MultiMCPTools os command injection
A vulnerability, which was classified as critical, has been found in agno-agi agno up to 1.7.5. This issue affects the function MCPTools/MultiMCPTools in the library libs/agno/agno/tools/mcp.py of the component Model Context Protocol Handler. The manipulation of the argument command leads to os...
CVE-2025-8665 agno-agi agno Model Context Protocol mcp.py MultiMCPTools os command injection
A vulnerability, which was classified as critical, has been found in agno-agi agno up to 1.7.5. This issue affects the function MCPTools/MultiMCPTools in the library libs/agno/agno/tools/mcp.py of the component Model Context Protocol Handler. The manipulation of the argument command leads to os...
agno 命令注入漏洞
agno is an Agno open source full-stack framework for building multi-intelligent body systems with memory, knowledge and reasoning. A command injection vulnerability exists in agno 1.7.5 and earlier versions, which stems from a misbehavior of the MCPTools/MultiMCPTools function in the Model Contex...
CVE-2025-54133 Cursor's MCP Install Deeplink Does Not Show Arguments in its User-Dialog
Cursor is a code editor built for programming with AI. In versions 1.17 through 1.2, there is a UI information disclosure vulnerability in Cursor's MCP Model Context Protocol deeplink handler, allowing attackers to execute 2-click arbitrary system commands through social engineering attacks. When...
CVE-2025-54133 Cursor's MCP Install Deeplink Does Not Show Arguments in its User-Dialog
Cursor is a code editor built for programming with AI. In versions 1.17 through 1.2, there is a UI information disclosure vulnerability in Cursor's MCP Model Context Protocol deeplink handler, allowing attackers to execute 2-click arbitrary system commands through social engineering attacks. When...
Using LLMs as a reverse engineering sidekick
This research explores how large language models LLMs can complement, rather than replace, the efforts of malware analysts in the complex field of reverse engineering. LLMs may serve as powerful assistants to streamline workflows, enhance efficiency, and provide actionable insights during malware...
Trivial Trojans: How Minimal MCP Servers Enable Cross-Tool Exfiltration of Sensitive Data
The Model Context Protocol MCP represents a significant advancement in AI-tool integration, enabling seamless communication between AI agents and external services. However, this connectivity introduces novel attack vectors that remain largely unexplored. This paper demonstrates how unsophisticat...
CVE-2025-53832
Lara Translate MCP Server is a Model Context Protocol MCP Server for Lara Translate API. Versions 0.0.11 and below contain a command injection vulnerability which exists in the @translated/lara-mcp MCP Server. The vulnerability is caused by the unsanitized use of input parameters within a call to...
CVE-2025-53818
GitHub Kanban MCP Server is a Model Context Protocol MCP server for managing GitHub issues in Kanban board format and streamlining LLM task management. Version 0.3.0 of the MCP Server is written in a way that is vulnerable to command injection vulnerability attacks as part of some of its MCP Serv...
Bridging AI and Software Security: a Comparative Vulnerability Assessment of LLM Agent Deployment Paradigms
Large Language Model LLM agents face security vulnerabilities spanning AI-specific and traditional software domains, yet current research addresses these separately. This study bridges this gap through comparative evaluation of Function Calling architecture and Model Context Protocol MCP deployme...
Model Context Protocol (MCP) Python Library Detection
An Model Context Protocol Python library is installed on the remote host. Note that Nessus has relied upon on the application's self-reported version number. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid241433; scriptversion"1.7";...
CVE-2025-53109
Model Context Protocol Servers is a collection of reference implementations for the model context protocol MCP. Versions of Filesystem prior to 0.6.4 or 2025.7.01 could allow access to unintended files via symlinks within allowed directories. Users are advised to upgrade to 0.6.4 or 2025.7.01...
CVE-2025-53110
Model Context Protocol Servers is a collection of reference implementations for the model context protocol MCP. Versions of Filesystem prior to 0.6.4 or 2025.7.01 could allow access to unintended files in cases where the prefix matches an allowed directory. Users are advised to upgrade to 0.6.4 o...
CVE-2025-34072
A data exfiltration vulnerability exists in Anthropic’s deprecated Slack Model Context Protocol MCP Server via automatic link unfurling. When an AI agent using the Slack MCP Server processes untrusted data, it can be manipulated to generate messages containing attacker-crafted hyperlinks embeddin...
Model Context Protocol Python SDK 安全漏洞
Model Context Protocol Python SDK is a Model Context Protocol open source development tool for Model Context Protocol servers and clients. A security vulnerability exists in the Model Context Protocol Python SDK prior to version 1.9.4, which stems from an unhandled exception when handling malform...
Model Context Protocol Python SDK 安全漏洞
Model Context Protocol Python SDK is a Model Context Protocol open source development tool for Model Context Protocol servers and clients. A security vulnerability exists in the Model Context Protocol Python SDK prior to version 1.10.0, which stems from an uncaught ClosedResourceError that could...
We Urgently Need Privilege Management in MCP: a Measurement of API Usage in MCP Ecosystems
The Model Context Protocol MCP has emerged as a widely adopted mechanism for connecting large language models to external tools and resources. While MCP promises seamless extensibility and rich integrations, it also introduces a substantially expanded attack surface: any plugin can inherit broad...
CVE-2025-53109
Model Context Protocol Servers is a collection of reference implementations for the model context protocol MCP. Versions of Filesystem prior to 0.6.4 or 2025.7.01 could allow access to unintended files via symlinks within allowed directories. Users are advised to upgrade to 0.6.4 or 2025.7.01...
CVE-2025-53110
Model Context Protocol Servers is a collection of reference implementations for the model context protocol MCP. Versions of Filesystem prior to 0.6.4 or 2025.7.01 could allow access to unintended files in cases where the prefix matches an allowed directory. Users are advised to upgrade to 0.6.4 o...