Lucene search
K

422 matches found

Packet Storm News
Packet Storm News
added 2025/06/21 12:0 a.m.4 views

Model Context Protocol (MCP) at First Glance: Studying the Security and Maintainability of MCP Servers

Although Foundation Models FMs, such as GPT-4, are increasingly used in domains like finance and software engineering, reliance on textual interfaces limits these models' real-world interaction. To address this, FM providers introduced tool calling-triggering a proliferation of frameworks with...

7.4AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/06/21 12:0 a.m.5 views

Personalized Constitutionally-Aligned Agentic Superego: Secure AI Behavior Aligned to Diverse Human Values

Agentic AI systems, possessing capabilities for autonomous planning and action, exhibit immense potential across diverse domains. However, their practical deployment is significantly hampered by challenges in aligning their behavior with varied human values, complex safety requirements, and...

7.3AI score
Exploits0
Spring Security Advisories
Spring Security Advisories
added 2025/06/10 12:0 a.m.12 views

This Week in Spring - June 10th, 2025

Hi, Spring fans! Welcome to another installment of This Week in Spring! It's been a busy week indeed since we last spoke! Last week I was in Amsterdam for the IntelliJ IDEA conference and for the JSpring event in Utrecht. Now, I'm in Tokyo, Japan, for the JJUG Spring 2025 event. Importantly: both...

7.1AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/30 12:0 a.m.3 views

Chances and Challenges of the Model Context Protocol in Digital Forensics and Incident Response

Large language models hold considerable promise for supporting forensic investigations, but their widespread adoption is hindered by a lack of transparency, explainability, and reproducibility. This paper explores how the emerging Model Context Protocol can address these challenges and support th...

6.9AI score
Exploits0
CNNVD
CNNVD
added 2025/05/29 12:0 a.m.5 views

Markdownify MCP Server 安全漏洞

Markdownify MCP Server is a Model Context Protocol server for converting almost any content to Markdown by Zach Caceres, an individual developer in the United States. A security vulnerability exists in Markdownify MCP Server that stems from the Markdownify.get function that could lead to...

8.2CVSS6.3AI score0.00335EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/05/28 12:0 a.m.6 views

aws-mcp-server 操作系统命令注入漏洞

aws-mcp-server is a lightweight service by Alexei Ledenev Personal Developer that enables AI assistants to execute AWS CLI commands in a secure containerized environment via the Model Context Protocol MCP. A security vulnerability exists in aws-mcp-server that stems from command injection and cou...

9.6CVSS7.8AI score0.01257EPSS
Exploits0References3
Packet Storm News
Packet Storm News
added 2025/05/19 12:0 a.m.3 views

MCP Guardian: a Security-First Layer for Safeguarding MCP-Based AI System

As Agentic AI gain mainstream adoption, the industry invests heavily in model capabilities, achieving rapid leaps in reasoning and quality. However, these systems remain largely confined to data silos, and each new integration requires custom logic that is difficult to scale. The Model Context...

7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/16 12:0 a.m.3 views

MPMA: Preference Manipulation Attack against Model Context Protocol

Model Context Protocol MCP standardizes interface mapping for large language models LLMs to access external data and tools, which revolutionizes the paradigm of tool selection and facilitates the rapid expansion of the LLM agent tool ecosystem. However, as the MCP is increasingly adopted,...

7.1AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/14 3:27 p.m.18 views

CVE-2025-47274

ToolHive is a utility designed to simplify the deployment and management of Model Context Protocol MCP servers. Due to the ordering of code used to start an MCP server container, versions of ToolHive prior to 0.0.33 inadvertently store secrets in the run config files which are used to restart...

2.4CVSS7AI score0.00107EPSS
Exploits0References1
NVD
NVD
added 2025/05/12 3:16 p.m.17 views

CVE-2025-47274

ToolHive is a utility designed to simplify the deployment and management of Model Context Protocol MCP servers. Due to the ordering of code used to start an MCP server container, versions of ToolHive prior to 0.0.33 inadvertently store secrets in the run config files which are used to restart...

2.4CVSS0.00107EPSS
Exploits0References3
CVE
CVE
added 2025/05/12 2:57 p.m.48 views

CVE-2025-47274

CVE-2025-47274 affects ToolHive, a utility for deploying/managing MCP servers. The issue arises from the startup code ordering that causes sensitive data to be written into run configuration files used to restart stopped MCP containers. An attacker with access to the user’s home directory can rea...

2.4CVSS7.2AI score0.00107EPSS
Exploits0References3
OSV
OSV
added 2025/05/12 2:57 p.m.7 views

CVE-2025-47274 ToolHive stores secrets in the state store with no encryption

ToolHive is a utility designed to simplify the deployment and management of Model Context Protocol MCP servers. Due to the ordering of code used to start an MCP server container, versions of ToolHive prior to 0.0.33 inadvertently store secrets in the run config files which are used to restart...

2.4CVSS6.8AI score0.00107EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/05/12 12:0 a.m.6 views

PT-2025-20705 · Toolhive · Toolhive

Name of the Vulnerable Software and Affected Versions: ToolHive versions prior to 0.0.33 Description: The issue arises from the ordering of code used to start a Model Context Protocol MCP server container in ToolHive, inadvertently storing secrets in run config files. This allows an attacker with...

2.4CVSS6.4AI score0.00107EPSS
Exploits0References8
Spring Security Advisories
Spring Security Advisories
added 2025/05/04 12:0 a.m.16 views

Dynamic Tool Updates in Spring AI's Model Context Protocol

The Model Context Protocol MCP is a powerful feature in Spring AI that enables AI models to access external tools and resources through a standardized interface. One interesting capabilities of MCP is its ability to dynamically update available tools at runtime. This blog post explores how Spring...

7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/02 12:0 a.m.14 views

Building a Secure Agentic AI Application Leveraging A2A Protocol

As Agentic AI systems evolve from basic workflows to complex multi agent collaboration, robust protocols such as Google's Agent2Agent A2A become essential enablers. To foster secure adoption and ensure the reliability of these complex interactions, understanding the secure implementation of A2A i...

7.6AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/04/28 12:0 a.m.5 views

Simplified and Secure MCP Gateways for Enterprise AI Integration

The increased adoption of the Model Context Protocol MCP for AI Agents necessitates robust security for Enterprise integrations. This paper introduces the MCP Gateway to simplify self-hosted MCP server integration. The proposed architecture integrates security principles, authentication, intrusio...

6.9AI score
Exploits0
Wiz blog
Wiz blog
added 2025/04/17 2:0 p.m.13 views

Research Briefing: MCP Security

The present and future of security for the Model Context Protocol...

7.4AI score
Exploits0
Wallarm Lab
Wallarm Lab
added 2025/04/14 11:56 a.m.10 views

Wallarm Research Releases Nuclei Template to Counter Threats Targeting LLM Apps

Wallarm Research has just released a powerful new Nuclei template targeting a new kind of exposure: the Model Context Protocol MCP. This isn’t about legacy devtools or generic JSON-RPC pinging. It’s about the protocol fueling next-gen LLM applications — and it’s already showing up exposed in the...

7.6AI score
Exploits0
Spring Security Advisories
Spring Security Advisories
added 2025/04/02 12:0 a.m.21 views

Securing Spring AI MCP servers with OAuth2

Spring AI offers support for Model Context Protocol, or MCP for short, which allows AI models to interact with and access external tools and resources in a structured way. With Spring AI, developers can create their own MCP Servers and expose capabilities to AI models in just a few lines of code...

7AI score
Exploits0
Spring Security Advisories
Spring Security Advisories
added 2025/02/18 12:0 a.m.11 views

This Week in Spring - February 18th, 2025

Hi, Spring fans! It's the week of February 18th, 2025, and you know what that means? ConFoo and Devnexus are nearly here! Next week, I'll be traveling to amazing Montreal, Canada, to speak at the ConFoo show for an amazing community, poutine, and technology! Then, a few days later, it's off to...

7.8AI score
Exploits0
Rows per page
Query Builder