EUVD-2025-200273

Model Context Protocol MCP Python SDK does not enable DNS rebinding protection by default...

Model Context Protocol (MCP) Python SDK does not enable DNS rebinding protection by default

Description The Model Context Protocol MCP Python SDK does not enable DNS rebinding protection by default for HTTP-based servers. When an HTTP-based MCP server is run on localhost without authentication using FastMCP with streamable HTTP or SSE transport, and has not configured...

GHSA-9H52-P55H-VW2F Model Context Protocol (MCP) Python SDK does not enable DNS rebinding protection by default

Description The Model Context Protocol MCP Python SDK does not enable DNS rebinding protection by default for HTTP-based servers. When an HTTP-based MCP server is run on localhost without authentication using FastMCP with streamable HTTP or SSE transport, and has not configured...

EUVD-2025-200274

Model Context Protocol MCP TypeScript SDK does not enable DNS rebinding protection by default...

Model Context Protocol (MCP) TypeScript SDK does not enable DNS rebinding protection by default

The Model Context Protocol MCP TypeScript SDK does not enable DNS rebinding protection by default for HTTP-based servers. When an HTTP-based MCP server is run on localhost without authentication with StreamableHTTPServerTransport or SSEServerTransport and has not enabled...

EUVD-2025-200254

Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a physically proximate attacker with root access to modify the Recovery Partition because of a lack of integrity protection...

CVE-2025-59700

Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a physically proximate attacker with root access to modify the Recovery Partition because of a lack of integrity protection...

CVE-2025-59700

Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a physically proximate attacker with root access to modify the Recovery Partition because of a lack of integrity protection...

Empower CISOs with Visibility, Agility, Compliance, and Strategic ROI

Learn how Akamai Prolexic Network Cloud Firewall allows CISOs to manage risk, resilience, and reputation by delivering visibility, agility, and proactive defense...

CVE-2025-0003

Inadequate lock protection within Xilinx Run time may allow a local attacker to trigger a Use-After-Free condition potentially resulting in loss of confidentiality or availability...

CVE-2025-59700

The CVE affects Entrust nShield devices: Connect XC, nShield 5c, and nShield HSMi up to versions 13.6.11 and 13.7. The root cause is insufficient integrity protection on the Recovery Partition, enabling a physically proximate attacker with root access to modify it. Impact includes potential compr...

MCP TypeScript SDK 安全漏洞

MCP TypeScript SDK is a Model Context Protocol open source developer toolkit for Model Context Protocol servers and clients. A security vulnerability exists in MCP TypeScript SDK versions prior to 1.24.0 that stems from not enabling DNS rebinding protection by default, which could lead to bypassi...

PT-2026-2532

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.18.0-rc1-custom-g1a3d6d7cd014 Description The Linux kernel contained a use-after-free issue within the mlxsw spectrum mr module. A missing mutex acquisition during multicast route deletion could lead to this...

Google Chrome 安全漏洞

Google Chrome is a web browser from Google, Inc USA. A security vulnerability exists in Google Chrome prior to version 143.0.7499.41, which stems from an improper implementation of the download feature that could allow a remote attacker to bypass download protection via a specially crafted HTML...

CVE-2025-59700

Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a physically proximate attacker with root access to modify the Recovery Partition because of a lack of integrity protection...

PT-2025-48701

Name of the Vulnerable Software and Affected Versions Entrust nShield Connect XC versions through 13.6.11 Entrust nShield 5c versions through 13.6.11 Entrust nShield HSMi versions through 13.6.11 Entrust nShield Connect XC version 13.7 Entrust nShield 5c version 13.7 Entrust nShield HSMi version...

PT-2025-48746

Name of the Vulnerable Software and Affected Versions MCP TypeScript SDK versions prior to 1.24.0 Description The Model Context Protocol MCP TypeScript SDK does not enable DNS rebinding protection by default for HTTP-based servers. If an HTTP-based MCP server is running on localhost without...

Defend Post-Quantum Cryptography's “Harvest Now, Decrypt Later” with WAAP

Prepare for a quantum-safe future. Learn how Akamai App & API Protector helps stop the data leaks that fuel “harvest now, decrypt later” attacks...

Banning VPNs

This is crazy. Lawmakers in several US states are contemplating banning VPNs, because…think of the children! As of this writing, Wisconsin lawmakers are escalating their war on privacy by targeting VPNs in the name of "protecting children" in A.B. 105/S.B. 130. It’s an age verification bill that...

WhiteLie: A Robust System for Spoofing User Data in Android Platforms

Android employs a permission framework that empowers users to either accept or deny sharing their private data for example, location with an app. However, many apps tend to crash when they are denied permission, leaving users no choice but to allow access to their data in order to use the app. In...