81 matches found
EEF-CVE-2026-54887 DTLS server cookie bypass during startup window due to empty initial cookie secret
Summary Use of Default Cryptographic Key vulnerability in Erlang/OTP ssl DTLS server allows predictable DTLS cookie computation during the startup window, enabling source address verification bypass. On DTLS server startup, dtls\server\connection:initial\hello/3 initializes previous\cookie\secret...
CVE-2026-14330
Multiple unbounded alloca calls in the PulseAudio protocol server...
CVE-2026-14330
Multiple unbounded alloca calls in the PulseAudio protocol server...
EUVD-2026-41007
Multiple unbounded alloca calls in the PulseAudio protocol server...
CVE-2026-14330
Multiple unbounded alloca calls in the PulseAudio protocol server. Mitigation No practical mitigation beyond upgrading. The PulseAudio protocol server is a core module required for PulseAudio application compatibility...
PT-2026-51507
Name of the Vulnerable Software and Affected Versions Flowise versions prior to 3.1.2 Description Multiple OS command injection issues exist in the Custom MCP Server feature. These occur due to incomplete command-flag validation and a regex bypass in local file access restrictions. An attacker wi...
Security Bulletin: Multiple security vulnerabilities have been identified in IBM HTTP Server shipped with IBM DevOps Code ClearCase [CVE-2026-24072, CVE-2026-28780, CVE-2026-34059, CVE-2026-33523, CVE-2026-41080, CVE-2026-33857, CVE-2026-34032]
Summary IBM HTTP Server IHS is shipped as a component of IBM DevOps Code ClearCase. Information about a security vulnerability affecting IHS has been published in a security bulletin. CVE-2026-24072, CVE-2026-28780, CVE-2026-34059, CVE-2026-33523, CVE-2026-41080, CVE-2026-33857, CVE-2026-34032...
EUVD-2026-30004
When a Client SSL profile is configured with Allow Dynamic Record Sizing on a UDP virtual server, undisclosed traffic can cause the Traffic Management Microkernel TMM to terminate. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
CVE-2026-42920 BIG-IP DTLS Vulnerability
When a Client SSL profile is configured with Allow Dynamic Record Sizing on a UDP virtual server, undisclosed traffic can cause the Traffic Management Microkernel TMM to terminate. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
PT-2026-40675
Name of the Vulnerable Software and Affected Versions F5 BIG-IP versions prior to 17.1.3.1 F5 BIG-IP versions prior to 17.5.1.4 F5 BIG-IP versions prior to 21.0.0.1 Description When a Client SSL profile is configured with Allow Dynamic Record Sizing on a UDP virtual server, undisclosed traffic ca...
CVE-2026-30350
An issue in the /store/items/search endpoint of Agent Protocol server commit e9a89f allows attackers to cause a Denial of Service DoS via a crafted POST request...
CVE-2026-30350
An issue in the /store/items/search endpoint of Agent Protocol server commit e9a89f allows attackers to cause a Denial of Service DoS via a crafted POST request...
PT-2026-35433
An issue in the /store/items/search endpoint of Agent Protocol server commit e9a89f allows attackers to cause a Denial of Service DoS via a crafted POST request...
EUVD-2026-25855
An issue in the /store/items/search endpoint of Agent Protocol server commit e9a89f allows attackers to cause a Denial of Service DoS via a crafted POST request...
CVE-2026-30350
An issue in the /store/items/search endpoint of Agent Protocol server commit e9a89f allows attackers to cause a Denial of Service DoS via a crafted POST request...
CVE-2026-30350
An issue in the /store/items/search endpoint of Agent Protocol server commit e9a89f allows attackers to cause a Denial of Service DoS via a crafted POST request...
CVE-2026-30350
Technical details are not publicly available in the provided documents. Monitor updates from primary sources for affected components, exact versions, and remediation guidance.
CVE-2026-30617
LangChain-ChatChat 0.3.1 is vulnerable to remote code execution via the MCP STDIO server configuration/execution handling. An attacker can reach the publicly exposed MCP management interface, configure an MCP STDIO server with attacker-controlled commands, and trigger arbitrary OS command executi...
CVE-2026-35577 Missing Host Header Validation in Apollo MCP Server for Localhost Deployments
Apollo MCP Server is a Model Context Protocol server that exposes GraphQL operations as MCP tools. Prior to version 1.7.0, the Apollo MCP Server did not validate the Host header on incoming HTTP requests when using StreamableHTTP transport. In configurations where an HTTP-based MCP server is run ...
sf-mcp-server 操作系统命令注入漏洞
sf-mcp-server is a context-based protocol server developed by Anton Kutishevsky. sf-mcp-server has an operating system command injection vulnerability. This vulnerability arises from unsafe operations when using childprocess.exec to handle user input, which may lead to command injection attacks...