81 matches found
GHSA-345P-7CG4-V4C7 @modelcontextprotocol/sdk has cross-client data leak via shared server/transport instance reuse
Summary Cross-client data leak via two distinct issues: 1 reusing a single StreamableHTTPServerTransport across multiple client requests, and 2 reusing a single McpServer/Server instance across multiple transports. Both are most common in stateless deployments. Impact This advisory covers two...
CVE-2026-23523 Dive allows One-click Remote Code Execution through Deep Links for MCP Install
Dive is an open-source MCP Host Desktop Application that enables integration with function-calling LLMs. Prior to 0.13.0, crafted deeplink can install an attacker-controlled MCP server configuration without sufficient user confirmation and can lead to arbitrary local command execution on the...
Terminal Controller for MCP 安全漏洞
Terminal Controller for MCP is a context protocol server by the individual developer GongRzhe. A security vulnerability exists in Terminal Controller for MCP version 0.1.7, which stems from a command injection in the executecommand function that could lead to the execution of arbitrary commands...
CVE-2025-59529 simple protocol server ignores accepts unlimited connections and logs failures without limit
Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In versions up to and including 0.9-rc2, the simple protocol server ignores the documented client limit and accepts unlimited connections, allowing for easy local DoS. Although CLIENTSMAX ...
PT-2025-47321
Name of the Vulnerable Software and Affected Versions Avahi versions up to and including 0.9-rc2 Description Avahi is a system that enables service discovery on a local network using the mDNS/DNS-SD protocol suite. The simple protocol server does not enforce the documented client limit, accepting...
UTT HiPER 2620G Buffer Overflow Vulnerability
The UTT HiPER 2620G is an enterprise-class router from Atech Technology UTT designed for small and medium-sized businesses, schools, or Internet cafes in scenarios that require multi-line access and network control. The UTT HiPER 2620G suffers from a buffer overflow vulnerability that originates...
PT-2025-41741
Name of the Vulnerable Software and Affected Versions UTT HiPER 2620G versions through 3.1.4 Description A flaw exists in UTT HiPER 2620G up to version 3.1.4. The strcpy function within the /goform/fNTP file is susceptible to a buffer overflow when the NTPServerIP argument is manipulated. This...
EUVD-2025-25419
Malicious code in bioql PyPI...
EUVD-2025-28388
Malicious code in bioql PyPI...
EUVD-2025-28590
Malicious code in bioql PyPI...
CVE-2025-55499
Tenda AC6 V15.03.06.23multi was discovered to contain a buffer overflow via the ntpServer parameter in the fromSetSysTime function...
PT-2025-34058 · Tenda · Tenda Ac6
Name of the Vulnerable Software and Affected Versions: Tenda AC6 version 15.03.06.23 multi Description: The device contains a buffer overflow through the ntpServer parameter in the fromSetSysTime function. Recommendations: At the moment, there is no information about a newer version that contains...
PT-2025-32989 · Unknown · Cherry-Studio
Name of the Vulnerable Software and Affected Versions: Cherry Studio versions 1.2.5 through 1.5.1 Description: Cherry Studio is vulnerable to OS Command Injection when connecting to a malicious MCP server in HTTP Streamable mode. Attackers can establish a malicious MCP server with compatible OAut...
The vulnerability of the System Time module in the D-LINK DIR-818LW router’s software management web interface allows a hacker to execute arbitrary commands.
The vulnerability of the System Time module in the D-LINK DIR-818LW router’s software management web interface is related to the lack of measures taken to neutralize special elements during the processing of the NTP Server parameter. Exploiting this vulnerability allows a remote attacker to execu...
SUSE CVE-2024-44331
Incorrect Access Control in GStreamer RTSP server 1.25.0 in gst-rtsp-server/rtsp-media.c allows remote attackers to cause a denial of service via a series of specially crafted hexstream requests...
CVE-2024-43582 Remote Desktop Protocol Server Remote Code Execution Vulnerability
...
RHEL 6 : mercurial (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - mercurial: arbitrary command execution in mercurial repo with a git submodule CVE-2017-17458 - mercurial:...
CVE-2023-42822 Unchecked access to font glyph info in xrdp
xrdp is an open source remote desktop protocol server. Access to the font glyphs in xrdppainter.c is not bounds-checked . Since some of this data is controllable by the user, this can result in an out-of-bounds read within the xrdp executable. The vulnerability allows an out-of-bounds read within...
[SECURITY] [DSA 5502-1] xrdp security update
------------------------------------------------------------------------- Debian Security Advisory DSA-5502-1 [email protected] https://www.debian.org/security/ Markus Koschany September 18, 2023 https://www.debian.org/security/faq -...
CVE-2023-36801
DHCP Server Service Information Disclosure Vulnerability...