Lucene search
K

81 matches found

OSV
OSV
added 2026/02/04 8:4 p.m.4 views

GHSA-345P-7CG4-V4C7 @modelcontextprotocol/sdk has cross-client data leak via shared server/transport instance reuse

Summary Cross-client data leak via two distinct issues: 1 reusing a single StreamableHTTPServerTransport across multiple client requests, and 2 reusing a single McpServer/Server instance across multiple transports. Both are most common in stateless deployments. Impact This advisory covers two...

7.1CVSS5.6AI score0.00267EPSS
Exploits0References5
OSV
OSV
added 2026/01/16 4:29 p.m.5 views

CVE-2026-23523 Dive allows One-click Remote Code Execution through Deep Links for MCP Install

Dive is an open-source MCP Host Desktop Application that enables integration with function-calling LLMs. Prior to 0.13.0, crafted deeplink can install an attacker-controlled MCP server configuration without sufficient user confirmation and can lead to arbitrary local command execution on the...

9.6CVSS6.9AI score0.06299EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/01/07 12:0 a.m.3 views

Terminal Controller for MCP 安全漏洞

Terminal Controller for MCP is a context protocol server by the individual developer GongRzhe. A security vulnerability exists in Terminal Controller for MCP version 0.1.7, which stems from a command injection in the executecommand function that could lead to the execution of arbitrary commands...

10CVSS7.3AI score0.01891EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2025/12/18 8:25 p.m.4 views

CVE-2025-59529 simple protocol server ignores accepts unlimited connections and logs failures without limit

Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In versions up to and including 0.9-rc2, the simple protocol server ignores the documented client limit and accepts unlimited connections, allowing for easy local DoS. Although CLIENTSMAX ...

5.5CVSS5.9AI score0.00152EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2025/11/18 12:0 a.m.8 views

PT-2025-47321

Name of the Vulnerable Software and Affected Versions Avahi versions up to and including 0.9-rc2 Description Avahi is a system that enables service discovery on a local network using the mDNS/DNS-SD protocol suite. The simple protocol server does not enforce the documented client limit, accepting...

5.5CVSS5.9AI score0.00152EPSS
Exploits1References21
CNVD
CNVD
added 2025/10/17 12:0 a.m.4 views

UTT HiPER 2620G Buffer Overflow Vulnerability

The UTT HiPER 2620G is an enterprise-class router from Atech Technology UTT designed for small and medium-sized businesses, schools, or Internet cafes in scenarios that require multi-line access and network control. The UTT HiPER 2620G suffers from a buffer overflow vulnerability that originates...

9CVSS8.2AI score0.00677EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/10/13 12:0 a.m.5 views

PT-2025-41741

Name of the Vulnerable Software and Affected Versions UTT HiPER 2620G versions through 3.1.4 Description A flaw exists in UTT HiPER 2620G up to version 3.1.4. The strcpy function within the /goform/fNTP file is susceptible to a buffer overflow when the NTPServerIP argument is manipulated. This...

9CVSS8AI score0.00677EPSS
Exploits1References12
EUVD
EUVD
added 2025/10/03 8:7 p.m.10 views

EUVD-2025-25419

Malicious code in bioql PyPI...

9.1CVSS6.6AI score0.0024EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-28388

Malicious code in bioql PyPI...

9.8CVSS7.5AI score0.00596EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-28590

Malicious code in bioql PyPI...

6.5CVSS6.6AI score0.00246EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/08/22 12:22 a.m.15 views

CVE-2025-55499

Tenda AC6 V15.03.06.23multi was discovered to contain a buffer overflow via the ntpServer parameter in the fromSetSysTime function...

6.5CVSS8.1AI score0.00246EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/08/20 12:0 a.m.8 views

PT-2025-34058 · Tenda · Tenda Ac6

Name of the Vulnerable Software and Affected Versions: Tenda AC6 version 15.03.06.23 multi Description: The device contains a buffer overflow through the ntpServer parameter in the fromSetSysTime function. Recommendations: At the moment, there is no information about a newer version that contains...

6.5CVSS6.8AI score0.00246EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2025/08/13 12:0 a.m.10 views

PT-2025-32989 · Unknown · Cherry-Studio

Name of the Vulnerable Software and Affected Versions: Cherry Studio versions 1.2.5 through 1.5.1 Description: Cherry Studio is vulnerable to OS Command Injection when connecting to a malicious MCP server in HTTP Streamable mode. Attackers can establish a malicious MCP server with compatible OAut...

7.7CVSS7.7AI score0.02144EPSS
Exploits1References7
BDU FSTEC
BDU FSTEC
added 2025/07/23 12:0 a.m.7 views

The vulnerability of the System Time module in the D-LINK DIR-818LW router’s software management web interface allows a hacker to execute arbitrary commands.

The vulnerability of the System Time module in the D-LINK DIR-818LW router’s software management web interface is related to the lack of measures taken to neutralize special elements during the processing of the NTP Server parameter. Exploiting this vulnerability allows a remote attacker to execu...

6.5CVSS5.9AI score0.04165EPSS
Exploits0References5Affected Software1
SUSE CVE
SUSE CVE
added 2024/10/29 4:19 a.m.2 views

SUSE CVE-2024-44331

Incorrect Access Control in GStreamer RTSP server 1.25.0 in gst-rtsp-server/rtsp-media.c allows remote attackers to cause a denial of service via a series of specially crafted hexstream requests...

7.5CVSS6.8AI score0.00658EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/10/08 5:36 p.m.39 views

CVE-2024-43582 Remote Desktop Protocol Server Remote Code Execution Vulnerability

...

8.1CVSS7.2AI score0.03087EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2024/05/11 12:0 a.m.27 views

RHEL 6 : mercurial (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - mercurial: arbitrary command execution in mercurial repo with a git submodule CVE-2017-17458 - mercurial:...

9.8AI score0.06331EPSS
Exploits1References8
OSV
OSV
added 2023/09/27 5:55 p.m.22 views

CVE-2023-42822 Unchecked access to font glyph info in xrdp

xrdp is an open source remote desktop protocol server. Access to the font glyphs in xrdppainter.c is not bounds-checked . Since some of this data is controllable by the user, this can result in an out-of-bounds read within the xrdp executable. The vulnerability allows an out-of-bounds read within...

4.6CVSS5.8AI score0.0063EPSS
Exploits0References8
Debian
Debian
added 2023/09/18 9:42 p.m.40 views

[SECURITY] [DSA 5502-1] xrdp security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5502-1 [email protected] https://www.debian.org/security/ Markus Koschany September 18, 2023 https://www.debian.org/security/faq -...

9.8CVSS7.3AI score0.00892EPSS
Exploits0
OSV
OSV
added 2023/09/12 5:15 p.m.0 views

CVE-2023-36801

DHCP Server Service Information Disclosure Vulnerability...

5.3CVSS7.3AI score0.01501EPSS
Exploits0References1
Rows per page
Query Builder