CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Qualys Blog•added 2026/03/19 3:0 p.m.•4 views

MCP Servers Are the New Shadow IT for AI

Key Takeaways MCP servers are becoming the default wiring between AI agents and enterprise applications — but most organizations have zero visibility into where they are, what they expose, or how they can be abused. Qualys TotalAI now provides layered discovery of MCP servers across network, host...

6AI score

Github Security Blog•added 2026/03/16 4:36 p.m.•5 views

Glances Central Browser Autodiscovery Leaks Reusable Credentials to Zeroconf-Spoofed Servers

Summary In Central Browser mode, Glances stores both the Zeroconf-advertised server name and the discovered IP address for dynamic servers, but later builds connection URIs from the untrusted advertised name instead of the discovered IP. When a dynamic server reports itself as protected, Glances...

8.1CVSS5.9AI score0.00018EPSS

Exploits1References5Affected Software1

RedhatCVE•added 2025/12/09 8:26 p.m.•1 views

CVE-2025-14204

A vulnerability has been found in TykoDev cherry-studio-TykoFork 0.1. This issue affects the function redirectToAuthorization of the file /.well-known/oauth-authorization-server of the component OAuth Server Discovery. Such manipulation of the argument authorizationUrl leads to os command...

6.5CVSS6.9AI score0.00526EPSS

Exploits0References1

EUVD•added 2025/12/08 12:30 a.m.•1 views

EUVD-2025-201615

6.5CVSS6.6AI score0.00526EPSS

NVD•added 2025/12/07 11:15 p.m.•2 views

CVE-2025-14204

6.5CVSS0.00526EPSS

Vulnrichment•added 2025/12/07 11:2 p.m.•1 views

CVE-2025-14204 TykoDev cherry-studio-TykoFork OAuth Server Discovery oauth-authorization-server redirectToAuthorization os command injection

6.5CVSS6.8AI score0.00526EPSS

Cvelist•added 2025/12/07 11:2 p.m.•14 views

CVE-2025-14204 TykoDev cherry-studio-TykoFork OAuth Server Discovery oauth-authorization-server redirectToAuthorization os command injection

6.5CVSS0.00526EPSS

CVE•added 2025/12/07 11:2 p.m.•4 views

CVE-2025-14204

Summary of CVE-2025-14204 : TykoDev cherry-studio-TykoFork 0.1 is affected by an OS command injection in the OAuth Server Discovery flow. The vulnerability resides in the function redirectToAuthorization of the file /.well-known/oauth-authorization-server, where improper handling of the authoriza...

6.5CVSS6.8AI score0.00526EPSS

Positive Technologies•added 2025/12/07 12:0 a.m.•1 views

PT-2025-49418

6.5CVSS7AI score0.00526EPSS

Github Security Blog•added 2025/09/17 9:30 p.m.•4 views

@sequa-ai/sequa-mcp has Command Injection vulnerability

A vulnerability was detected in sequa-ai sequa-mcp up to 1.0.13. This affects the function redirectToAuthorization of the file src/helpers/node-oauth-client-provider.ts of the component OAuth Server Discovery. Performing manipulation results in os command injection. Remote exploitation of the...

6.5CVSS6.4AI score0.00342EPSS

Exploits0References4Affected Software1

NVD•added 2025/09/17 9:15 p.m.•1 views

CVE-2025-10619

6.5CVSS0.00342EPSS

Exploits0References6

Vulnrichment•added 2025/09/17 9:2 p.m.•1 views

CVE-2025-10619 sequa-ai sequa-mcp OAuth Server Discovery node-oauth-client-provider.ts redirectToAuthorization os command injection

6.5CVSS6.4AI score0.00342EPSS

Positive Technologies•added 2025/09/17 12:0 a.m.•2 views

PT-2025-38278

Name of the Vulnerable Software and Affected Versions: sequa-ai sequa-mcp versions prior to 1.0.14 Description: A vulnerability exists in the redirectToAuthorization function within the OAuth Server Discovery component, specifically in the file src/helpers/node-oauth-client-provider.ts...

6.5CVSS6.5AI score0.00342EPSS

Exploits0References11

CNNVD•added 2025/09/17 12:0 a.m.•1 views

Sequa MCP 操作系统命令注入漏洞

Sequa MCP is an open source MCP protocol entry point for sequa.ai. Sequa MCP 1.0.13 and earlier versions have an operating system command injection vulnerability that originates from the redirectToAuthorization function in the src/helpers/node-oauth-client-provider.ts file in the OAuth Server...

6.5CVSS6.8AI score0.00342EPSS

Fedora•added 2025/06/19 2:0 a.m.•3 views

[SECURITY] Fedora 42 Update: kea-2.6.3-1.fc42

7.8CVSS5.5AI score0.00055EPSS

Fedora•added 2025/06/19 1:21 a.m.•3 views

[SECURITY] Fedora 41 Update: kea-2.6.3-1.fc41

7.8CVSS5.5AI score0.00055EPSS

OpenVAS•added 2019/09/09 12:0 a.m.•21 views

Fedora Update for kea FEDORA-2019-0811a88d77

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

6.5CVSS6.5AI score0.00673EPSS

Exploits0References2

Fedora•added 2019/09/08 2:59 a.m.•24 views

[SECURITY] Fedora 30 Update: kea-1.5.0-9.fc30

DHCP implementation from Internet Systems Consortium, Inc. that features fu lly functional DHCPv4, DHCPv6 and Dynamic DNS servers. Both DHCP servers fully support server discovery, address assignment, renew al, rebinding and release. The DHCPv6 server supports prefix delegation. Both servers...

6.5CVSS6.5AI score0.01585EPSS