Lucene search
+L

208 matches found

Github Security Blog
Github Security Blog
added 2026/04/06 5:59 p.m.20 views

@nestjs/core Improperly Neutralizes Special Elements in Output Used by a Downstream Component ('Injection')

Impact What kind of vulnerability is it? Who is impacted? SseStream.transform interpolates message.type and message.id directly into Server-Sent Events text protocol output without sanitizing newline characters \r, \n. Since the SSE protocol treats both \r and \n as field delimiters and \n\n as...

6.3CVSS6.1AI score0.00234EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2026/04/06 5:59 p.m.3 views

GHSA-36XV-JGW5-4Q75 @nestjs/core Improperly Neutralizes Special Elements in Output Used by a Downstream Component ('Injection')

Impact What kind of vulnerability is it? Who is impacted? SseStream.transform interpolates message.type and message.id directly into Server-Sent Events text protocol output without sanitizing newline characters \r, \n. Since the SSE protocol treats both \r and \n as field delimiters and \n\n as...

6.3CVSS6.1AI score0.00234EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/04/06 12:0 a.m.7 views

PT-2026-30760

Name of the Vulnerable Software and Affected Versions Nest versions prior to 11.1.18 Description The SseStream. transform function interpolates message.type and message.id directly into Server-Sent Events text protocol output without sanitizing newline characters r, . Because the SSE protocol use...

6.3CVSS6.1AI score0.00234EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/04/01 12:0 a.m.7 views

PT-2026-29672

Name of the Vulnerable Software and Affected Versions Go MCP SDK versions prior to 1.4.0 Description The Go MCP SDK, utilizing Go's standard encoding/json, did not enable DNS rebinding protection by default for HTTP-based servers prior to version 1.4.0. When an HTTP-based MCP server was run on...

9.8CVSS5.9AI score0.00455EPSS
Exploits0References38
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/31 4:56 p.m.12 views

Security Bulletin: Remediation of Multiple Spring Vulnerabilities in IBM Library Support for Spring

Summary Multiple Spring Vulnerabilities have been addressed in IBM Library Support for Spring Vulnerability Details CVEID:CVE-2026-22731 DESCRIPTION: Spring Boot applications with Actuator can be vulnerable to an "Authentication Bypass" vulnerability when an application endpoint that requires...

9.1CVSS5.8AI score0.0122EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/31 4:55 p.m.10 views

Security Bulletin: Remediation of Multiple Spring Vulnerabilities in IBM Library Support for Spring

Summary Multiple Spring Vulnerabilities have been addressed in IBM Library Support for Spring Vulnerability Details CVEID:CVE-2026-22733 DESCRIPTION: Spring Boot applications with Actuator can be vulnerable to an "Authentication Bypass" vulnerability when an application endpoint that requires...

9.1CVSS5.8AI score0.0122EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/31 4:54 p.m.7 views

Security Bulletin: Remediation of Multiple Spring Vulnerabilities in IBM Library Support for Spring

Summary Multiple Spring Vulnerabilities have been addressed in IBM Library Support for Spring Vulnerability Details CVEID:CVE-2026-22733 DESCRIPTION: Spring Boot applications with Actuator can be vulnerable to an "Authentication Bypass" vulnerability when an application endpoint that requires...

9.1CVSS5.8AI score0.0122EPSS
Exploits3Affected Software1
OSV
OSV
added 2026/03/30 5:26 p.m.3 views

GHSA-HV2W-8MJJ-JW22 MCP Java SDK has a Hardcoded Wildcard CORS (Access-Control-Allow-Origin: *)

Summary Hardcoded Wildcard CORS Access-Control-Allow-Origin: - https://github.com/modelcontextprotocol/java-sdk/blob/main/mcp-core/src/main/java/io/modelcontextprotocol/server/transport/HttpServletSseServerTransportProvider.javaL289 -...

6.1CVSS7.5AI score0.00222EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/03/30 5:6 p.m.7 views

CVE-2026-33946

MCP Ruby SDK is the official Ruby SDK for Model Context Protocol servers and clients. Prior to version 0.9.2, the Ruby SDK's streamablehttptransport.rb implementation contains a session hijacking vulnerability. An attacker who obtains a valid session ID can completely hijack the victim's...

8.2CVSS5.9AI score0.00465EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/03/30 12:0 a.m.14 views

PT-2026-29161

Name of the Vulnerable Software and Affected Versions MCP Java SDK versions prior to 1.0.1 MCP Java SDK versions prior to 1.1.1 Description The MCP Java SDK contains a hardcoded wildcard Cross-Origin Resource Sharing CORS configuration, specifically setting Access-Control-Allow-Origin to ''. This...

6.1CVSS7.5AI score0.00222EPSS
Exploits0References11
RedhatCVE
RedhatCVE
added 2026/03/28 11:9 p.m.4 views

CVE-2026-31950

LibreChat is a ChatGPT clone with additional features. In versions 0.8.2-rc2 through 0.8.2-rc3, the SSE streaming endpoint /api/agents/chat/stream/:streamId does not verify that the requesting user owns the stream. Any authenticated user who obtains or guesses a valid stream ID can subscribe and...

5.3CVSS5.9AI score0.00208EPSS
Exploits1References1
Veracode
Veracode
added 2026/03/28 5:29 a.m.9 views

Session Hijacking

MCP Ruby SDK is vulnerable to Session Hijacking. The vulnerability is due to insufficient session binding, where an attacker who obtains a valid session ID can completely hijack the victim's Server-Sent Events SSE stream and intercept all real-time data...

8.2CVSS5.7AI score0.00465EPSS
Exploits1References8Affected Software1
Snyk
Snyk
added 2026/03/27 11:24 p.m.2 views

Session Fixation

Overview mcp is a The official Ruby SDK for Model Context Protocol servers and clients Affected versions of this package are vulnerable to Session Fixation through the storestreamforsession process in lib/mcp/server/transports/streamablehttptransport.rb. An attacker can intercept all subsequent...

8.6CVSS5.9AI score0.00465EPSS
Exploits1References2
NVD
NVD
added 2026/03/27 10:16 p.m.5 views

CVE-2026-33946

MCP Ruby SDK is the official Ruby SDK for Model Context Protocol servers and clients. Prior to version 0.9.2, the Ruby SDK's streamablehttptransport.rb implementation contains a session hijacking vulnerability. An attacker who obtains a valid session ID can completely hijack the victim's...

8.2CVSS0.00465EPSS
Exploits1References8
ATTACKERKB
ATTACKERKB
added 2026/03/27 9:20 p.m.2 views

CVE-2026-33946

MCP Ruby SDK is the official Ruby SDK for Model Context Protocol servers and clients. Prior to version 0.9.2, the Ruby SDK's streamablehttptransport.rb implementation contains a session hijacking vulnerability. An attacker who obtains a valid session ID can completely hijack the victim's...

8.2CVSS5.9AI score0.00465EPSS
Exploits1References9Affected Software1
EUVD
EUVD
added 2026/03/27 9:20 p.m.6 views

EUVD-2026-16866

MCP Ruby SDK is the official Ruby SDK for Model Context Protocol servers and clients. Prior to version 0.9.2, the Ruby SDK's streamablehttptransport.rb implementation contains a session hijacking vulnerability. An attacker who obtains a valid session ID can completely hijack the victim's...

8.2CVSS5.9AI score0.00465EPSS
Exploits1References8
Cvelist
Cvelist
added 2026/03/27 9:20 p.m.23 views

CVE-2026-33946 MCP Ruby SDK: Insufficient Session Binding Allows SSE Stream Hijacking via Session ID Replay

MCP Ruby SDK is the official Ruby SDK for Model Context Protocol servers and clients. Prior to version 0.9.2, the Ruby SDK's streamablehttptransport.rb implementation contains a session hijacking vulnerability. An attacker who obtains a valid session ID can completely hijack the victim's...

8.2CVSS0.00465EPSS
Exploits1References8
CVE
CVE
added 2026/03/27 9:20 p.m.52 views

CVE-2026-33946

The CVE affects the MCP Ruby SDK prior to 0.9.2. In streamable_http_transport.rb, an attacker with a valid session ID can hijack the victim’s SSE stream and intercept real-time data, due to insufficient session binding. Version 0.9.2 patches this. No additional exploit details are provided beyond...

8.2CVSS5.9AI score0.00465EPSS
Exploits1References8Affected Software1
Cvelist
Cvelist
added 2026/03/27 7:25 p.m.25 views

CVE-2026-31950 LibreChat's IDOR in SSE Stream Subscription Allows Reading Other Users' Chats

LibreChat is a ChatGPT clone with additional features. In versions 0.8.2-rc2 through 0.8.2-rc3, the SSE streaming endpoint /api/agents/chat/stream/:streamId does not verify that the requesting user owns the stream. Any authenticated user who obtains or guesses a valid stream ID can subscribe and...

5.3CVSS0.00208EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2026/03/27 6:36 p.m.14 views

MCP Ruby SDK: Insufficient Session Binding Allows SSE Stream Hijacking via Session ID Replay

Summary The Ruby SDK's streamablehttptransport.rb implementation contains a session hijacking vulnerability. An attacker who obtains a valid session ID can completely hijack the victim's Server-Sent Events SSE stream and intercept all real-time data. Details Root Cause The StreamableHTTPTransport...

8.2CVSS5.9AI score0.00465EPSS
Exploits1References11Affected Software1
Rows per page
Query Builder