Lucene search
K

202 matches found

Cvelist
Cvelist
added 2025/09/10 12:0 a.m.9 views

CVE-2025-56406

An issue was discovered in mcp-neo4j 0.3.0 allowing attackers to obtain sensitive information or execute arbitrary commands via the SSE service. NOTE: the Supplier's position is that authentication is not mandatory for MCP servers, and the mcp-neo4j MCP server is only intended for use in a local...

0.00448EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/09/10 12:0 a.m.12 views

CVE-2025-56405

An issue was discovered in litmusautomation litmus-mcp-server thru 0.0.1 allowing unauthorized attackers to control the target's MCP service through the SSE protocol...

0.003EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/09/10 12:0 a.m.5 views

PT-2025-37049

Name of the Vulnerable Software and Affected Versions: MariaDB MCP version 0.1.0 Description: An issue was discovered in the MariaDB MCP software where attackers can gain sensitive information via the SSE service due to a lack of user validation within the service. Recommendations: Ensure proper...

7.5CVSS6.3AI score0.00317EPSS
Exploits1References5
CVE
CVE
added 2025/09/10 12:0 a.m.18 views

CVE-2025-56406

CVE-2025-56406 affects mcp-neo4j 0.3.0. The issue resides in the SSE service, allowing attackers to obtain sensitive information or execute arbitrary commands. Public details note that authentication is not mandatory for MCP servers and that the MCP server is intended for local environments where...

7.5CVSS6.8AI score0.00448EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/09/10 12:0 a.m.3 views

Neo4j MCP Clients & Servers 安全漏洞

Neo4j MCP Clients & Servers is a Neo4j Contrib open source protocol for managing large language model contexts. A security vulnerability exists in Neo4j MCP Clients & Servers version 0.3.0, which originates in the SSE service and could lead to the disclosure of sensitive information or the...

7.5CVSS6.6AI score0.00448EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/09/10 12:0 a.m.2 views

CVE-2025-56406

An issue was discovered in mcp-neo4j 0.3.0 allowing attackers to obtain sensitive information or execute arbitrary commands via the SSE service. NOTE: the Supplier's position is that authentication is not mandatory for MCP servers, and the mcp-neo4j MCP server is only intended for use in a local...

6.8AI score0.00448EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/09/10 12:0 a.m.4 views

PT-2025-37048

Name of the Vulnerable Software and Affected Versions: mcp-neo4j version 0.3.0 Description: An issue was discovered that allows attackers to gain sensitive information or execute arbitrary commands via the SSE service. Recommendations: At the moment, there is no information about a newer version...

7.5CVSS7.2AI score0.00448EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2025/09/10 12:0 a.m.5 views

PT-2025-37050

Name of the Vulnerable Software and Affected Versions: litmusautomation litmus-mcp-server versions through 0.0.1 Description: An issue allows unauthorized attackers to control the target's MCP service through the SSE Server-Sent Events protocol. Recommendations: At the moment, there is no...

7.5CVSS6.2AI score0.003EPSS
Exploits1References5
CVE
CVE
added 2025/09/10 12:0 a.m.23 views

CVE-2025-56405

The CVE-2025-56405 entry concerns litmusautomation litmus-mcp-server up to version 0.0.1, where an issue allows unauthorized attackers to control the target MCP service via the SSE protocol. The NVD/SCA records indicate CVSSv3.1 base score 7.5 (High) with NETWORK attack vector, LOW attack complex...

7.5CVSS6.3AI score0.003EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2025/09/10 12:0 a.m.20 views

CVE-2025-56404

CVE-2025-56404 affects MariaDB MCP 0.1.0. The vulnerability arises from the SSE service lacking user validation, enabling an attacker to gain sensitive information. The data provided indicates a potential information disclosure with CVSS 3.1 vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N (base score...

7.5CVSS6.2AI score0.00317EPSS
Exploits1References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/08/01 12:0 a.m.6 views

MCP Server using Server Sent Events Detected

Binary data mcpssedetect.nbin...

7.3AI score
Exploits0References1
SUSE CVE
SUSE CVE
added 2025/03/14 2:56 a.m.3 views

SUSE CVE-2025-27421

Abacus is a highly scalable and stateless counting API. A critical goroutine leak vulnerability has been identified in the Abacus server's Server-Sent Events SSE implementation. The issue occurs when clients disconnect from the /stream endpoint, as the server fails to properly clean up resources...

7.5CVSS6.8AI score0.00381EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/03/05 4:41 p.m.18 views

CVE-2025-27421

Abacus is a highly scalable and stateless counting API. A critical goroutine leak vulnerability has been identified in the Abacus server's Server-Sent Events SSE implementation. The issue occurs when clients disconnect from the /stream endpoint, as the server fails to properly clean up resources...

7.5CVSS6.9AI score0.00381EPSS
Exploits0References1
OSV
OSV
added 2025/03/03 4:21 p.m.10 views

GHSA-VH64-54PX-QGF8 Goroutine Leak in Abacus SSE Implementation

Goroutine Leak in Abacus SSE Implementation Summary A critical goroutine leak vulnerability has been identified in the Abacus server's Server-Sent Events SSE implementation. The issue occurs when clients disconnect from the /stream endpoint, as the server fails to properly clean up resources and...

7.5CVSS6.5AI score0.00381EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2025/03/03 4:21 p.m.30 views

Goroutine Leak in Abacus SSE Implementation

Goroutine Leak in Abacus SSE Implementation Summary A critical goroutine leak vulnerability has been identified in the Abacus server's Server-Sent Events SSE implementation. The issue occurs when clients disconnect from the /stream endpoint, as the server fails to properly clean up resources and...

7.5CVSS6.3AI score0.00381EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2025/03/03 4:19 p.m.13 views

CVE-2025-27421 Goroutine Leak in Abacus SSE Implementation

Abacus is a highly scalable and stateless counting API. A critical goroutine leak vulnerability has been identified in the Abacus server's Server-Sent Events SSE implementation. The issue occurs when clients disconnect from the /stream endpoint, as the server fails to properly clean up resources...

7.5CVSS0.00381EPSS
Exploits0References2
CVE
CVE
added 2025/03/03 4:19 p.m.96 views

CVE-2025-27421

CVE-2025-27421 describes a goroutine leak in Abacus SSE: when clients disconnect from /stream, the server fails to clean up resources and terminate goroutines, causing resource exhaustion and eventual inability to accept new SSE connections with high memory usage. The fixed version is Abacus v1.4...

7.5CVSS6.7AI score0.00381EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/03/03 4:19 p.m.20 views

CVE-2025-27421 Goroutine Leak in Abacus SSE Implementation

Abacus is a highly scalable and stateless counting API. A critical goroutine leak vulnerability has been identified in the Abacus server's Server-Sent Events SSE implementation. The issue occurs when clients disconnect from the /stream endpoint, as the server fails to properly clean up resources...

7.5CVSS7.4AI score0.00381EPSS
Exploits0References2
OSV
OSV
added 2025/03/03 4:19 p.m.8 views

CVE-2025-27421 Goroutine Leak in Abacus SSE Implementation

Abacus is a highly scalable and stateless counting API. A critical goroutine leak vulnerability has been identified in the Abacus server's Server-Sent Events SSE implementation. The issue occurs when clients disconnect from the /stream endpoint, as the server fails to properly clean up resources...

7.5CVSS6.4AI score0.00381EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/03/03 12:0 a.m.2 views

Abacus 安全漏洞

Abacus is a highly extensible and stateless counting API by Jason Cameron Personal Developer. A security vulnerability exists in Abacus versions prior to 1.4.0 that stems from a goroutine leak in the Server-Sent Events implementation...

7.5CVSS6.3AI score0.00381EPSS
Exploits0References4
Rows per page
Query Builder