202 matches found
CVE-2025-56406
An issue was discovered in mcp-neo4j 0.3.0 allowing attackers to obtain sensitive information or execute arbitrary commands via the SSE service. NOTE: the Supplier's position is that authentication is not mandatory for MCP servers, and the mcp-neo4j MCP server is only intended for use in a local...
CVE-2025-56405
An issue was discovered in litmusautomation litmus-mcp-server thru 0.0.1 allowing unauthorized attackers to control the target's MCP service through the SSE protocol...
PT-2025-37049
Name of the Vulnerable Software and Affected Versions: MariaDB MCP version 0.1.0 Description: An issue was discovered in the MariaDB MCP software where attackers can gain sensitive information via the SSE service due to a lack of user validation within the service. Recommendations: Ensure proper...
CVE-2025-56406
CVE-2025-56406 affects mcp-neo4j 0.3.0. The issue resides in the SSE service, allowing attackers to obtain sensitive information or execute arbitrary commands. Public details note that authentication is not mandatory for MCP servers and that the MCP server is intended for local environments where...
Neo4j MCP Clients & Servers 安全漏洞
Neo4j MCP Clients & Servers is a Neo4j Contrib open source protocol for managing large language model contexts. A security vulnerability exists in Neo4j MCP Clients & Servers version 0.3.0, which originates in the SSE service and could lead to the disclosure of sensitive information or the...
CVE-2025-56406
An issue was discovered in mcp-neo4j 0.3.0 allowing attackers to obtain sensitive information or execute arbitrary commands via the SSE service. NOTE: the Supplier's position is that authentication is not mandatory for MCP servers, and the mcp-neo4j MCP server is only intended for use in a local...
PT-2025-37048
Name of the Vulnerable Software and Affected Versions: mcp-neo4j version 0.3.0 Description: An issue was discovered that allows attackers to gain sensitive information or execute arbitrary commands via the SSE service. Recommendations: At the moment, there is no information about a newer version...
PT-2025-37050
Name of the Vulnerable Software and Affected Versions: litmusautomation litmus-mcp-server versions through 0.0.1 Description: An issue allows unauthorized attackers to control the target's MCP service through the SSE Server-Sent Events protocol. Recommendations: At the moment, there is no...
CVE-2025-56405
The CVE-2025-56405 entry concerns litmusautomation litmus-mcp-server up to version 0.0.1, where an issue allows unauthorized attackers to control the target MCP service via the SSE protocol. The NVD/SCA records indicate CVSSv3.1 base score 7.5 (High) with NETWORK attack vector, LOW attack complex...
CVE-2025-56404
CVE-2025-56404 affects MariaDB MCP 0.1.0. The vulnerability arises from the SSE service lacking user validation, enabling an attacker to gain sensitive information. The data provided indicates a potential information disclosure with CVSS 3.1 vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N (base score...
MCP Server using Server Sent Events Detected
Binary data mcpssedetect.nbin...
SUSE CVE-2025-27421
Abacus is a highly scalable and stateless counting API. A critical goroutine leak vulnerability has been identified in the Abacus server's Server-Sent Events SSE implementation. The issue occurs when clients disconnect from the /stream endpoint, as the server fails to properly clean up resources...
CVE-2025-27421
Abacus is a highly scalable and stateless counting API. A critical goroutine leak vulnerability has been identified in the Abacus server's Server-Sent Events SSE implementation. The issue occurs when clients disconnect from the /stream endpoint, as the server fails to properly clean up resources...
GHSA-VH64-54PX-QGF8 Goroutine Leak in Abacus SSE Implementation
Goroutine Leak in Abacus SSE Implementation Summary A critical goroutine leak vulnerability has been identified in the Abacus server's Server-Sent Events SSE implementation. The issue occurs when clients disconnect from the /stream endpoint, as the server fails to properly clean up resources and...
Goroutine Leak in Abacus SSE Implementation
Goroutine Leak in Abacus SSE Implementation Summary A critical goroutine leak vulnerability has been identified in the Abacus server's Server-Sent Events SSE implementation. The issue occurs when clients disconnect from the /stream endpoint, as the server fails to properly clean up resources and...
CVE-2025-27421 Goroutine Leak in Abacus SSE Implementation
Abacus is a highly scalable and stateless counting API. A critical goroutine leak vulnerability has been identified in the Abacus server's Server-Sent Events SSE implementation. The issue occurs when clients disconnect from the /stream endpoint, as the server fails to properly clean up resources...
CVE-2025-27421
CVE-2025-27421 describes a goroutine leak in Abacus SSE: when clients disconnect from /stream, the server fails to clean up resources and terminate goroutines, causing resource exhaustion and eventual inability to accept new SSE connections with high memory usage. The fixed version is Abacus v1.4...
CVE-2025-27421 Goroutine Leak in Abacus SSE Implementation
Abacus is a highly scalable and stateless counting API. A critical goroutine leak vulnerability has been identified in the Abacus server's Server-Sent Events SSE implementation. The issue occurs when clients disconnect from the /stream endpoint, as the server fails to properly clean up resources...
CVE-2025-27421 Goroutine Leak in Abacus SSE Implementation
Abacus is a highly scalable and stateless counting API. A critical goroutine leak vulnerability has been identified in the Abacus server's Server-Sent Events SSE implementation. The issue occurs when clients disconnect from the /stream endpoint, as the server fails to properly clean up resources...
Abacus 安全漏洞
Abacus is a highly extensible and stateless counting API by Jason Cameron Personal Developer. A security vulnerability exists in Abacus versions prior to 1.4.0 that stems from a goroutine leak in the Server-Sent Events implementation...