Lucene search
K

5 matches found

Vulnrichment
Vulnrichment
added 2026/03/27 9:20 p.m.6 views

CVE-2026-33946 MCP Ruby SDK: Insufficient Session Binding Allows SSE Stream Hijacking via Session ID Replay

MCP Ruby SDK is the official Ruby SDK for Model Context Protocol servers and clients. Prior to version 0.9.2, the Ruby SDK's streamablehttptransport.rb implementation contains a session hijacking vulnerability. An attacker who obtains a valid session ID can completely hijack the victim's...

8.2CVSS5.9AI score0.00465EPSS
Exploits1References8
OSV
OSV
added 2026/03/27 9:20 p.m.5 views

CVE-2026-33946 MCP Ruby SDK: Insufficient Session Binding Allows SSE Stream Hijacking via Session ID Replay

MCP Ruby SDK is the official Ruby SDK for Model Context Protocol servers and clients. Prior to version 0.9.2, the Ruby SDK's streamablehttptransport.rb implementation contains a session hijacking vulnerability. An attacker who obtains a valid session ID can completely hijack the victim's...

8.2CVSS5.9AI score0.00465EPSS
Exploits1References10
OSV
OSV
added 2026/03/27 6:36 p.m.3 views

GHSA-QVQR-5CV7-WH35 MCP Ruby SDK: Insufficient Session Binding Allows SSE Stream Hijacking via Session ID Replay

Summary The Ruby SDK's streamablehttptransport.rb implementation contains a session hijacking vulnerability. An attacker who obtains a valid session ID can completely hijack the victim's Server-Sent Events SSE stream and intercept all real-time data. Details Root Cause The StreamableHTTPTransport...

8.2CVSS5.9AI score0.00465EPSS
Exploits1References11
Github Security Blog
Github Security Blog
added 2023/04/21 6:30 p.m.14 views

IO FinNet tss-lib vulnerable to replay attacks involving proofs

An issue was discovered in IO FinNet tss-lib before 2.0.0. The parameter ssid for defining a session id is not used through the MPC implementation, which makes replaying and spoofing of messages easier. In particular, the Schnorr proof of knowledge implemented in sch.go does not utilize a session...

6.8CVSS6.7AI score0.00523EPSS
Exploits0References6Affected Software2
Prion
Prion
added 2006/03/19 2:2 a.m.18 views

Cross site request forgery (csrf)

Invision Power Board 2.1.4 allows remote attackers to hijack sessions and possibly gain administrative privileges by obtaining the session ID from the s parameter, then replaying it in another request...

5.1CVSS7.5AI score0.01142EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder