10 matches found
EUVD-2025-32451
A vulnerability was identified in samanhappy MCPHub up to 0.9.10. This vulnerability affects the function handleSseConnectionfunction of the file src/services/sseService.ts. Such manipulation leads to improper authentication. The attack may be launched remotely. The exploit is publicly available...
CVE-2025-11287
A vulnerability was identified in samanhappy MCPHub up to 0.9.10. This vulnerability affects the function handleSseConnectionfunction of the file src/services/sseService.ts. Such manipulation leads to improper authentication. The attack may be launched remotely. The exploit is publicly available...
CVE-2025-11287 samanhappy MCPHub sseService.ts handleSseConnectionfunction improper authentication
A vulnerability was identified in samanhappy MCPHub up to 0.9.10. This vulnerability affects the function handleSseConnectionfunction of the file src/services/sseService.ts. Such manipulation leads to improper authentication. The attack may be launched remotely. The exploit is publicly available...
CVE-2025-11287 samanhappy MCPHub sseService.ts handleSseConnectionfunction improper authentication
A vulnerability was identified in samanhappy MCPHub up to 0.9.10. This vulnerability affects the function handleSseConnectionfunction of the file src/services/sseService.ts. Such manipulation leads to improper authentication. The attack may be launched remotely. The exploit is publicly available...
CVE-2025-11287
CVE-2025-11287 affects samanhappy MCPHub up to version 0.9.10. The vulnerability is in the function handleSseConnectionfunction of src/services/sseService.ts, causing improper authentication. It can be triggered remotely and public exploits exist. Remediation per referenced advisories is to upgra...
PT-2025-40800
Name of the Vulnerable Software and Affected Versions samanhappy MCPHub versions up to 0.9.10 Description A flaw exists due to improper authentication within the handleSseConnectionfunction function located in the src/services/sseService.ts file. This issue allows for remote attacks, and a public...
CVE-2025-56404
An issue was discovered in MariaDB MCP 0.1.0 allowing attackers to gain sensitive information via the SSE service as the SSE service lacks user validation...
CVE-2025-56406
An issue was discovered in mcp-neo4j 0.3.0 allowing attackers to obtain sensitive information or execute arbitrary commands via the SSE service. NOTE: the Supplier's position is that authentication is not mandatory for MCP servers, and the mcp-neo4j MCP server is only intended for use in a local...
CVE-2025-56406
An issue was discovered in mcp-neo4j 0.3.0 allowing attackers to obtain sensitive information or execute arbitrary commands via the SSE service. NOTE: the Supplier's position is that authentication is not mandatory for MCP servers, and the mcp-neo4j MCP server is only intended for use in a local...
CVE-2025-56404
An issue was discovered in MariaDB MCP 0.1.0 allowing attackers to gain sensitive information via the SSE service as the SSE service lacks user validation...