Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

OSV
OSVadded 2026/04/14 12:3 a.m.2 views

GHSA-J98M-W3XP-9F56 excel-mcp-server has a Path Traversal issue

Summary A path traversal vulnerability exists in excel-mcp-server versions up to and including 0.1.7. When running in SSE or Streamable-HTTP transport mode the documented way to use this server remotely, an unauthenticated attacker on the network can read, write, and overwrite arbitrary files on...

9.4CVSS6AI score0.00095EPSS
Exploits0References4
RedhatCVE
RedhatCVEadded 2026/04/13 7:23 p.m.2 views

CVE-2026-35577

Apollo MCP Server is a Model Context Protocol server that exposes GraphQL operations as MCP tools. Prior to version 1.7.0, the Apollo MCP Server did not validate the Host header on incoming HTTP requests when using StreamableHTTP transport. In configurations where an HTTP-based MCP server is run ...

8.1CVSS5.8AI score0.00027EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2026/04/09 7:40 p.m.0 views

CVE-2026-35577

Apollo MCP Server is a Model Context Protocol server that exposes GraphQL operations as MCP tools. Prior to version 1.7.0, the Apollo MCP Server did not validate the Host header on incoming HTTP requests when using StreamableHTTP transport. In configurations where an HTTP-based MCP server is run ...

6.8CVSS5.9AI score0.00027EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologiesadded 2026/04/09 12:0 a.m.4 views

PT-2026-31715

Apollo MCP Server is a Model Context Protocol server that exposes GraphQL operations as MCP tools. Prior to version 1.7.0, the Apollo MCP Server did not validate the Host header on incoming HTTP requests when using StreamableHTTP transport. In configurations where an HTTP-based MCP server is run ...

6.8CVSS5.9AI score0.00027EPSS
Exploits0References4
Positive Technologies
Positive Technologiesadded 2026/02/04 12:0 a.m.2 views

PT-2026-6350

Summary Cross-client response data leak when a single McpServer/Server and transport instance is reused across multiple client connections, most commonly in stateless StreamableHTTPServerTransport deployments. Impact Who is affected: Any MCP server deployment using the TypeScript SDK where a sing...

7.1CVSS5.5AI score0.00016EPSS
Exploits0References6
RedhatCVE
RedhatCVEadded 2025/12/05 6:34 p.m.4 views

CVE-2025-66414

MCP TypeScript SDK is the official TypeScript SDK for Model Context Protocol servers and clients. Prior to 1.24.0, The Model Context Protocol MCP TypeScript SDK does not enable DNS rebinding protection by default for HTTP-based servers. When an HTTP-based MCP server is run on localhost without...

7.6CVSS6.5AI score0.0004EPSS
Exploits0References1
NVD
NVDadded 2025/12/02 7:15 p.m.2 views

CVE-2025-66414

MCP TypeScript SDK is the official TypeScript SDK for Model Context Protocol servers and clients. Prior to 1.24.0, The Model Context Protocol MCP TypeScript SDK does not enable DNS rebinding protection by default for HTTP-based servers. When an HTTP-based MCP server is run on localhost without...

8.1CVSS0.0004EPSS
Exploits0References2
OSV
OSVadded 2025/07/04 10:6 p.m.2 views

GHSA-J975-95F5-7WQH MCP Python SDK has Unhandled Exception in Streamable HTTP Transport, Leading to Denial of Service

If a client deliberately triggers an exception after establishing a streamable HTTP session, this can lead to an uncaught ClosedResourceError on the server side, causing the server to crash and requiring a restart to restore service. Impact may vary depending on the deployment conditions, and...

8.7CVSS6.2AI score0.00142EPSS
Exploits0References6
Rows per page
Query Builder