Lucene search
K

49 matches found

RedHat Linux
RedHat Linux
added 2026/02/03 7:21 a.m.3 views

urllib3: urllib3 vulnerable to decompression-bomb safeguard bypass when following HTTP redirects (streaming API)

urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. urllib3 can perform decoding or decompression based on the HTTP...

8.9CVSS5.8AI score0.02667EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/02/02 12:38 p.m.6 views

urllib3: urllib3 vulnerable to decompression-bomb safeguard bypass when following HTTP redirects (streaming API)

urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. urllib3 can perform decoding or decompression based on the HTTP...

8.9CVSS5.8AI score0.02667EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/01/26 6:1 p.m.9 views

urllib3: urllib3 vulnerable to decompression-bomb safeguard bypass when following HTTP redirects (streaming API)

urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. urllib3 can perform decoding or decompression based on the HTTP...

8.9CVSS5.8AI score0.02667EPSS
Exploits0References6
AlpineLinux
AlpineLinux
added 2026/01/07 10:9 p.m.11 views

CVE-2026-21441

urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. urllib3 can perform decoding or decompression based on the HTTP...

8.9CVSS6.6AI score0.02667EPSS
Exploits0References114
Positive Technologies
Positive Technologies
added 2026/01/01 12:0 a.m.8 views

PT-2026-6172

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw in the arm64/fpsimd component related to the restoration of SVE context when SME is supported. Restoring SVE signal context can lead to an invalid state,...

7.1CVSS5.4AI score0.00117EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2025/12/16 12:23 a.m.4 views

SUSE CVE-2025-64443

MCP Gateway allows easy and secure running and deployment of MCP servers. In versions 0.27.0 and earlier, when MCP Gateway runs in sse or streaming transport mode, it is vulnerable to DNS rebinding. An attacker who can get a victim to visit a malicious website or be served a malicious advertiseme...

9.6CVSS6.9AI score0.00388EPSS
Exploits0References2
OSV
OSV
added 2025/12/08 9:31 p.m.6 views

GO-2025-4179 Docker MCP Plugin and Docker MCP Gateway have DNS Rebinding vulnerability when running in sse or streaming mode in github.com/docker/mcp-gateway

Docker MCP Plugin and Docker MCP Gateway have DNS Rebinding vulnerability when running in sse or streaming mode in github.com/docker/mcp-gateway...

9.6CVSS6.9AI score0.00388EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2025/12/05 8:32 p.m.9 views

CVE-2025-64443

MCP Gateway allows easy and secure running and deployment of MCP servers. In versions 0.27.0 and earlier, when MCP Gateway runs in sse or streaming transport mode, it is vulnerable to DNS rebinding. An attacker who can get a victim to visit a malicious website or be served a malicious advertiseme...

7.3CVSS6.8AI score0.00388EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/03 5:41 p.m.6 views

EUVD-2025-200985

MCP Gateway allows easy and secure running and deployment of MCP servers. In versions 0.27.0 and earlier, when MCP Gateway runs in sse or streaming transport mode, it is vulnerable to DNS rebinding. An attacker who can get a victim to visit a malicious website or be served a malicious advertiseme...

7.3CVSS6.2AI score0.00388EPSS
Exploits0References7
CVE
CVE
added 2025/12/03 5:41 p.m.20 views

CVE-2025-64443

The CVE-2025-64443 entry concerns the Docker MCP Gateway. In versions up to 0.27.0, when running in sse or streaming transport mode, it is vulnerable to DNS rebinding, enabling browser-based exploitation of MCP servers behind the gateway if a victim visits a malicious site or ad. The gateway is n...

9.6CVSS6.4AI score0.00388EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2025/12/03 5:41 p.m.1 views

CVE-2025-64443 DNS Rebinding vulnerability present when running MCP Gateway in sse or streaming mode

MCP Gateway allows easy and secure running and deployment of MCP servers. In versions 0.27.0 and earlier, when MCP Gateway runs in sse or streaming transport mode, it is vulnerable to DNS rebinding. An attacker who can get a victim to visit a malicious website or be served a malicious advertiseme...

7.3CVSS6.4AI score0.00388EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/12/03 5:41 p.m.18 views

CVE-2025-64443 DNS Rebinding vulnerability present when running MCP Gateway in sse or streaming mode

MCP Gateway allows easy and secure running and deployment of MCP servers. In versions 0.27.0 and earlier, when MCP Gateway runs in sse or streaming transport mode, it is vulnerable to DNS rebinding. An attacker who can get a victim to visit a malicious website or be served a malicious advertiseme...

7.3CVSS0.00388EPSS
Exploits0References2
OSV
OSV
added 2025/12/03 5:41 p.m.9 views

CVE-2025-64443 DNS Rebinding vulnerability present when running MCP Gateway in sse or streaming mode

MCP Gateway allows easy and secure running and deployment of MCP servers. In versions 0.27.0 and earlier, when MCP Gateway runs in sse or streaming transport mode, it is vulnerable to DNS rebinding. An attacker who can get a victim to visit a malicious website or be served a malicious advertiseme...

7.3CVSS6.7AI score0.00388EPSS
Exploits0References4
Snyk
Snyk
added 2025/12/03 4:7 p.m.2 views

Exposed Dangerous Method or Function

Overview Affected versions of this package are vulnerable to Exposed Dangerous Method or Function via the sse or streaming transport modes. An attacker can gain unauthorized access to internal resources by tricking a victim into visiting a malicious website or serving a malicious advertisement...

8.3CVSS6.9AI score0.00388EPSS
Exploits0References2
Snyk
Snyk
added 2025/12/03 4:7 p.m.4 views

Exposed Dangerous Method or Function

Overview Affected versions of this package are vulnerable to Exposed Dangerous Method or Function via the sse or streaming transport modes. An attacker can gain unauthorized access to internal resources by tricking a victim into visiting a malicious website or serving a malicious advertisement...

8.3CVSS6.9AI score0.00388EPSS
Exploits0References2
Snyk
Snyk
added 2025/12/03 4:7 p.m.2 views

Exposed Dangerous Method or Function

Overview Affected versions of this package are vulnerable to Exposed Dangerous Method or Function via the sse or streaming transport modes. An attacker can gain unauthorized access to internal resources by tricking a victim into visiting a malicious website or serving a malicious advertisement...

8.3CVSS6.9AI score0.00388EPSS
Exploits0References2
OSV
OSV
added 2025/12/03 4:7 p.m.4 views

GHSA-46GC-MWH4-CC5R Docker MCP Plugin and Docker MCP Gateway have DNS Rebinding vulnerability when running in sse or streaming mode

Impact When ran in sse or streaming mode --transport, the Docker MCP Gateway is vulnerable to a DNS rebinding attack. Vulnerability allows for Browser-Based exploitation of any MCP servers that are executing within the Docker MCP Gateway. Any tools or other features exposed by MCP servers can be...

7.3CVSS6.8AI score0.00388EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2025/12/03 4:7 p.m.9 views

Docker MCP Plugin and Docker MCP Gateway have DNS Rebinding vulnerability when running in sse or streaming mode

Impact When ran in sse or streaming mode --transport, the Docker MCP Gateway is vulnerable to a DNS rebinding attack. Vulnerability allows for Browser-Based exploitation of any MCP servers that are executing within the Docker MCP Gateway. Any tools or other features exposed by MCP servers can be...

9.6CVSS6.9AI score0.00388EPSS
Exploits0References7Affected Software1
Positive Technologies
Positive Technologies
added 2025/12/03 12:0 a.m.4 views

PT-2025-48968

Name of the Vulnerable Software and Affected Versions MCP Gateway versions prior to 0.28.0 Description MCP Gateway, used for running and deploying MCP servers, is susceptible to DNS rebinding when operating in sse or streaming transport mode. An attacker can exploit this by tricking a user into...

7.3CVSS6.3AI score0.00388EPSS
Exploits0References9
CNNVD
CNNVD
added 2025/12/03 12:0 a.m.7 views

Docker MCP Gateway 安全漏洞

Docker MCP Gateway is a gateway service from Docker Inc. in the United States. A security vulnerability exists in Docker MCP Gateway version 0.27.0 and earlier, which stems from vulnerability to DNS rebinding attacks when running in sse or streaming transport mode, and could lead to browser-based...

9.6CVSS6.3AI score0.00388EPSS
Exploits0References2
Rows per page
Query Builder