762 matches found
CVE-2026-9739
Vulnerable to DNS rebinding attacks when using SSE http://b/499408790. During the beta phase, we implemented allowed-origins and allowed-hosts flags to align with MCP security guidelines. However, the hardcoded Access-Control-Allow-Origin: header in the SSE initialization handler was inadvertentl...
CVE-2026-9739
Vulnerable to DNS rebinding attacks when using SSE http://b/499408790. During the beta phase, we implemented allowed-origins and allowed-hosts flags to align with MCP security guidelines. However, the hardcoded Access-Control-Allow-Origin: header in the SSE initialization handler was inadvertentl...
CVE-2026-9739
Vulnerable to DNS rebinding attacks when using SSE http://b/499408790. During the beta phase, we implemented allowed-origins and allowed-hosts flags to align with MCP security guidelines. However, the hardcoded Access-Control-Allow-Origin: header in the SSE initialization handler was inadvertentl...
CVE-2026-9739
Vulnerable to DNS rebinding attacks when using SSE http://b/499408790. During the beta phase, we implemented allowed-origins and allowed-hosts flags to align with MCP security guidelines. However, the hardcoded Access-Control-Allow-Origin: header in the SSE initialization handler was inadvertentl...
CVE-2026-9739
CVE-2026-9739 describes a DNS rebinding vulnerability due to a hardcoded Access-Control-Allow-Origin: * in the SSE initialization handler, despite earlier attempts to align with MCP security guidelines using allowed-origins and allowed-hosts. The issue specifically affects users connecting via To...
Google MCP Toolbox for Databases 安全漏洞
Google MCP Toolbox for Databases is an open-source Model Context Protocol MCP server developed by Google, Inc. There is a security vulnerability in Google MCP Toolbox for Databases. This vulnerability arises from the susceptibility to DNS redirection attacks when using SSE, and the hard-coded...
PT-2026-44123
Name of the Vulnerable Software and Affected Versions Toolbox affected versions not specified Description The software is susceptible to DNS rebinding attacks when using Server-Sent Events SSE under specification v2024-11-05. This occurs because the SSE initialization handler retains a hardcoded...
Dify: When Your AI Platform Becomes the Attack Surface
Executive Summary We identified a couple of vulnerabilities in AI automation platform Dify resulting in cross-tenant sensitive information disclosure and one-click account takeover. These findings reinforce the pattern we documented in our previous n8n blogpost: even though AI automation platform...
EUVD-2026-29553
The Adversarial Robustness Toolbox ART thru 1.20.1 contains a command-line argument injection vulnerability in its Kubeflow component robustnessevaluationfgsmpytorch.py. The script uses the unsafe eval function to parse string values provided via the --clipvalues and --inputshape command-line...
EUVD-2026-29552
The Adversarial Robustness Toolbox ART thru 1.20.1 contains an insecure deserialization vulnerability CWE-502 in its Kubeflow component's model loading functionality. When loading model weights from a file e.g., model.pt during robustness evaluation, the code uses torch.load without the...
CVE-2026-31230
The Adversarial Robustness Toolbox ART thru 1.20.1 contains a command-line argument injection vulnerability in its Kubeflow component robustnessevaluationfgsmpytorch.py. The script uses the unsafe eval function to parse string values provided via the --clipvalues and --inputshape command-line...
CVE-2026-31229
The Adversarial Robustness Toolbox ART thru 1.20.1 contains an insecure deserialization vulnerability CWE-502 in its Kubeflow component's model loading functionality. When loading model weights from a file e.g., model.pt during robustness evaluation, the code uses torch.load without the...
CVE-2026-31229
The ART (Adversarial Robustness Toolbox) package up to v1.20.1 contains an insecure deserialization vulnerability in its Kubeflow component’s model loading path. Loading model weights (e.g., model.pt) uses torch.load() without weights_only=True, allowing arbitrary Python object deserialization vi...
PT-2026-40116
The Adversarial Robustness Toolbox ART thru 1.20.1 contains an insecure deserialization vulnerability CWE-502 in its Kubeflow component's model loading functionality. When loading model weights from a file e.g., model.pt during robustness evaluation, the code uses torch.load without the...
CVE-2026-31228
The Adversarial Robustness Toolbox ART thru 1.20.1 contains a remote code execution vulnerability in its Kubeflow component. The robustness evaluation function for PyTorch models uses the unsafe eval function to dynamically evaluate user-supplied strings for the LossFn and Optimizer parameters...
Adversarial Robustness Toolbox 安全漏洞
Adversarial Robustness Toolbox is an open-source machine learning security defense and evaluation tool developed by Trusted-AI. Versions of Adversarial Robustness Toolbox 1.20.1 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the robustnessevaluationfgsmpytorch....
Adversarial Robustness Toolbox 安全漏洞
Adversarial Robustness Toolbox is an open-source machine learning security defense and evaluation tool developed by Trusted-AI. Versions of Adversarial Robustness Toolbox 1.20.1 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the model loading function in the...
Adversarial Robustness Toolbox 安全漏洞
Adversarial Robustness Toolbox is an open-source machine learning security defense and evaluation tool developed by Trusted-AI. Versions of Adversarial Robustness Toolbox 1.20.1 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the robustness evaluation function i...
PT-2026-40117
The Adversarial Robustness Toolbox ART thru 1.20.1 contains a command-line argument injection vulnerability in its Kubeflow component robustness evaluation fgsm pytorch.py. The script uses the unsafe eval function to parse string values provided via the --clip values and --input shape command-lin...
CVE-2026-31228
The connected documents confirm a vulnerability in the Adversarial Robustness Toolbox (ART) up to version 1.20.1, specifically in its Kubeflow component. The root cause is that the robustness evaluation function for PyTorch models uses Python’s unsafe eval() to dynamically evaluate user-supplied ...