8 matches found
Missing Authorization
Overview Affected versions of this package are vulnerable to Missing Authorization through the DeleteUpNodeLink process. An attacker can cause the application to crash and alter the in-memory user-plane topology by sending unauthenticated DELETE requests to the affected endpoint. Remediation...
Missing Authentication for Critical Function
Overview @mcpjam/inspector is a MCPJam Inspector Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the connect route in the HTTP API. An attacker can execute arbitrary commands on the host system by sending a crafted HTTP request containing...
PT-2026-3321
Name of the Vulnerable Software and Affected Versions MCPJam inspector versions prior to 1.4.3 Description MCPJam inspector, a local-first development platform for MCP servers, contains a flaw that allows remote code execution RCE. The software by default listens on 0.0.0.0 instead of 127.0.0.1,...
PT-2026-2128
Name of the Vulnerable Software and Affected Versions CryptoLib versions prior to 1.4.3 Description CryptoLib is a software solution that uses the CCSDS Space Data Link Security Protocol - Extended Procedures SDLS-EP to secure communications between a spacecraft and a ground station. Prior to...
PT-2026-2130
Name of the Vulnerable Software and Affected Versions CryptoLib versions prior to 1.4.3 Description CryptoLib is a software solution utilizing the CCSDS Space Data Link Security Protocol - Extended Procedures SDLS-EP to secure communications between a spacecraft and a ground station. An...
PT-2024-9681 · Lunary Ai · Lunary
Name of the Vulnerable Software and Affected Versions: lunary-ai/lunary versions 1.3.2 through 1.4.2 Description: The issue is related to an IDOR vulnerability in the 'Evaluations' function of the 'umgws datasets' section. This vulnerability allows an authenticated user to update other users'...
PT-2023-10009 · Mmdeveloper · Mmdeveloper A Forms Plugin
Name of the Vulnerable Software and Affected Versions: MMDeveloper A Forms Plugin versions up to 1.4.2 Description: A problematic issue was found in the MMDeveloper A Forms Plugin, affecting an unknown part of the file a-forms.php. This issue leads to cross-site scripting and can be initiated...
PT-2020-7942
Name of the Vulnerable Software and Affected Versions: sanitize-html versions prior to 1.4.3 Description: The issue allows an attacker to execute arbitrary Javascript due to the lack of recursive sanitization of input in affected versions of sanitize-html. Recommendations: Update to version 1.4.3...