167 matches found
CVE-2026-27203 eBay API MCP Server Affected by Environment Variable Injection
eBay API MCP Server is an open source local MCP server providing AI assistants with comprehensive access to eBay's Sell APIs. All versions are vulnerable to Environment Variable Injection through the updateEnvFile function. The ebaysetusertokens tool allows updating the .env file with new tokens...
CVE-2026-27203
The CVE-2026-27203 entry affects ebay-mcp (eBay API MCP Server), where the updateEnvFile function in src/auth/oauth.ts blindly appends or replaces values, enabling CRLF/environment variable injection via the ebay_set_user_tokens tool. This can inject arbitrary environment variables into the .env ...
CVE-2026-27203 eBay API MCP Server Affected by Environment Variable Injection
eBay API MCP Server is an open source local MCP server providing AI assistants with comprehensive access to eBay's Sell APIs. All versions are vulnerable to Environment Variable Injection through the updateEnvFile function. The ebaysetusertokens tool allows updating the .env file with new tokens...
eBay API MCP Server Affected by Environment Variable Injection
The ebaysetusertokens tool allows updating the .env file with new tokens. The updateEnvFile function in src/auth/oauth.ts blindly appends or replaces values without validating them for newlines or quotes. This allows an attacker to inject arbitrary environment variables into the configuration fil...
GHSA-97RM-XJ73-33JH eBay API MCP Server Affected by Environment Variable Injection
The ebaysetusertokens tool allows updating the .env file with new tokens. The updateEnvFile function in src/auth/oauth.ts blindly appends or replaces values without validating them for newlines or quotes. This allows an attacker to inject arbitrary environment variables into the configuration fil...
PT-2026-21328
Name of the Vulnerable Software and Affected Versions eBay API MCP Server affected versions not specified Description The eBay API MCP Server, an open source local MCP server providing AI assistants with access to eBay's Sell APIs, is susceptible to Environment Variable Injection through the...
CLSA-2026-1769099972 httpd: Fix of 2 CVEs
CVE-2025-65082: fix CGI environment variable injection by preventing HTTP headers from overriding server-set variables and added regression tests - CVE-2025-66200: prevent suexec bypass by removing request notes usage and rejecting the undocumented RequestHeader note option...
CLSA-2026-1768213076 httpd: Fix of 2 CVEs
CVE-2025-65082: fix CGI environment variable injection by preventing HTTP headers from overriding server-set variables - CVE-2025-66200: prevent suexec bypass by removing request notes usage and rejecting the undocumented RequestHeader note option...
EUVD-2008-4088
Malware in sbrugna...
EUVD-2019-4572
Malware in sbrugna...
EUVD-2013-3178
Malware in sbrugna...
EUVD-2014-2958
Malware in sbrugna...
EUVD-2021-25670
Malware in sbrugna...
EUVD-2025-0220
Malicious code in bioql PyPI...
EUVD-2024-2492
Malicious code in bioql PyPI...
EUVD-2024-41606
Malicious code in bioql PyPI...
EUVD-2024-31707
Malicious code in bioql PyPI...
Moderate: Red Hat Security Advisory: Red Hat build of Keycloak 26.2.9 Security Update
New Red Hat build of Keycloak 26.2.9 packages are available from the Customer Portal Red Hat build of Keycloak 26.2.9 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. Security fixes...
Moderate: Red Hat Security Advisory: Red Hat build of Keycloak 26.2.9 Images Security Update
New images are available for Red Hat build of Keycloak 26.2.9 and Red Hat build of Keycloak 26.2.9 Operator, running on OpenShift Container Platform Red Hat build of Keycloak is an integrated sign-on solution, available as a Red Hat JBoss Middleware for OpenShift containerized image. The Red Hat...
Moderate: Red Hat Security Advisory: Red Hat build of Keycloak 26.0.15 Images Update
New images are available for Red Hat build of Keycloak 26.0.15 and Red Hat build of Keycloak 26.0.15 Operator, running on OpenShift Container Platform Red Hat build of Keycloak is an integrated sign-on solution, available as a Red Hat JBoss Middleware for OpenShift containerized image. The Red Ha...