489 matches found
CVE-2026-25904
The Pydantic-AI MCP Run Python tool configures the Deno sandbox with an overly permissive configuration that allows the underlying Python code to access the localhost interface of the host to perform SSRF attacks. Note - the "mcp-run-python" project is archived and unlikely to receive a fix...
CVE-2026-25905 Lack of isolation in mcp-run-python leads to MCP server takeover
The Python code being run by 'runPython' or 'runPythonAsync' is not isolated from the rest of the JS code, allowing any Python code to use the Pyodide APIs to modify the JS environment. This may result in an attacker hijacking the MCP server - for malicious purposes including MCP tool shadowing...
CVE-2026-25904
The CVE-2026-25904 entry concerns Pydantic-AI MCP Run Python tool configuring the Deno sandbox in a way that allows the underlying Python code to access the host’s localhost interface, enabling SSRF. Affected component: the Deno sandbox configuration used by mcp-run-python (Pydantic-AI MCP Run Py...
CVE-2026-25904
The Pydantic-AI MCP Run Python tool configures the Deno sandbox with an overly permissive configuration that allows the underlying Python code to access the localhost interface of the host to perform SSRF attacks. Note - the "mcp-run-python" project is archived and unlikely to receive a fix...
PT-2026-7090
Name of the Vulnerable Software and Affected Versions MCP affected versions not specified Description The Python code executed by the 'runPython' or 'runPythonAsync' functions lacks isolation from other JavaScript code. This allows Python code to utilize Pyodide APIs to alter the JavaScript...
PT-2026-7089
The Pydantic-AI MCP Run Python tool configures the Deno sandbox with an overly permissive configuration that allows the underlying Python code to access the localhost interface of the host to perform SSRF attacks. Note - the "mcp-run-python" project is archived and unlikely to receive a fix...
Booked Scheduler 2.5.15 Cross Site Request Forgery
A cross site request forgery vulnerability exists in Booked Scheduler version 2.5.15. The vulnerability allows remote attackers to perform unauthorized actions on behalf of authenticated users. This issue is older research added to the archive...
HTMLy Cross Site Scripting
A cross site scripting vulnerability exists in HTMLy CMS. The vulnerability allows remote attackers to inject arbitrary web script or HTML. This issue is older research added to the archive...
CVE-2024-39807
Mattermost versions 9.5.x = 9.5.5 and 9.8.0 fail to properly sanitize the recipients of a webhook event which allows an attacker monitoring webhook events to retrieve the channel IDs of archived or restored channels...
CVE-2023-43754
Mattermost fails to check whether the “Allow users to view archived channels” setting is enabled during permalink previews display, allowing members to view permalink previews of archived channels even if the “Allow users to view archived channels” setting is disabled...
CVE-2026-21483 listmonk Vulnerable to Stored XSS Leading to Admin Account Takeover
listmonk is a standalone, self-hosted, newsletter and mailing list manager. Prior to version 6.0.0, lower-privileged user with campaign management permissions can inject malicious JavaScript into campaigns or templates. When a higher-privileged user Super Admin views or previews this content, the...
Pagekit CMS has an Insecure Direct Object Reference (IDOR) in its User Role component
An Insecure Direct Object Reference IDOR in Pagekit CMS v1.0.18 allows attackers to escalate privileges. The project was archived as of December 1, 2023...
GHSA-W3J8-9P3J-3WJX Pagekit CMS has an Insecure Direct Object Reference (IDOR) in its User Role component
An Insecure Direct Object Reference IDOR in Pagekit CMS v1.0.18 allows attackers to escalate privileges. The project was archived as of December 1, 2023...
Welcome to the new Project Zero Blog
Posted by Natalie Silvanovich While on Project Zero, we aim for our research to be leading-edge, our blog design was … not so much. We welcome readers to our shiny new blog! For the occasion, we asked members of Project Zero to dust off old blog posts that never quite saw the light of day. And...
rustls-pemfile is unmaintained
The rustls-pemfile crate is no longer maintained. The repository has been archived since August 2025, and users are encouraged to depend directly on the underlying PEM parsing code included in rustls-pki-types since 1.9.0. The latest version of rustls-pemfile is in fact a thin wrapper around the...
RUSTSEC-2025-0134 rustls-pemfile is unmaintained
The rustls-pemfile crate is no longer maintained. The repository has been archived since August 2025, and users are encouraged to depend directly on the underlying PEM parsing code included in rustls-pki-types since 1.9.0. The latest version of rustls-pemfile is in fact a thin wrapper around the...
Malicious code in @ensdomains/ens-archived-contracts (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c494307ab46ed2af70af69daaf50ee6ce9bee9d65e2f9610c692e97db58c7526 The package @ensdomains/ens-archived-contracts was found to contain malicious code. Source: ghsa-malware...
Mattermost Server < 11.0.0 Multiple Vulnerabilities (MMSA-2024-00337, MMSA-2025-00493, MMSA-2025-00540)
The version of Mattermost Server installed on the remote host is affected by multiple vulnerabilities as referenced in the MMSA-2024-00337, MMSA-2025-00493, MMSA-2025-00540 advisory. - Mattermost versions 11 fail to properly restrict access to archived channel search API which allows guest users ...
GO-2025-4131 Mattermost allows regular users to access archived channel content and files in github.com/mattermost/mattermost-server
Mattermost allows regular users to access archived channel content and files in github.com/mattermost/mattermost-server...
GO-2025-4126 Mattermost fails to properly restrict access to archived channel search API in github.com/mattermost/mattermost
Mattermost fails to properly restrict access to archived channel search API in github.com/mattermost/mattermost. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports...