Lucene search
K

460 matches found

ATTACKERKB
ATTACKERKB
added 2026/02/04 9:29 p.m.4 views

CVE-2026-25536

MCP TypeScript SDK is the official TypeScript SDK for Model Context Protocol servers and clients. From version 1.10.0 to 1.25.3, cross-client response data leak when a single McpServer/Server and transport instance is reused across multiple client connections, most commonly in stateless...

7.1CVSS5.3AI score0.00267EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2026/02/04 9:29 p.m.7 views

EUVD-2026-5335

MCP TypeScript SDK is the official TypeScript SDK for Model Context Protocol servers and clients. From version 1.10.0 to 1.25.3, cross-client response data leak when a single McpServer/Server and transport instance is reused across multiple client connections, most commonly in stateless...

7.1CVSS5.3AI score0.00267EPSS
Exploits0References3
CVE
CVE
added 2026/02/04 9:29 p.m.42 views

CVE-2026-25536

CVE-2026-25536 affects the MCP TypeScript SDK. From versions 1.10.0 through 1.25.3, cross‑client data can leak when a single McpServer/Server and transport instance is reused across multiple client connections (notably in stateless StreamableHTTPServerTransport deployments). The issue arises from...

7.1CVSS5.3AI score0.00267EPSS
Exploits0References7Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/26 9:20 a.m.18 views

CVE-2026-24399

ChatterMate is a no-code AI chatbot agent framework. In versions 1.0.8 and below, the chatbot accepts and executes malicious HTML/JavaScript payloads when supplied as chat input. Specifically, an payload containing a javascript: URI can be processed and executed in the browser context. This allow...

9.3CVSS5.8AI score0.00302EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/01/24 12:5 a.m.5 views

CVE-2026-24399 ChatterMate has Stored Cross-Site Scripting (XSS) via Chatbot Input Execution

ChatterMate is a no-code AI chatbot agent framework. In versions 1.0.8 and below, the chatbot accepts and executes malicious HTML/JavaScript payloads when supplied as chat input. Specifically, an payload containing a javascript: URI can be processed and executed in the browser context. This allow...

9.3CVSS5.8AI score0.00302EPSS
Exploits1References3
EUVD
EUVD
added 2026/01/24 12:5 a.m.7 views

EUVD-2026-4613

ChatterMate is a no-code AI chatbot agent framework. In versions 1.0.8 and below, the chatbot accepts and executes malicious HTML/JavaScript payloads when supplied as chat input. Specifically, an payload containing a javascript: URI can be processed and executed in the browser context. This allow...

9.3CVSS5.4AI score0.00302EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/01/24 12:0 a.m.5 views

PT-2026-4544

ChatterMate is a no-code AI chatbot agent framework. In versions 1.0.8 and below, the chatbot accepts and executes malicious HTML/JavaScript payloads when supplied as chat input. Specifically, an payload containing a javascript: URI can be processed and executed in the browser context. This allow...

9.3CVSS5.4AI score0.00302EPSS
Exploits1References4
Debian CVE
Debian CVE
added 2026/01/20 9:56 p.m.6 views

CVE-2026-21947

Vulnerability in Oracle Java SE component: JavaFX. Supported versions that are affected are Oracle Java SE: 8u471-b50. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE. Successful attacks require human...

3.1CVSS6AI score0.00204EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/01/18 7:18 a.m.7 views

CVE-2026-0808

The Spin Wheel plugin for WordPress is vulnerable to client-side prize manipulation in all versions up to, and including, 2.1.0. This is due to the plugin trusting client-supplied prize selection data without server-side validation or randomization. This makes it possible for unauthenticated...

5.3CVSS6AI score0.00312EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 12:0 p.m.9 views

CVE-2018-19513

In Webgalamb through 7.0, log files are exposed to the internet with predictable files/logs/sqlerrorlog/YYYY-MM-DD-sqlerrorlog.log filenames. The log file could contain sensitive client data email addresses and also facilitates exploitation of SQL injection errors...

7.5CVSS7.8AI score0.02124EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/12/30 7:7 p.m.11 views

CVE-2025-15200

A vulnerability was detected in SohuTV CacheCloud up to 3.2.0. The affected element is the function getExceptionStatisticsByClient/getCommandStatisticsByClient/doIndex of the file src/main/java/com/sohu/cache/web/controller/AppClientDataShowController.java. The manipulation results in cross site...

4.8CVSS5.8AI score0.00248EPSS
Exploits1References1
OSV
OSV
added 2025/12/29 7:15 p.m.3 views

CVE-2025-15200

A vulnerability was detected in SohuTV CacheCloud up to 3.2.0. The affected element is the function getExceptionStatisticsByClient/getCommandStatisticsByClient/doIndex of the file src/main/java/com/sohu/cache/web/controller/AppClientDataShowController.java. The manipulation results in cross site...

4.8CVSS3.2AI score
Exploits0References7
CNVD
CNVD
added 2025/12/25 12:0 a.m.6 views

ChurchCRM Privilege Elevation Vulnerability

ChurchCRM is an open source CRM system for churches. ChurchCRM suffers from an elevation of privilege vulnerability that stems from the application not properly implementing an access control mechanism that directly references data transmitted from the client as an object, no details of the...

8.5CVSS7.2AI score0.00164EPSS
Exploits3References1
CNNVD
CNNVD
added 2025/12/01 12:0 a.m.6 views

CPython 安全漏洞

CPython is a Python interpreter implemented in C from the Python Foundation. A security vulnerability exists in CPython that stems from the default use of Content-Length when reads are not specified, which could lead to a malicious server causing a client to read a large amount of data into memor...

7.5CVSS6.2AI score0.01525EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2025/11/12 12:36 a.m.15 views

CVE-2025-42893

Due to an Open Redirect vulnerability in SAP Business Connector, an unauthenticated attacker could craft a malicious URL that, if accessed by a victim, redirects them to an attacker-controlled site displayed within an embedded frame. Successful exploitation could allow the attacker to steal...

6.1CVSS6.3AI score0.00199EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/11/11 12:0 a.m.5 views

WordPress plugin Hydra Booking — Appointment Scheduling & Booking Calendar 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

5.3CVSS5.8AI score0.00291EPSS
Exploits0References2
CNVD
CNVD
added 2025/10/24 12:0 a.m.3 views

WordPress All in One Time Clock Lite plugin unsafe direct object reference vulnerability

WordPress All in One Time Clock Lite plugin is a plugin for tracking employee attendance and supports employee/volunteer/contractor punch record management. The WordPress All in One Time Clock Lite plugin suffers from an insecure direct object reference vulnerability that stems from the applicati...

4.3CVSS6.8AI score0.00178EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2021-17222

Malware in sbrugna...

8.4CVSS7.6AI score0.00154EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2017-8976

Malware in sbrugna...

4.8CVSS5.5AI score0.0054EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2016-4173

Malware in sbrugna...

6.5CVSS6.7AI score0.0462EPSS
Exploits0References16
Rows per page
Query Builder