Envoy AI Proxy - MCP Message Smuggling Vulnerability

Envoy AI Gateway was found to be affected by a protocol parser differential vulnerability due to improper implementation of the JSON-RPC 2.0 specification. Such differential causes a MCP message alteration, potentially causing a bypass of security controls in a multi-layered architecture. Accordi...

Advisory ROSA-SA-2026-3281

software: libde265 1.0.18 OS: ROSA-CHROME unaffected versions = libde265-1.0.18-1 affected versions libde265-1.0.18-1 CVE-ID: CVE-2025-61147 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in strukturag libde265 commit d9fea9d is related to a segmentation error in the...

CVE-2026-26462

Offline Hospital Management System 5.3.0 allows remote code execution due to an improper Electron renderer configuration. The application enables Node.js integration while disabling context isolation, allowing JavaScript executed in the renderer process to access Node.js APIs and execute arbitrar...

OpenSSH: OpenSSH: Security bypass via mishandling of authorized_keys principals option

A flaw was found in OpenSSH. This vulnerability arises from the incorrect handling of the authorizedkeys principals option in uncommon scenarios. Specifically, when a principals list is used with a Certificate Authority that includes comma characters, OpenSSH may misinterpret the input. This coul...

CVE-2026-42096 Broken Access Control in Sparx Pro Cloud Server

Sparx Pro Cloud Server is vulnerable to Broken Access Control within communication with the database. Due to lack of permission checks, any low privileged user can run arbitrary SQL queries within database user context. The vendor was notified early about this vulnerability, but didn't respond wi...

eip-mcp

Exploit Intel Platform MCP Server Package/command: eip-mcp...

CLSA-2026-1779118869 Fix of 8 CVEs

SECURITY UPDATE: fix off-by-one out-of-bounds read in modproxyajp message getter functions - debian/patches/CVE-2026-33857-prereq.patch: prerequisite fix for ajpmsgcheckheader bounds check to keep msg-len within buffer - debian/patches/CVE-2026-33857.patch: fix off-by-one out-of-bounds read in...

Apache Airflow 安全漏洞

Apache Airflow is an open-source platform developed by the Apache Foundation in the United States. It allows for the creation, management, and monitoring of workflows. This platform features scalability and dynamic monitoring capabilities. Prior to Apache Airflow 9.28.0, there were security...

PT-2026-42004

Name of the Vulnerable Software and Affected Versions apache-airflow-providers-amazon versions prior to 9.28.0 Description In the AWS Secrets Manager and SSM Parameter Store secrets backends, the team-scoping logic could resolve a conn id containing a / for example, "my team/conn" to the same pat...

MAL-2026-3892 Malicious code in @antv/f2-context (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

@antv/f-my (>=0.0.1 <=1.6.0), @antv/f2-my (>=4.0.0 <=5.0.0-alpha.1) +13 more potentially affected by unknown CVE via @antv/f2-context (>=0.0.0 <=0.0.1)

@antv/f2-context NPM version =0.0.0, =0.0.1, =4.0.0, =2.0.0, =0.1.0, =0.3.1, =0.3.1, =1.0.0, =1.1.0, =1.0.0, =1.0.1 - qn-pc-f2 =0.1.2 Source cves: unknown CVE Source advisory: SNYK:JS-ANTVF2CONTEXT-16755086...

@antv/f-my (>=0.0.1 <=1.6.0), @antv/f2-my (>=4.0.0 <=5.0.0-alpha.1) +13 more potentially affected by unknown CVE via @antv/f2-context (>=0.0.0 <=0.0.1)

@antv/f2-context NPM version =0.0.0, =0.0.1, =4.0.0, =2.0.0, =0.1.0, =0.3.1, =0.3.1, =1.0.0, =1.1.0, =1.0.0, =1.0.1 - qn-pc-f2 =0.1.2 Source cves: unknown CVE Source advisory: SNYK:JS-ANTVF2CONTEXT-16754917...

CVE-2026-8730

A flaw has been found in Open5GS up to 2.7.6. This impacts the function ogssbinfinstancesetid in the library /lib/sbi/context.c of the component NRF. Executing a manipulation of the argument nfInstanceId can lead to denial of service. The attack may be performed from remote. The exploit has been...

Failing Open

Overview n8n-mcp is an Integration between n8n workflow automation and Model Context Protocol MCP Affected versions of this package are vulnerable to Failing Open when handing multi-tenant HTTP requests ENABLEMULTITENANT=true containing one or neither of the x-n8n-url and x-n8n-key headers. An...

Spring AI MCP Security: Unvalidated URL Fetching (SSRF)

Summary The mcp-security framework fails to implement the mandatory SSRF mitigations outlined in the Model Context Protocol MCP security specifications. Specifically, it processes untrusted URLs for OAuth-related discovery and metadata without verifying if the targets are malicious or internal to...

EUVD-2026-30758

Mattermost Desktop App versions =6.1 6.0.1 5.4.13.0 fail to prevent server-rendered content from closing an underlying application view in the Mattermost Desktop App which allows a malicious server or plugin to crash the desktop client via invoking window.close in the renderer context, leading to...

acrobat-reader-escape

Adobe Reader JS Sandbox Escape — POC Proof-of-concept for thr...

sec-recon-agent

sec-recon-agent Type-safe security triage built on Pydantic A...

PT-2026-41654

Mattermost Desktop App versions =6.1 6.0.1 5.4.13.0 fail to prevent server-rendered content from closing an underlying application view in the Mattermost Desktop App which allows a malicious server or plugin to crash the desktop client via invoking window.close in the renderer context, leading to...

CVE-2026-26462

CVE-2026-26462 affects Offline Hospital Management System 5.3.0. The root cause is an improper Electron renderer configuration that enables Node.js integration while disabling context isolation, allowing JavaScript in the renderer to access Node.js APIs and execute arbitrary operating system comm...