Lucene search
K

619 matches found

EUVD
EUVD
added 10 hours ago6 views

EUVD-2026-43535

OpenClaw versions 2026.5.20 before 2026.6.6 contain an authorization bypass vulnerability in the MCP loopback feature that allows lower-trust callers to execute owner-only tools. Attackers can bypass authorization checks through configured input paths to execute or persist actions beyond their...

8.7CVSS6.2AI score
Exploits0References3
Cvelist
Cvelist
added 4 days ago31 views

CVE-2026-61459 MCP Server Kubernetes < 3.9.0 Argument Injection via kubectl Structured Tools

MCP Server Kubernetes before 3.9.0 contains an argument injection vulnerability in structured tools kubectlget, kubectldescribe, kubectldelete that allows attackers to bypass the assertNoDangerousFlags security check by supplying resourceType and name parameters with leading dashes. Attackers can...

9.8CVSS0.00421EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.9 views

PT-2026-56078

Name of the Vulnerable Software and Affected Versions Coder versions 2.33.0 through 2.33.7 Coder versions 2.34.0 through 2.34.1 Description AI Bridge provider handlers read request bodies using io.ReadAll without enforcing a maximum size. An authenticated user with AI Bridge access can send an...

6.5CVSS6AI score0.00552EPSS
Exploits0References11
NVD
NVD
added 2026/07/02 12:17 p.m.4 views

CVE-2026-57670

Unauthenticated Cross Site Scripting XSS in Google Maps CP = 1.2.5 versions...

7.1CVSS0.00191EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/24 3:19 p.m.6 views

CVE-2026-44393

A flaw was found in OpenStack oslo.messaging. The RabbitMQ driver does not properly verify the hostname of the message broker when establishing a TLS Transport Layer Security connection. An attacker capable of intercepting control-plane network traffic can exploit this vulnerability to impersonat...

7.4CVSS5.8AI score0.0016EPSS
Exploits0References5
OSV
OSV
added 2026/06/24 11:7 a.m.4 views

BIT-NGINX-GATEWAY-FABRIC-2026-32682 NGINX Gateway Fabric vulnerability

When NGINX Gateway Fabric is configured using GRPCRoutes, an authenticated, remote attacker with permission to create or modify GRPCRoute resources can cause the NGINX Gateway Fabric control plane to terminate by sending undisclosed GRPCRoute configurations containing backendRef filters. Note:...

7.1CVSS6AI score0.00292EPSS
Exploits0References2
OSV
OSV
added 2026/06/23 2:48 p.m.5 views

BIT-NGINX-GATEWAY-FABRIC-2026-50107 NGINX Gateway Fabric vulnerability

When NGINX Plus or NGINX Open Source is configured as the data plane for NGINX Gateway Fabric, an injection vulnerability exists in the NGINX configuration generator component of NGINX Gateway Fabric. User-supplied string values from the NginxProxy Custom Resource Definition CRD access log format...

8.6CVSS6AI score0.00492EPSS
Exploits0References2
CVE
CVE
added 2026/06/22 6:55 a.m.21 views

CVE-2025-66336

CVE-2025-66336 affects Apache Doris MCP Server. The issue is a SQL injection in a metadata query path where a user-controlled database name is directly interpolated into a SQL query and executed without enforcing the caller’s authorization context. This can allow an authenticated user, or an anon...

8.1CVSS5.9AI score0.00375EPSS
Exploits0References2Affected Software1
Fedora
Fedora
added 2026/06/21 1:11 a.m.6 views

[SECURITY] Fedora 43 Update: kubernetes1.35-1.35.6-1.fc43

Production-Grade Container Scheduling and Management. Installs kubelet, the kubernetes agent on each machine in a cluster. The kubernetes-client sub-package, containing kubectl, is recommended but not strictly required. The kubernetes-client sub-package should be installed on control plane machin...

8.7CVSS5.7AI score0.00656EPSS
Exploits0
Fedora
Fedora
added 2026/06/21 1:11 a.m.7 views

[SECURITY] Fedora 43 Update: kubernetes1.34-1.34.9-1.fc43

Production-Grade Container Scheduling and Management. Installs kubelet, the kubernetes agent on each machine in a cluster. The kubernetes-client sub-package, containing kubectl, is recommended but not strictly required. The kubernetes-client sub-package should be installed on control plane machin...

8.7CVSS5.7AI score0.00656EPSS
Exploits0
Fedora
Fedora
added 2026/06/21 1:11 a.m.7 views

[SECURITY] Fedora 43 Update: kubernetes1.33-1.33.13-1.fc43

Production-Grade Container Scheduling and Management. Installs kubelet, the kubernetes agent on each machine in a cluster. The kubernetes-client sub-package, containing kubectl, is recommended but not strictly required. The kubernetes-client sub-package should be installed on control plane machin...

8.7CVSS5.7AI score0.00656EPSS
Exploits0
Fedora
Fedora
added 2026/06/21 1:1 a.m.6 views

[SECURITY] Fedora 44 Update: kubernetes1.34-1.34.9-1.fc44

Production-Grade Container Scheduling and Management. Installs kubelet, the kubernetes agent on each machine in a cluster. The kubernetes-client sub-package, containing kubectl, is recommended but not strictly required. The kubernetes-client sub-package should be installed on control plane machin...

8.7CVSS5.7AI score0.00656EPSS
Exploits0
Fedora
Fedora
added 2026/06/21 1:1 a.m.6 views

[SECURITY] Fedora 44 Update: kubernetes1.33-1.33.13-1.fc44

Production-Grade Container Scheduling and Management. Installs kubelet, the kubernetes agent on each machine in a cluster. The kubernetes-client sub-package, containing kubectl, is recommended but not strictly required. The kubernetes-client sub-package should be installed on control plane machin...

8.7CVSS5.7AI score0.00656EPSS
Exploits0
NVD
NVD
added 2026/06/19 8:16 p.m.17 views

CVE-2026-48774

ProxySQL is a proxy for MySQL and its forks, as well as PostgreSQL. In versions 3.0.0 through 3.0.8, ProxySQL's GenAI/MCP runsqlreadonly tool violates its documented read-only contract for MySQL targets. The tool validates only the full input string with a substring blacklist and first-keyword...

7.5CVSS0.00226EPSS
Exploits0References2
NVD
NVD
added 2026/06/19 6:17 a.m.14 views

CVE-2026-11752

A vulnerability has been identified in armeria-xds versions 1.38.0 through 1.39.0, where DataSourceStream in the xDS module can resolve control-plane-supplied filenames and environment variables without restriction, allowing a compromised or semi-trusted xDS control plane to read arbitrary local...

5.9CVSS0.00198EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/19 4:29 a.m.31 views

CVE-2026-11752

A vulnerability has been identified in armeria-xds versions 1.38.0 through 1.39.0, where DataSourceStream in the xDS module can resolve control-plane-supplied filenames and environment variables without restriction, allowing a compromised or semi-trusted xDS control plane to read arbitrary local...

5.9CVSS0.00198EPSS
Exploits0References1
CVE
CVE
added 2026/06/19 4:29 a.m.25 views

CVE-2026-11752

Armeria-xds versions 1.38.0–1.39.0 contain a vulnerability in DataSourceStream where control-plane-supplied filenames and environment_variable fields from SDS secrets are resolved without any allow-list or base-directory confinement. A semi-trusted or compromised xDS control plane (or an attacker...

5.9CVSS5.4AI score0.00198EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.29 views

PT-2026-50823

Name of the Vulnerable Software and Affected Versions armeria-xds versions 1.38.0 through 1.39.0 Description DataSourceStream in the xDS module resolves filename and environment variable fields from SDS Secret resources without an allow-list or base-directory confinement. This allows a compromise...

5.9CVSS6AI score0.00198EPSS
Exploits0References12
NVD
NVD
added 2026/06/17 10:16 p.m.12 views

CVE-2026-48989

Windows-MCP is an open-source project that integrates AI agents with Windows. In versions prior to 0.7.5, certain HTTP modes exposed the MCP control plane without authentication while enabling wildcard CORS alloworigins=, allowmethods=, allowheaders=. Because the same server also exposed a...

9.3CVSS0.00397EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/17 9:2 p.m.21 views

CVE-2026-48989 Windows-MCP: HTTP transports expose unauthenticated PowerShell control with wildcard CORS

Windows-MCP is an open-source project that integrates AI agents with Windows. In versions prior to 0.7.5, certain HTTP modes exposed the MCP control plane without authentication while enabling wildcard CORS alloworigins=, allowmethods=, allowheaders=. Because the same server also exposed a...

9.3CVSS0.00397EPSS
Exploits0References2
Rows per page
Query Builder