Lucene search
K

87 matches found

NVD
NVD
added 2026/02/04 10:15 p.m.14 views

CVE-2026-25536

MCP TypeScript SDK is the official TypeScript SDK for Model Context Protocol servers and clients. From version 1.10.0 to 1.25.3, cross-client response data leak when a single McpServer/Server and transport instance is reused across multiple client connections, most commonly in stateless...

7.1CVSS0.00267EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/02/04 9:29 p.m.5 views

CVE-2026-25536

MCP TypeScript SDK is the official TypeScript SDK for Model Context Protocol servers and clients. From version 1.10.0 to 1.25.3, cross-client response data leak when a single McpServer/Server and transport instance is reused across multiple client connections, most commonly in stateless...

7.1CVSS5.3AI score0.00267EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2026/02/04 9:29 p.m.7 views

EUVD-2026-5335

MCP TypeScript SDK is the official TypeScript SDK for Model Context Protocol servers and clients. From version 1.10.0 to 1.25.3, cross-client response data leak when a single McpServer/Server and transport instance is reused across multiple client connections, most commonly in stateless...

7.1CVSS5.3AI score0.00267EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/02/04 9:29 p.m.30 views

CVE-2026-25536 @modelcontextprotocol/sdk has cross-client data leak via shared server/transport instance reuse

MCP TypeScript SDK is the official TypeScript SDK for Model Context Protocol servers and clients. From version 1.10.0 to 1.25.3, cross-client response data leak when a single McpServer/Server and transport instance is reused across multiple client connections, most commonly in stateless...

7.1CVSS0.00267EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/02/04 9:29 p.m.5 views

CVE-2026-25536 @modelcontextprotocol/sdk has cross-client data leak via shared server/transport instance reuse

MCP TypeScript SDK is the official TypeScript SDK for Model Context Protocol servers and clients. From version 1.10.0 to 1.25.3, cross-client response data leak when a single McpServer/Server and transport instance is reused across multiple client connections, most commonly in stateless...

7.1CVSS5.3AI score0.00267EPSS
Exploits0References3
OSV
OSV
added 2026/02/04 9:29 p.m.6 views

CVE-2026-25536 @modelcontextprotocol/sdk has cross-client data leak via shared server/transport instance reuse

MCP TypeScript SDK is the official TypeScript SDK for Model Context Protocol servers and clients. From version 1.10.0 to 1.25.3, cross-client response data leak when a single McpServer/Server and transport instance is reused across multiple client connections, most commonly in stateless...

7.1CVSS5.3AI score0.00267EPSS
Exploits0References9
CVE
CVE
added 2026/02/04 9:29 p.m.50 views

CVE-2026-25536

CVE-2026-25536 affects the MCP TypeScript SDK. From versions 1.10.0 through 1.25.3, cross‑client data can leak when a single McpServer/Server and transport instance is reused across multiple client connections (notably in stateless StreamableHTTPServerTransport deployments). The issue arises from...

7.1CVSS5.3AI score0.00267EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2026/02/04 8:4 p.m.4 views

GHSA-345P-7CG4-V4C7 @modelcontextprotocol/sdk has cross-client data leak via shared server/transport instance reuse

Summary Cross-client data leak via two distinct issues: 1 reusing a single StreamableHTTPServerTransport across multiple client requests, and 2 reusing a single McpServer/Server instance across multiple transports. Both are most common in stateless deployments. Impact This advisory covers two...

7.1CVSS5.6AI score0.00267EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/02/04 12:0 a.m.6 views

PT-2026-6315

Name of the Vulnerable Software and Affected Versions MCP TypeScript SDK versions 1.10.0 through 1.25.3 Description The MCP TypeScript SDK, designed for Model Context Protocol servers and clients, exhibits a cross-client response data leak. This occurs when a single McpServer/Server and transport...

7.1CVSS5.3AI score0.00267EPSS
Exploits0References16
ATTACKERKB
ATTACKERKB
added 2025/12/16 5:2 a.m.8 views

CVE-2025-14777

A flaw was found in Keycloak. An IDOR Broken Access Control vulnerability exists in the admin API endpoints for authorization resource management, specifically in ResourceSetService and PermissionTicketService. The system checks authorization against the resourceServer client ID provided in the A...

6CVSS5.8AI score0.00315EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/12/16 5:2 a.m.2 views

CVE-2025-14777 Keycloak: keycloak idor in realm client creating/deleting

A flaw was found in Keycloak. An IDOR Broken Access Control vulnerability exists in the admin API endpoints for authorization resource management, specifically in ResourceSetService and PermissionTicketService. The system checks authorization against the resourceServer client ID provided in the A...

6CVSS6.1AI score0.00315EPSS
Exploits0References4
EUVD
EUVD
added 2025/12/16 5:2 a.m.5 views

EUVD-2025-203501

A flaw was found in Keycloak. An IDOR Broken Access Control vulnerability exists in the admin API endpoints for authorization resource management, specifically in ResourceSetService and PermissionTicketService. The system checks authorization against the resourceServer client ID provided in the A...

6CVSS6AI score0.00315EPSS
Exploits0References3
CVE
CVE
added 2025/12/16 5:2 a.m.37 views

CVE-2025-14777

Keycloak vulnerability CVE-2025-14777 is an IDOR in admin API endpoints for authorization resource management, affecting ResourceSetService and PermissionTicketService. The backend uses resourceId for DB lookups while authorization checks compare the resourceServer (client) ID provided in the req...

6CVSS6.1AI score0.00315EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/12/16 5:2 a.m.6 views

CVE-2025-14777

A flaw was found in Keycloak. An IDOR Broken Access Control vulnerability exists in the admin API endpoints for authorization resource management, specifically in ResourceSetService and PermissionTicketService. The system checks authorization against the resourceServer client ID provided in the A...

6CVSS6AI score0.00315EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/12/16 12:0 a.m.8 views

PT-2025-51367

Name of the Vulnerable Software and Affected Versions Keycloak affected versions not specified Description A broken access control issue was identified in Keycloak’s admin API endpoints related to authorization resource management, specifically within the ResourceSetService and...

6CVSS6.2AI score0.00315EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/09/08 12:0 a.m.4 views

PT-2025-36466

Name of the Vulnerable Software and Affected Versions: OPSI versions prior to 4.3 Description: OPSI allows any client to retrieve any ProductPropertyState, including those of other clients. This can lead to privilege escalation if any ProductPropertyState contains a secret intended to be accessib...

9.8CVSS6.5AI score0.00345EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2025/09/08 12:0 a.m.2 views

CVE-2025-22956

OPSI before 4.3 allows any client to retrieve any ProductPropertyState, including those of other clients. This can lead to privilege escalation if any ProductPropertyState contains a secret only intended to be accessible by a subset of clients. One example of this is a domain join account passwor...

6.5AI score0.00345EPSS
Exploits0References1
Packet Storm News
Packet Storm News
added 2025/07/09 12:0 a.m.5 views

FedP3E: Privacy-Preserving Prototype Exchange for Non-IID IoT Malware Detection in Cross-Silo Federated Learning

As IoT ecosystems continue to expand across critical sectors, they have become prominent targets for increasingly sophisticated and large-scale malware attacks. The evolving threat landscape, combined with the sensitive nature of IoT-generated data, demands detection frameworks that are both...

6.7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/15 12:0 a.m.22 views

Defending the Edge: Representative-Attention for Mitigating Backdoor Attacks in Federated Learning

Federated learning FL enhances privacy and reduces communication cost for resource-constrained edge clients by supporting distributed model training at the edge. However, the heterogeneous nature of such devices produces diverse, non-independent, and identically distributed non-IID data, making t...

6.8AI score
Exploits0
OSV
OSV
added 2023/10/04 11:15 a.m.11 views

CVE-2023-2422

A flaw was found in Keycloak. A Keycloak server configured to support mTLS authentication for OAuth/OpenID clients does not properly verify the client certificate chain. A client that possesses a proper certificate can authorize itself as any other client, therefore, access data that belongs to...

7.1CVSS5.5AI score0.00522EPSS
Exploits0References7
Rows per page
Query Builder