87 matches found
CVE-2026-25536
MCP TypeScript SDK is the official TypeScript SDK for Model Context Protocol servers and clients. From version 1.10.0 to 1.25.3, cross-client response data leak when a single McpServer/Server and transport instance is reused across multiple client connections, most commonly in stateless...
CVE-2026-25536
MCP TypeScript SDK is the official TypeScript SDK for Model Context Protocol servers and clients. From version 1.10.0 to 1.25.3, cross-client response data leak when a single McpServer/Server and transport instance is reused across multiple client connections, most commonly in stateless...
EUVD-2026-5335
MCP TypeScript SDK is the official TypeScript SDK for Model Context Protocol servers and clients. From version 1.10.0 to 1.25.3, cross-client response data leak when a single McpServer/Server and transport instance is reused across multiple client connections, most commonly in stateless...
CVE-2026-25536 @modelcontextprotocol/sdk has cross-client data leak via shared server/transport instance reuse
MCP TypeScript SDK is the official TypeScript SDK for Model Context Protocol servers and clients. From version 1.10.0 to 1.25.3, cross-client response data leak when a single McpServer/Server and transport instance is reused across multiple client connections, most commonly in stateless...
CVE-2026-25536 @modelcontextprotocol/sdk has cross-client data leak via shared server/transport instance reuse
MCP TypeScript SDK is the official TypeScript SDK for Model Context Protocol servers and clients. From version 1.10.0 to 1.25.3, cross-client response data leak when a single McpServer/Server and transport instance is reused across multiple client connections, most commonly in stateless...
CVE-2026-25536 @modelcontextprotocol/sdk has cross-client data leak via shared server/transport instance reuse
MCP TypeScript SDK is the official TypeScript SDK for Model Context Protocol servers and clients. From version 1.10.0 to 1.25.3, cross-client response data leak when a single McpServer/Server and transport instance is reused across multiple client connections, most commonly in stateless...
CVE-2026-25536
CVE-2026-25536 affects the MCP TypeScript SDK. From versions 1.10.0 through 1.25.3, cross‑client data can leak when a single McpServer/Server and transport instance is reused across multiple client connections (notably in stateless StreamableHTTPServerTransport deployments). The issue arises from...
GHSA-345P-7CG4-V4C7 @modelcontextprotocol/sdk has cross-client data leak via shared server/transport instance reuse
Summary Cross-client data leak via two distinct issues: 1 reusing a single StreamableHTTPServerTransport across multiple client requests, and 2 reusing a single McpServer/Server instance across multiple transports. Both are most common in stateless deployments. Impact This advisory covers two...
PT-2026-6315
Name of the Vulnerable Software and Affected Versions MCP TypeScript SDK versions 1.10.0 through 1.25.3 Description The MCP TypeScript SDK, designed for Model Context Protocol servers and clients, exhibits a cross-client response data leak. This occurs when a single McpServer/Server and transport...
CVE-2025-14777
A flaw was found in Keycloak. An IDOR Broken Access Control vulnerability exists in the admin API endpoints for authorization resource management, specifically in ResourceSetService and PermissionTicketService. The system checks authorization against the resourceServer client ID provided in the A...
CVE-2025-14777 Keycloak: keycloak idor in realm client creating/deleting
A flaw was found in Keycloak. An IDOR Broken Access Control vulnerability exists in the admin API endpoints for authorization resource management, specifically in ResourceSetService and PermissionTicketService. The system checks authorization against the resourceServer client ID provided in the A...
EUVD-2025-203501
A flaw was found in Keycloak. An IDOR Broken Access Control vulnerability exists in the admin API endpoints for authorization resource management, specifically in ResourceSetService and PermissionTicketService. The system checks authorization against the resourceServer client ID provided in the A...
CVE-2025-14777
Keycloak vulnerability CVE-2025-14777 is an IDOR in admin API endpoints for authorization resource management, affecting ResourceSetService and PermissionTicketService. The backend uses resourceId for DB lookups while authorization checks compare the resourceServer (client) ID provided in the req...
CVE-2025-14777
A flaw was found in Keycloak. An IDOR Broken Access Control vulnerability exists in the admin API endpoints for authorization resource management, specifically in ResourceSetService and PermissionTicketService. The system checks authorization against the resourceServer client ID provided in the A...
PT-2025-51367
Name of the Vulnerable Software and Affected Versions Keycloak affected versions not specified Description A broken access control issue was identified in Keycloak’s admin API endpoints related to authorization resource management, specifically within the ResourceSetService and...
PT-2025-36466
Name of the Vulnerable Software and Affected Versions: OPSI versions prior to 4.3 Description: OPSI allows any client to retrieve any ProductPropertyState, including those of other clients. This can lead to privilege escalation if any ProductPropertyState contains a secret intended to be accessib...
CVE-2025-22956
OPSI before 4.3 allows any client to retrieve any ProductPropertyState, including those of other clients. This can lead to privilege escalation if any ProductPropertyState contains a secret only intended to be accessible by a subset of clients. One example of this is a domain join account passwor...
FedP3E: Privacy-Preserving Prototype Exchange for Non-IID IoT Malware Detection in Cross-Silo Federated Learning
As IoT ecosystems continue to expand across critical sectors, they have become prominent targets for increasingly sophisticated and large-scale malware attacks. The evolving threat landscape, combined with the sensitive nature of IoT-generated data, demands detection frameworks that are both...
Defending the Edge: Representative-Attention for Mitigating Backdoor Attacks in Federated Learning
Federated learning FL enhances privacy and reduces communication cost for resource-constrained edge clients by supporting distributed model training at the edge. However, the heterogeneous nature of such devices produces diverse, non-independent, and identically distributed non-IID data, making t...
CVE-2023-2422
A flaw was found in Keycloak. A Keycloak server configured to support mTLS authentication for OAuth/OpenID clients does not properly verify the client certificate chain. A client that possesses a proper certificate can authorize itself as any other client, therefore, access data that belongs to...