GHSA-JJ54-R8GM-2FCF dbt MCP Server Transmits All MCP Tool Arguments Including Raw SQL and --vars Credentials to dbt Labs Telemetry by Default Without Redaction

Discovered through manual source code review. Verified by PoC execution against a local dbt-mcp v1.15.1 installation. Summary DefaultUsageTracker.emittoolcalledevent in src/dbtmcp/tracking/tracking.py serializes the complete arguments dictionary of every MCP tool call and transmits it verbatim to...

The vulnerability of the syslog system for software used in managing SAN networks by Brocade SANnav allows a intruder to gain unauthorized access to protected information.

The vulnerability of the syslog system for SAN management software like Brocade SANnav lies in the fact that data is transmitted in an open manner. Exploiting this vulnerability could allow a malicious actor to gain unauthorized access to protected information...

CVE-2023-1636

A vulnerability was found in OpenStack Barbican containers. This vulnerability is only applicable to deployments that utilize an all-in-one configuration. Barbican containers share the same CGROUP, USER, and NET namespace with the host system and other OpenStack services. If any service is...

The vulnerability of the microprogramming software of the Simatic Ident industrial identification and positioning system, due to the lack of encryption, allows attackers to gain access to the data.

The vulnerability of the microprogramming software in Simatic Ident system-based industrial identification and positioning systems is related to the lack of encryption. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain access to data transmitted between the...