2 matches found
CVE-2026-7150 dh1011 auto-favicon MCP Tool server.py generate_favicon_from_url server-side request forgery
A vulnerability was found in dh1011 auto-favicon up to f189116a9259950c2393f114dbcb94dde0ad864b. This issue affects the function generatefaviconfromurl of the file src/autofavicon/server.py of the component MCP Tool. The manipulation of the argument imageurl results in server-side request forgery...
PT-2026-35517
Name of the Vulnerable Software and Affected Versions dh1011 auto-favicon versions up to f189116a9259950c2393f114dbcb94dde0ad864b Description An issue in the MCP Tool component allows remote attackers to perform server-side request forgery SSRF, which is a flaw where a server is tricked into maki...