GHSA-75MJ-4G74-9RG2 Universal Tool Calling Protocol (UTCP) client library for Python vulnerable to Trust Boundary Violation through Manual JSON specification

The vulnerability arises when a client fetches a tools’ JSON specification, known as a Manual, from a remote Manual Endpoint. While a provider may initially serve a benign manual e.g., one defining an HTTP tool call, earning the clients’ trust, a malicious provider can later change the manual to...

CVE-2024-58300

Siklu MultiHaul TG series devices before version 2.0.0 contain an unauthenticated vulnerability that allows remote attackers to retrieve randomly generated credentials via a network request. Attackers can send a specific hex-encoded command to port 12777 to obtain username and password, enabling...

CVE-2025-36916

In PrepareWorkloadBuffers of gxpmainactor.cc, there is a possible double fetch due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2025-36916

In PrepareWorkloadBuffers of gxpmainactor.cc, there is a possible double fetch due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2025-36916

In PrepareWorkloadBuffers of gxpmainactor.cc, there is a possible double fetch due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

EUVD-2025-202867

In PrepareWorkloadBuffers of gxpmainactor.cc, there is a possible double fetch due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2025-36916

In PrepareWorkloadBuffers of gxpmainactor.cc, there is a possible double fetch due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2025-36916

CVE-2025-36916 affects code path in PrepareWorkloadBuffers of gxp_main_actor.cc, where a race condition can cause a double fetch. This permits local escalation of privilege with no extra execution privileges and no user interaction needed; exploitation is local. Connected documents corroborate th...

CVE-2025-65513

fetch-mcp v1.0.2 and before is vulnerable to Server-Side Request Forgery SSRF vulnerability, which allows attackers to bypass private IP validation and access internal network resources...

PT-2025-50699

In PrepareWorkloadBuffers of gxp main actor.cc, there is a possible double fetch due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

GHSA-8FXJ-2G9Q-8FJW Fetch MCP Server has a Server-Side Request Forgery (SSRF) vulnerability

fetch-mcp v1.0.2 and before is vulnerable to Server-Side Request Forgery SSRF vulnerability, which allows attackers to bypass private IP validation and access internal network resources...

EUVD-2025-202327

Fetch MCP Server has a Server-Side Request Forgery SSRF vulnerability...

Fetch MCP Server has a Server-Side Request Forgery (SSRF) vulnerability

fetch-mcp v1.0.2 and before is vulnerable to Server-Side Request Forgery SSRF vulnerability, which allows attackers to bypass private IP validation and access internal network resources...

PT-2025-50490

Name of the Vulnerable Software and Affected Versions Senstar Symphony affected versions not specified Description A flaw exists in the implementation of the FetchStoredLicense method in Senstar Symphony, allowing remote attackers to disclose sensitive information without authentication. This...

Senstar Symphony FetchStoredLicense Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Senstar Symphony. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of FetchStoredLicense method. The issue results from the...

CVE-2025-65513

fetch-mcp v1.0.2 and before is vulnerable to Server-Side Request Forgery SSRF vulnerability, which allows attackers to bypass private IP validation and access internal network resources...

CVE-2025-65513

fetch-mcp v1.0.2 and before is vulnerable to Server-Side Request Forgery SSRF vulnerability, which allows attackers to bypass private IP validation and access internal network resources...

Server-side Request Forgery (SSRF)

Overview mcp-fetch-server is an An MCP server offering simple HTTP fetch functionality Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the fetch method, in the isipprivate function. An attacker can access internal network resources by sending crafted...

HTTP Fetch, Linux Command Shell, Bind TCP Inline

Fetch and execute an PPC payload from an HTTP server. Listen for a connection and spawn a command shell Module Options msf use payload/cmd/linux/http/ppc/shellbindtcp msf payloadshellbindtcp show actions ...actions... msf payloadshellbindtcp set ACTION msf payloadshellbindtcp show options ...show...

HTTPS Fetch, Linux Command Shell, Find Port Inline

Fetch and execute an MIPSLE payload from an HTTPS server. Spawn a shell on an established connection Module Options msf use payload/cmd/linux/https/ppc/shellfindport msf payloadshellfindport show actions ...actions... msf payloadshellfindport set ACTION msf payloadshellfindport show options ...sh...