Lucene search
+L

4 matches found

Positive Technologies
Positive Technologies
added 2026/04/09 12:0 a.m.13 views

PT-2026-31715

Apollo MCP Server is a Model Context Protocol server that exposes GraphQL operations as MCP tools. Prior to version 1.7.0, the Apollo MCP Server did not validate the Host header on incoming HTTP requests when using StreamableHTTP transport. In configurations where an HTTP-based MCP server is run ...

6.8CVSS5.9AI score0.00182EPSS
Exploits0References4
CVE
CVE
added 2026/01/22 3:39 a.m.29 views

CVE-2026-24038

Horilla HRMS has a 2FA bypass in version 1.4.0 due to a flawed OTP equality check: when OTP expires, the server returns None and omitting the otp field makes user_otp == otp pass, bypassing 2FA. Administrative accounts risk data compromise; fixed in version 1.5.0. Remediation: upgrade to 1.5.0 or...

8.1CVSS5.5AI score0.00443EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/01/22 12:0 a.m.12 views

PT-2026-3913

Name of the Vulnerable Software and Affected Versions Horilla versions prior to 1.5.0 Description Horilla is a Human Resource Management System HRMS. The has xss function in version 1.4.0 attempts to prevent Cross-Site Scripting XSS by using regular expressions to filter input. However, these...

5.4CVSS5.9AI score0.00227EPSS
Exploits1References11
CVE
CVE
added 2026/01/12 5:26 p.m.21 views

CVE-2025-68657

CVE-2025-68657 affects the ESP-IDF USB Host HID driver. Before version 1.1.0, hid_host_device_close() can free the same usb_transfer_t twice, and the USB event callback shares hid_iface_t state with user code without locking, allowing race conditions that may tear down a READY interface in parall...

6.4CVSS6.7AI score0.00139EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder