4 matches found
PT-2026-31715
Apollo MCP Server is a Model Context Protocol server that exposes GraphQL operations as MCP tools. Prior to version 1.7.0, the Apollo MCP Server did not validate the Host header on incoming HTTP requests when using StreamableHTTP transport. In configurations where an HTTP-based MCP server is run ...
CVE-2026-24038
Horilla HRMS has a 2FA bypass in version 1.4.0 due to a flawed OTP equality check: when OTP expires, the server returns None and omitting the otp field makes user_otp == otp pass, bypassing 2FA. Administrative accounts risk data compromise; fixed in version 1.5.0. Remediation: upgrade to 1.5.0 or...
PT-2026-3913
Name of the Vulnerable Software and Affected Versions Horilla versions prior to 1.5.0 Description Horilla is a Human Resource Management System HRMS. The has xss function in version 1.4.0 attempts to prevent Cross-Site Scripting XSS by using regular expressions to filter input. However, these...
CVE-2025-68657
CVE-2025-68657 affects the ESP-IDF USB Host HID driver. Before version 1.1.0, hid_host_device_close() can free the same usb_transfer_t twice, and the USB event callback shares hid_iface_t state with user code without locking, allowing race conditions that may tear down a READY interface in parall...