21 matches found
Server-Side Request Forgery (SSRF)
hackmd-mcp is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to improper validation of user-supplied hackmdApiUrl values via the Hackmd-Api-Url HTTP header or a base64-encoded JSON query parameter, which allows an attacker to redirect outbound API requests to internal...
EUVD-2025-29214
Malicious code in bioql PyPI...
CVE-2025-59155
hackmd-mcp is a Model Context Protocol server for integrating HackMD's note-taking platform with AI assistants. From 1.4.0 to before 1.5.0, hackmd-mcp contains a server-side request forgery SSRF vulnerability when the server is run in HTTP transport mode. Arbitrary hackmdApiUrl values supplied vi...
HackMD MCP Server has Server-Side Request Forgery (SSRF) vulnerability
Impact A Server-Side Request Forgery SSRF vulnerability that affects all users running the HackMD MCP server in HTTP mode. Attackers could exploit this vulnerability by passing arbitrary hackmdApiUrl values through HTTP headers Hackmd-Api-Url or base64-encoded JSON query parameters. This allows...
GHSA-G5CG-6C7V-MMPW HackMD MCP Server has Server-Side Request Forgery (SSRF) vulnerability
Impact A Server-Side Request Forgery SSRF vulnerability that affects all users running the HackMD MCP server in HTTP mode. Attackers could exploit this vulnerability by passing arbitrary hackmdApiUrl values through HTTP headers Hackmd-Api-Url or base64-encoded JSON query parameters. This allows...
Server-side Request Forgery (SSRF)
Overview hackmd-mcp is an A Model Context Protocol server for integrating HackMD's note-taking platform with AI assistants. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the hackmdApiUrl parameter in HTTP transport mode. An attacker can access internal...
CVE-2025-59155
hackmd-mcp is a Model Context Protocol server for integrating HackMD's note-taking platform with AI assistants. From 1.4.0 to before 1.5.0, hackmd-mcp contains a server-side request forgery SSRF vulnerability when the server is run in HTTP transport mode. Arbitrary hackmdApiUrl values supplied vi...
CVE-2025-59155
The HackMD MCP server (hackmd-mcp) is affected by a Server-Side Request Forgery (SSRF) in HTTP transport mode from version 1.4.0 up to 1.5.0. The vulnerability stems from inadequate validation of arbitrary hackmdApiUrl values supplied via the Hackmd-Api-Url HTTP header or a base64-encoded JSON qu...
CVE-2025-59155 hackmd-mcp server-side request forgery in HTTP transport mode
hackmd-mcp is a Model Context Protocol server for integrating HackMD's note-taking platform with AI assistants. From 1.4.0 to before 1.5.0, hackmd-mcp contains a server-side request forgery SSRF vulnerability when the server is run in HTTP transport mode. Arbitrary hackmdApiUrl values supplied vi...
CVE-2025-59155 hackmd-mcp server-side request forgery in HTTP transport mode
hackmd-mcp is a Model Context Protocol server for integrating HackMD's note-taking platform with AI assistants. From 1.4.0 to before 1.5.0, hackmd-mcp contains a server-side request forgery SSRF vulnerability when the server is run in HTTP transport mode. Arbitrary hackmdApiUrl values supplied vi...
CVE-2025-59155 hackmd-mcp server-side request forgery in HTTP transport mode
hackmd-mcp is a Model Context Protocol server for integrating HackMD's note-taking platform with AI assistants. From 1.4.0 to before 1.5.0, hackmd-mcp contains a server-side request forgery SSRF vulnerability when the server is run in HTTP transport mode. Arbitrary hackmdApiUrl values supplied vi...
HackMD MCP Server 代码问题漏洞
HackMD MCP Server is a context protocol server for yuna0x0 individual developers. A code issue vulnerability exists in hackmd-mcp version 1.4.0 up to and including version 1.5.0, which stems from not validating the Hackmd-Api-Url header or base64-encoded JSON query parameter in HTTP transport mod...
PT-2025-37732
Name of the Vulnerable Software and Affected Versions: hackmd-mcp versions 1.4.0 through 1.4.9 Description: hackmd-mcp is a Model Context Protocol server that integrates HackMD's note-taking platform with AI assistants. A server-side request forgery SSRF vulnerability exists in the HTTP transport...
CVE-2024-22778
HackMD CodiMD 2.5.2 is vulnerable to Denial of Service...
CVE-2024-22778
HackMD CodiMD 2.5.2 is vulnerable to Denial of Service...
Denial of service
HackMD CodiMD 2.5.2 is vulnerable to Denial of Service...
CVE-2024-22778
HackMD CodiMD 2.5.2 is vulnerable to Denial of Service...
CVE-2024-22778
HackMD CodiMD 2.5.2 is vulnerable to Denial of Service...
CVE-2024-22778
HackMD CodiMD versions before 2.5.2 are vulnerable to Denial of Service. Affected software: HackMD CodiMD prior to 2.5.2. Root cause and impact: DoS vulnerability with CWEs not specified in the documents; CVSSv3.1 base score 7.5 (Network exploitation, Low attack complexity, No privileges, No user...
PT-2024-19561 · Unknown · Hackmd Codimd
Name of the Vulnerable Software and Affected Versions: HackMD CodiMD versions prior to 2.5.2 Description: The issue is related to a Denial of Service. No information is provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was...