11 matches found
Server-Side Request Forgery (SSRF)
hackmd-mcp is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to improper validation of user-supplied hackmdApiUrl values via the Hackmd-Api-Url HTTP header or a base64-encoded JSON query parameter, which allows an attacker to redirect outbound API requests to internal...
EUVD-2025-29214
Malicious code in bioql PyPI...
CVE-2025-59155
hackmd-mcp is a Model Context Protocol server for integrating HackMD's note-taking platform with AI assistants. From 1.4.0 to before 1.5.0, hackmd-mcp contains a server-side request forgery SSRF vulnerability when the server is run in HTTP transport mode. Arbitrary hackmdApiUrl values supplied vi...
HackMD MCP Server has Server-Side Request Forgery (SSRF) vulnerability
Impact A Server-Side Request Forgery SSRF vulnerability that affects all users running the HackMD MCP server in HTTP mode. Attackers could exploit this vulnerability by passing arbitrary hackmdApiUrl values through HTTP headers Hackmd-Api-Url or base64-encoded JSON query parameters. This allows...
GHSA-G5CG-6C7V-MMPW HackMD MCP Server has Server-Side Request Forgery (SSRF) vulnerability
Impact A Server-Side Request Forgery SSRF vulnerability that affects all users running the HackMD MCP server in HTTP mode. Attackers could exploit this vulnerability by passing arbitrary hackmdApiUrl values through HTTP headers Hackmd-Api-Url or base64-encoded JSON query parameters. This allows...
CVE-2025-59155
hackmd-mcp is a Model Context Protocol server for integrating HackMD's note-taking platform with AI assistants. From 1.4.0 to before 1.5.0, hackmd-mcp contains a server-side request forgery SSRF vulnerability when the server is run in HTTP transport mode. Arbitrary hackmdApiUrl values supplied vi...
CVE-2025-59155
The HackMD MCP server (hackmd-mcp) is affected by a Server-Side Request Forgery (SSRF) in HTTP transport mode from version 1.4.0 up to 1.5.0. The vulnerability stems from inadequate validation of arbitrary hackmdApiUrl values supplied via the Hackmd-Api-Url HTTP header or a base64-encoded JSON qu...
CVE-2025-59155 hackmd-mcp server-side request forgery in HTTP transport mode
hackmd-mcp is a Model Context Protocol server for integrating HackMD's note-taking platform with AI assistants. From 1.4.0 to before 1.5.0, hackmd-mcp contains a server-side request forgery SSRF vulnerability when the server is run in HTTP transport mode. Arbitrary hackmdApiUrl values supplied vi...
CVE-2025-59155 hackmd-mcp server-side request forgery in HTTP transport mode
hackmd-mcp is a Model Context Protocol server for integrating HackMD's note-taking platform with AI assistants. From 1.4.0 to before 1.5.0, hackmd-mcp contains a server-side request forgery SSRF vulnerability when the server is run in HTTP transport mode. Arbitrary hackmdApiUrl values supplied vi...
CVE-2025-59155 hackmd-mcp server-side request forgery in HTTP transport mode
hackmd-mcp is a Model Context Protocol server for integrating HackMD's note-taking platform with AI assistants. From 1.4.0 to before 1.5.0, hackmd-mcp contains a server-side request forgery SSRF vulnerability when the server is run in HTTP transport mode. Arbitrary hackmdApiUrl values supplied vi...
HackMD MCP Server 代码问题漏洞
HackMD MCP Server is a context protocol server for yuna0x0 individual developers. A code issue vulnerability exists in hackmd-mcp version 1.4.0 up to and including version 1.5.0, which stems from not validating the Hackmd-Api-Url header or base64-encoded JSON query parameter in HTTP transport mod...