RUSTSEC-2026-0140 DNS rebinding and cross-origin CSRF in dynoxide's MCP HTTP transport

dynoxide's MCP HTTP transport was vulnerable to DNS rebinding via its transitive rmcp dependency, plus a related cross-origin CSRF gap. A malicious web page could make the user's browser send requests to a local dynoxide mcp --http or dynoxide serve --mcp server with a non-loopback Host header,...

Serendipity 安全漏洞

Serendipity is a PHP-based blog system developed by the Serendipity team. This system supports the creation of online diaries, blogs, and web pages. Versions of Serendipity 2.6-beta2 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the email sending feature not...

CVE-2021-32004

This issue affects: Secomea GateManager All versions prior to 9.6. Improper Check of host header in web server of Secomea GateManager allows attacker to cause browser cache poisoning...

PT-2025-5257 · Vite · Vite

Name of the Vulnerable Software and Affected Versions: Vite versions prior to 6.0.9 Vite versions prior to 5.4.12 Vite versions prior to 4.5.6 Description: Vite allowed any websites to send any requests to the development server and read the response due to default CORS settings and lack of...

SonicOS Host Header Redirection

A Host Header Redirection vulnerability in SonicOS potentially allows a remote attacker to redirect firewall management users to arbitrary web domains. To avoid this vulnerability, follow these steps: Upgrade the firmware to the fixed version 6.5.4.8-89n, 7.0.1-R1456 etc. and higher versions,Enab...