Lucene search
K

4 matches found

OSV
OSV
added 2026/06/18 1:52 p.m.3 views

GHSA-VMF9-XX9W-86WX PraisonAI ToolsMCPServer legacy SSE transport accepts attacker Host/Origin and exposes registered tools

PraisonAI ToolsMCPServer legacy SSE transport accepts attacker Host/Origin and exposes registered tools Summary praisonaiagents.mcp.ToolsMCPServer.runsse builds a Starlette MCP HTTP+SSE server around mcp.server.sse.SseServerTransport. The server exposes /sse and /messages/, but it does not valida...

8.3CVSS5.6AI score
Exploits0References2
Snyk
Snyk
added 2025/09/29 4:28 p.m.4 views

DNS Rebinding

Overview Affected versions of this package are vulnerable to DNS Rebinding due to insufficient validation of the Host and Origin headers. An attacker can gain unauthorized access to sensitive data by luring a victim to a malicious website, enabling the attacker to read information from the report...

3.1CVSS6.6AI score0.0038EPSS
Exploits0References2
OSV
OSV
added 2025/09/29 4:28 p.m.2 views

GHSA-6Q9C-M9FR-865M vet MCP Server SSE Transport DNS Rebinding Vulnerability

SafeDep vet is vulnerable to a DNS rebinding attack due to lack of HTTP Host and Origin header validation. To exploit this vulnerability following conditions must be met: 1. A vet scan is executed and reports are saved as sqlite3 database 2. A vet MCP server is running on default port with SSE...

2.1CVSS6.7AI score0.0038EPSS
Exploits0References6
CNNVD
CNNVD
added 2022/02/08 12:0 a.m.14 views

Mozilla Firefox 访问控制错误漏洞

Mozilla Firefox is an open source Web browser from the Mozilla Foundation in the U.S. An access control error vulnerability exists in Mozilla Firefox, which stems from the Remote Agent used in WebDriver not validating the Host or Origin header. An attacker could exploit the vulnerability to force...

6.5CVSS7.7AI score0.00233EPSS
Exploits0References8
Rows per page
Query Builder