REC in MCPJam inspector due to HTTP Endpoint exposes

Summary MCPJam inspector is the local-first development platform for MCP servers. The Latest version Versions 1.4.2 and earlier are vulnerable to remote code execution RCE vulnerability, which allows an attacker to send a crafted HTTP request that triggers the installation of an MCP server, leadi...

PT-2025-50896

Name of the Vulnerable Software and Affected Versions AzuraCast versions 0.23.1 Description AzuraCast is a self-hosted, all-in-one web radio management suite. Version 0.23.1 mistakenly includes an API endpoint intended for internal use by the SFTP software sftpgo, exposing it to the public-facing...

ClickHouse 安全漏洞

ClickHouse is a ClickHouse open source one of the fastest and most resource efficient open source databases for real-time applications and analytics. A security vulnerability exists in ClickHouse that stems from an HTTP API exposure that could lead to arbitrary code execution...

Fixed in ClickHouse v25.1.5.5, 2025-01-05​

When the library bridge feature is enabled, the clickhouse-library-bridge exposes an HTTP API on localhost. This allows clickhouse-server to dynamically load a library from a specified path and execute it in an isolated process. Combined with the ClickHouse table engine functionality that permits...