Lucene search
K

5 matches found

RedhatCVE
RedhatCVE
added 2025/10/21 6:33 p.m.5 views

CVE-2025-6515

The MCP SSE endpoint in oatpp-mcp returns an instance pointer as the session ID, which is not unique nor cryptographically secure. This allows network attackers with access to the oatpp-mcp server to guess future session IDs and hijack legitimate client MCP sessions, returning malicious responses...

6.8CVSS6.8AI score0.00344EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/10/20 4:13 p.m.10 views

CVE-2025-6515 Reuse of session IDs in oatpp-mcp leads to session hijacking and prompt hijacking by remote attackers

The MCP SSE endpoint in oatpp-mcp returns an instance pointer as the session ID, which is not unique nor cryptographically secure. This allows network attackers with access to the oatpp-mcp server to guess future session IDs and hijack legitimate client MCP sessions, returning malicious responses...

6.8CVSS0.00344EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/05/19 10:10 a.m.19 views

CVE-2024-35921 media: mediatek: vcodec: Fix oops when HEVC init fails

In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: Fix oops when HEVC init fails The stateless HEVC decoder saves the instance pointer in the context regardless if the initialization worked or not. This caused a use after free, when the pointer is freed i...

6.8AI score0.00234EPSS
Exploits0References3
OSV
OSV
added 2024/05/19 10:10 a.m.21 views

CVE-2024-35921 media: mediatek: vcodec: Fix oops when HEVC init fails

In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: Fix oops when HEVC init fails The stateless HEVC decoder saves the instance pointer in the context regardless if the initialization worked or not. This caused a use after free, when the pointer is freed i...

7.8CVSS6.1AI score0.00234EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2012/08/01 12:0 a.m.26 views

RHEL 6 : icedtea-web (RHSA-2012:1132)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2012:1132 advisory. - icedtea-web: getvalueforurl uninitialized instance pointer CVE-2012-3422 - icedtea-web: incorrect handling of not 0-terminated strings...

7.5CVSS5.5AI score0.06172EPSS
Exploits1References7
Rows per page
Query Builder