@grackle-ai/mcp has a workspace authorization bypass in its knowledge_search MCP tool

Impact The knowledgesearch and knowledgegetnode MCP tools are included in SCOPEDTOOLS visible to scoped agents but their handlers do not receive authContext and do not enforce workspace scoping. A scoped agent in Workspace A can supply an arbitrary workspaceId parameter to search or retrieve...

Improper Restriction of Communication Channel to Intended Endpoints

Overview @grackle-ai/mcp is a MCP Model Context Protocol server for Grackle — translates MCP tool calls to ConnectRPC Affected versions of this package are vulnerable to Improper Restriction of Communication Channel to Intended Endpoints in the knowledgesearch and knowledgegetnode MCP tools, whic...

EUVD-2008-0828

Malware in sbrugna...

PHP Live! 3.2.2 - 'questid' SQL Injection (1)

!Info! PHP Live! © OSI Codes Inc. enables live help and live customer support communication directly from your website. With PHP Live!, you can provide one-on-one chat assistance in real-time, answer visitor questions and add that extra human touch to your website. !SQL Injection! Code:...