Lucene search
+L

6 matches found

RedhatCVE
RedhatCVE
added 2026/06/26 10:31 p.m.12 views

CVE-2026-48936

A flaw was found in Node.js. The Node.js Permission API can allow a local server to be started through a Unix domain socket, even when the --allow-net permission is not explicitly granted. This bypasses intended security restrictions, potentially leading to unintended local network exposure or...

3.3CVSS5.6AI score0.00154EPSS
Exploits0References4
Snyk
Snyk
added 2026/06/26 8:13 p.m.18 views

Exposed Dangerous Method or Function

Overview nx is a The core Nx plugin contains the core functionality of Nx like the project graph, nx commands and task orchestration. Affected versions of this package are vulnerable to Exposed Dangerous Method or Function via the local HTTP server's permissive CORS policy, which sends...

6CVSS6.1AI score0.00812EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.7 views

PT-2026-56267

Name of the Vulnerable Software and Affected Versions Anki versions prior to 25.09.3 Description Anki launches a local HTTP server to serve media files and web pages for its interface. The server does not sufficiently block requests from other origins, allowing a malicious website to trigger...

8.7CVSS6.1AI score0.00181EPSS
Exploits0References11
RedhatCVE
RedhatCVE
added 2026/06/05 7:10 p.m.13 views

CVE-2026-35568

MCP Java SDK is the official Java SDK for Model Context Protocol servers and clients. Prior to 1.0.0, the java-sdk contains a DNS rebinding vulnerability. This vulnerability allows an attacker to access a locally or network-private java-sdk MCP server via a victims browser that is either local, o...

7.6CVSS5.4AI score0.00136EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/08 10:45 a.m.9 views

Security Bulletin: MCP Python SDK DNS Rebinding Vulnerability in HTTP Servers (Fixed in 1.23.0) affects watsonx.data

Summary The MCP Python SDK mcp prior to 1.23.0 did not enable DNS rebinding protection by default for HTTP-based servers. This could allow a malicious website to bypass same-origin policies and send requests to a local MCP server running without authentication. This can affect watsonx.data...

8.1CVSS5.8AI score0.00463EPSS
Exploits0Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/18 8:23 p.m.6 views

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in nltk

Summary nltk.app.wordnetapp contains a reflected cross-site scripting issue in the lookup... route. A crafted lookup URL can inject arbitrary HTML/JavaScript into the response page because attacker-controlled word data is reflected into HTML without escaping. This impacts users running the local...

6.1CVSS5.9AI score0.00331EPSS
Exploits1References5Affected Software1
Rows per page
Query Builder