6 matches found
CVE-2026-48936
A flaw was found in Node.js. The Node.js Permission API can allow a local server to be started through a Unix domain socket, even when the --allow-net permission is not explicitly granted. This bypasses intended security restrictions, potentially leading to unintended local network exposure or...
Exposed Dangerous Method or Function
Overview nx is a The core Nx plugin contains the core functionality of Nx like the project graph, nx commands and task orchestration. Affected versions of this package are vulnerable to Exposed Dangerous Method or Function via the local HTTP server's permissive CORS policy, which sends...
PT-2026-56267
Name of the Vulnerable Software and Affected Versions Anki versions prior to 25.09.3 Description Anki launches a local HTTP server to serve media files and web pages for its interface. The server does not sufficiently block requests from other origins, allowing a malicious website to trigger...
CVE-2026-35568
MCP Java SDK is the official Java SDK for Model Context Protocol servers and clients. Prior to 1.0.0, the java-sdk contains a DNS rebinding vulnerability. This vulnerability allows an attacker to access a locally or network-private java-sdk MCP server via a victims browser that is either local, o...
Security Bulletin: MCP Python SDK DNS Rebinding Vulnerability in HTTP Servers (Fixed in 1.23.0) affects watsonx.data
Summary The MCP Python SDK mcp prior to 1.23.0 did not enable DNS rebinding protection by default for HTTP-based servers. This could allow a malicious website to bypass same-origin policies and send requests to a local MCP server running without authentication. This can affect watsonx.data...
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in nltk
Summary nltk.app.wordnetapp contains a reflected cross-site scripting issue in the lookup... route. A crafted lookup URL can inject arbitrary HTML/JavaScript into the response page because attacker-controlled word data is reflected into HTML without escaping. This impacts users running the local...