Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

6 matches found

OSV
OSVadded 2026/05/20 8:14 a.m.3 views

MAL-2026-4601 Malicious code in local-mcp (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4649a6cac828460ea4a3e6d867038eaa507f109eb6a46de9eef1fc340d867608 The package executes lifecycle and import-time code that fetches executables and posts host data to off-publisher infrastructure. download.js line 92...

5.9AI score
Exploits0References21
OSSF Malicious Packages
OSSF Malicious Packagesadded 2026/05/20 8:14 a.m.6 views

Malicious code in local-mcp (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4649a6cac828460ea4a3e6d867038eaa507f109eb6a46de9eef1fc340d867608 The package executes lifecycle and import-time code that fetches executables and posts host data to off-publisher infrastructure. download.js line 92...

5.9AI score
Exploits0References21
OSV
OSVadded 2026/05/06 9:55 p.m.1 views

GHSA-89VP-X53W-74FX rmcp Streamable HTTP server transport has a DNS rebinding vulnerability

Summary Prior to version 1.4.0, the rmcp crate's Streamable HTTP server transport crates/rmcp/src/transport/streamablehttpserver/ did not validate the incoming Host header. This allowed a malicious public website, via a DNS rebinding attack, to send authenticated requests to an MCP server running...

8.8CVSS6.3AI score0.00006EPSS
Exploits0References10
EUVD
EUVDadded 2026/04/09 7:40 p.m.2 views

EUVD-2026-21061

Apollo MCP Server is a Model Context Protocol server that exposes GraphQL operations as MCP tools. Prior to version 1.7.0, the Apollo MCP Server did not validate the Host header on incoming HTTP requests when using StreamableHTTP transport. In configurations where an HTTP-based MCP server is run ...

6.8CVSS5.9AI score0.00027EPSS
Exploits0References3
Veracode
Veracodeadded 2026/03/23 2:31 p.m.3 views

DNS Rebinding

@modelcontextprotocol/sdk is vulnerable to DNS Rebinding. The vulnerability is due to DNS rebinding protection being disabled by default in unauthenticated HTTP-based servers, which allows an attacker to exploit a malicious website to bypass same-origin policy and send requests to the local MCP...

8.1CVSS7.1AI score0.0004EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichmentadded 2025/09/11 2:5 p.m.1 views

CVE-2025-10193 Neo4j Cypher MCP server is vulnerable to DNS rebinding attacks

DNS rebinding vulnerability in Neo4j Cypher MCP server allows malicious websites to bypass Same-Origin Policy protections and execute unauthorised tool invocations against locally running Neo4j MCP instances. The attack relies on the user being enticed to visit a malicious website and spend...

7.4CVSS6.5AI score0.00032EPSS
Exploits0References3
Rows per page
Query Builder