Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

IBM Security Bulletins
IBM Security Bulletinsadded 2026/05/06 10:19 a.m.5 views

Security Bulletin: Vulnerability in MCP Python SDK bundled with IBM Fusion, IBM Fusion HCI and Content-Aware Storage.

Summary IBM Fusion, IBM Fusion HCI and Content-Aware Storage includes MCP Python SDK. Following vulnerability could allow an attacker to invoke tools or access resources exposed by the MCP server on behalf of the user in those limited circumstances. CVE-2025-66416. Vulnerability Details...

8.1CVSS7.2AI score0.0004EPSS
Exploits0Affected Software2
RedhatCVE
RedhatCVEadded 2025/12/05 6:34 p.m.4 views

CVE-2025-66414

MCP TypeScript SDK is the official TypeScript SDK for Model Context Protocol servers and clients. Prior to 1.24.0, The Model Context Protocol MCP TypeScript SDK does not enable DNS rebinding protection by default for HTTP-based servers. When an HTTP-based MCP server is run on localhost without...

7.6CVSS6.5AI score0.0004EPSS
Exploits0References1
NVD
NVDadded 2025/12/02 7:15 p.m.2 views

CVE-2025-66414

MCP TypeScript SDK is the official TypeScript SDK for Model Context Protocol servers and clients. Prior to 1.24.0, The Model Context Protocol MCP TypeScript SDK does not enable DNS rebinding protection by default for HTTP-based servers. When an HTTP-based MCP server is run on localhost without...

8.1CVSS0.0004EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2025/12/02 6:14 p.m.1 views

CVE-2025-66416 DNS Rebinding Protection Disabled by Default in Model Context Protocol Python SDK for Servers Running on Localhost

The MCP Python SDK, called mcp on PyPI, is a Python implementation of the Model Context Protocol MCP. Prior to version 1.23.0, tThe Model Context Protocol MCP Python SDK does not enable DNS rebinding protection by default for HTTP-based servers. When an HTTP-based MCP server is run on localhost...

7.6CVSS6.2AI score0.0004EPSS
Exploits0References2
Github Security Blog
Github Security Blogadded 2025/12/02 4:52 p.m.14 views

Model Context Protocol (MCP) Python SDK does not enable DNS rebinding protection by default

Description The Model Context Protocol MCP Python SDK does not enable DNS rebinding protection by default for HTTP-based servers. When an HTTP-based MCP server is run on localhost without authentication using FastMCP with streamable HTTP or SSE transport, and has not configured...

8.1CVSS6.9AI score0.0004EPSS
Exploits0References4Affected Software1
RedhatCVE
RedhatCVEadded 2025/10/02 8:39 p.m.7 views

CVE-2025-59956

AgentAPI is an HTTP API for Claude Code, Goose, Aider, Gemini, Amp, and Codex. Versions 0.3.3 and below are susceptible to a client-side DNS rebinding attack when hosted over plain HTTP on localhost. An attacker can gain access to the /messages endpoint served by the Agent API. This allows for th...

6.5CVSS6.3AI score0.00068EPSS
Exploits1References1
Github Security Blog
Github Security Blogadded 2025/09/29 8:40 p.m.6 views

Coder AgentAPI exposed user chat history via a DNS rebinding attack

Summary AgentAPI prior to version 0.4.0 was susceptible to a client-side DNS rebinding attack when hosted over plain HTTP on localhost. Impact An attacker could have gained access to the /messages endpoint served by the Agent API. This allowed for the unauthorized exfiltration of sensitive user...

6.5CVSS6.3AI score0.00068EPSS
Exploits1References9Affected Software1
Rows per page
Query Builder