Lucene search
+L

672 matches found

EUVD
EUVD
added 10 hours ago7 views

EUVD-2026-45138

Improper Access Control vulnerability in the Removable Media Validation function of TXOne Networks products allows a local attacker with administrator privileges to bypass the file lockdown mechanism, resulting in unauthorized file transfer to the victim device. The attacker needs to deploy...

6.7CVSS6.1AI score
Exploits0References1
CVE
CVE
added 10 hours ago8 views

CVE-2026-41993

TXOne Networks CVE-2026-41993 involves an Improper Access Control in the Removable Media Validation function. A local attacker with administrator privileges can bypass the file lockdown mechanism, enabling unauthorized file transfers to the victim device. Affected versions: SafePortAgent prior to...

6.7CVSS6.1AI score
Exploits0References1
Cvelist
Cvelist
added 10 hours ago7 views

CVE-2026-41993

Improper Access Control vulnerability in the Removable Media Validation function of TXOne Networks products allows a local attacker with administrator privileges to bypass the file lockdown mechanism, resulting in unauthorized file transfer to the victim device. The attacker needs to deploy...

6.7CVSS
Exploits0References1
NVD
NVD
added 2026/06/26 5:16 p.m.13 views

CVE-2026-48529

GitHub MCP Server is GitHub's official MCP Server. From 0.22.0 until 1.1.2, when running in HTTP mode with --lockdown-mode enabled, the RepoAccessCache is implemented as a process-global singleton initialized with the first authenticated user's GraphQL client. All subsequent requests from differe...

6CVSS0.00205EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/26 4:33 p.m.8 views

CVE-2026-48529

GitHub MCP Server is GitHub's official MCP Server. From 0.22.0 until 1.1.2, when running in HTTP mode with --lockdown-mode enabled, the RepoAccessCache is implemented as a process-global singleton initialized with the first authenticated user's GraphQL client. All subsequent requests from differe...

6CVSS5.8AI score0.00205EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/06/26 4:33 p.m.25 views

CVE-2026-48529

GitHub MCP Server (versions 0.22.0–1.1.2) in HTTP mode with --lockdown-mode stores RepoAccessCache as a process-global singleton initialized with the first authenticated user’s GraphQL client. All subsequent requests reuse that singleton, causing lockdown queries to run with the first user’s toke...

6CVSS5.8AI score0.00205EPSS
Exploits0References1
OSV
OSV
added 2026/06/26 4:33 p.m.3 views

CVE-2026-48529 GitHub MCP Server: Lockdown mode singleton in HTTP server causes cross-user GraphQL client confusion

GitHub MCP Server is GitHub's official MCP Server. From 0.22.0 until 1.1.2, when running in HTTP mode with --lockdown-mode enabled, the RepoAccessCache is implemented as a process-global singleton initialized with the first authenticated user's GraphQL client. All subsequent requests from differe...

6CVSS6AI score0.00205EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/26 4:33 p.m.37 views

CVE-2026-48529 GitHub MCP Server: Lockdown mode singleton in HTTP server causes cross-user GraphQL client confusion

GitHub MCP Server is GitHub's official MCP Server. From 0.22.0 until 1.1.2, when running in HTTP mode with --lockdown-mode enabled, the RepoAccessCache is implemented as a process-global singleton initialized with the first authenticated user's GraphQL client. All subsequent requests from differe...

6CVSS0.00205EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/06/25 9:32 p.m.10 views

GitHub MCP Server: Lockdown mode singleton in HTTP server causes cross-user GraphQL client confusion

Summary When running in HTTP mode with --lockdown-mode enabled, the RepoAccessCache is implemented as a process-global singleton initialized with the first authenticated user's GraphQL client. All subsequent requests from different users share this singleton and their lockdown-related GraphQL...

6CVSS5.9AI score0.00205EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/06/25 9:32 p.m.5 views

GHSA-PJP5-FPMR-3349 GitHub MCP Server: Lockdown mode singleton in HTTP server causes cross-user GraphQL client confusion

Summary When running in HTTP mode with --lockdown-mode enabled, the RepoAccessCache is implemented as a process-global singleton initialized with the first authenticated user's GraphQL client. All subsequent requests from different users share this singleton and their lockdown-related GraphQL...

6CVSS5.9AI score0.00205EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.12 views

PT-2026-52644

Name of the Vulnerable Software and Affected Versions GitHub MCP Server versions 0.22.0 through 1.1.1 Description When operating in HTTP mode with --lockdown-mode enabled, the RepoAccessCache is implemented as a process-global singleton. This singleton is initialized using the GraphQL client of t...

6CVSS5.7AI score0.00205EPSS
Exploits0References7
NVD
NVD
added 2026/06/08 5:16 p.m.18 views

CVE-2026-48507

Snipe-IT is an IT asset/license management system. A vulnerability in versions prior to 8.6.0 allows a non-admin user holding only the granular users.edit permission to lock every admin out of the instance by editing the activated flag which determines whether or not a user can login and the...

7.1CVSS0.00194EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:51 p.m.10 views

CVE-2025-48616

In multiple functions of KeyguardViewMediator.java , there is a possible way to bypass lockdown mode with screen pinning due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitatio...

3.3CVSS5.7AI score0.00072EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:46 p.m.11 views

CVE-2026-28929

A logic issue was addressed with improved checks. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. Replying to an email could display remote images in Mail in Lockdown Mode...

7.5CVSS5.5AI score0.0041EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/02 12:31 a.m.11 views

EUVD-2025-210014

In multiple functions of KeyguardViewMediator.java , there is a possible way to bypass lockdown mode with screen pinning due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitatio...

3.3CVSS5.9AI score0.00072EPSS
Exploits0References2
NVD
NVD
added 2026/06/01 10:16 p.m.12 views

CVE-2025-48616

In multiple functions of KeyguardViewMediator.java , there is a possible way to bypass lockdown mode with screen pinning due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitatio...

3.3CVSS0.00072EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/01 9:14 p.m.16 views

CVE-2025-48616

In multiple functions of KeyguardViewMediator.java , there is a possible way to bypass lockdown mode with screen pinning due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitatio...

5.9AI score0.00072EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/01 9:14 p.m.36 views

CVE-2025-48616

In multiple functions of KeyguardViewMediator.java , there is a possible way to bypass lockdown mode with screen pinning due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitatio...

0.00072EPSS
Exploits0References1
CVE
CVE
added 2026/06/01 9:14 p.m.28 views

CVE-2025-48616

CVE-2025-48616 affects a component in KeyguardViewMediator.java, enabling a bypass of lockdown mode via screen pinning due to a logic error. This can lead to local information disclosure without requiring exploitation privileges or user interaction. Document does not specify affected product vers...

3.3CVSS5.9AI score0.00072EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/06/01 12:0 a.m.11 views

ASB-A-438973280

In multiple functions of KeyguardViewMediator.java , there is a possible way to bypass lockdown mode with screen pinning due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitatio...

3.3CVSS5.9AI score0.00072EPSS
Exploits0References2
Rows per page
Query Builder