Lucene search
K

4 matches found

ATTACKERKB
ATTACKERKB
added 2026/06/02 10:40 p.m.9 views

CVE-2026-44653

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. In versions up to and including 0.8.3, users with only VIEW access to an MCP server can retrieve the server's decrypted admin-managed secrets through GET /api/mcp/servers and GET /api/mcp/servers/:serverName. The returned...

6.5CVSS5.7AI score0.00276EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/04/07 2:12 p.m.20 views

CVE-2026-5382 runZero Platform MCP endpoint information leak

An issue that could expose records outside of the authorized organization scope through the MCP endpoints has been resolved. This is an instance of CWE-863: Incorrect Authorization, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N 3.0 Low. This issue was fixed in...

3CVSS0.00174EPSS
Exploits0References2
CVE
CVE
added 2026/04/07 2:12 p.m.13 views

CVE-2026-5382

The CVE-2026-5382 entry concerns the runZero Platform, specifically the MCP endpoint information leak. The underlying issue is CWE-863 (Incorrect Authorization), allowing records to be exposed outside the authorized organization scope via MCP endpoints. The CVSS v3.1 impact is low (3.0) with vect...

3CVSS5.8AI score0.00174EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2025/12/02 5:55 p.m.5 views

EUVD-2025-200280

arcade-mcp-server Has Default Hardcoded Worker Secret That Allows Full Unauthorized Access to All HTTP MCP Worker Endpoints...

6.5CVSS6.4AI score0.00281EPSS
Exploits0References6
Rows per page
Query Builder