Lucene search
K

13 matches found

OSV
OSV
added 2026/06/18 1:52 p.m.3 views

GHSA-VMF9-XX9W-86WX PraisonAI ToolsMCPServer legacy SSE transport accepts attacker Host/Origin and exposes registered tools

PraisonAI ToolsMCPServer legacy SSE transport accepts attacker Host/Origin and exposes registered tools Summary praisonaiagents.mcp.ToolsMCPServer.runsse builds a Starlette MCP HTTP+SSE server around mcp.server.sse.SseServerTransport. The server exposes /sse and /messages/, but it does not valida...

8.3CVSS5.6AI score
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.10 views

EUVD-2025-16320

Malicious code in bioql PyPI...

9.6CVSS6.5AI score0.01257EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.23 views

EUVD-2025-21393

Malicious code in bioql PyPI...

9.3CVSS6.4AI score0.01287EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-21894

Malicious code in bioql PyPI...

7.5CVSS6.3AI score0.08088EPSS
Exploits0References10
Vulnrichment
Vulnrichment
added 2025/07/01 5:49 p.m.5 views

CVE-2025-53100 RestDB's Codehooks.io MCP Server Vulnerable to Command Injection

RestDB's Codehooks.io MCP Server is an MCP server on the Codehooks.io platform. Prior to version 0.2.2, the MCP server is written in a way that is vulnerable to command injection attacks as part of some of its MCP Server tools definition and implementation. This could result in a user initiated...

8.6CVSS7.6AI score0.01297EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/07/01 5:49 p.m.20 views

CVE-2025-53100 RestDB's Codehooks.io MCP Server Vulnerable to Command Injection

RestDB's Codehooks.io MCP Server is an MCP server on the Codehooks.io platform. Prior to version 0.2.2, the MCP server is written in a way that is vulnerable to command injection attacks as part of some of its MCP Server tools definition and implementation. This could result in a user initiated...

8.6CVSS0.01297EPSS
Exploits0References3
CVE
CVE
added 2025/06/26 2:8 p.m.32 views

CVE-2025-52573

CVE-2025-52573 affects the iOS Simulator MCP Server (ios-simulator-mcp). The vulnerability arises in the MCP Server’s tool definitions (notably the ui_tap tool) which rely on Node.js child process API exec. When untrusted input is used for parameters such as duration, udid, x, and y, shell meta-c...

6CVSS7.6AI score0.00658EPSS
Exploits0References4
OSV
OSV
added 2025/05/29 6:31 a.m.7 views

GHSA-22V8-P7H2-RJ7P Markdownify MCP Server allows attackers to read arbitrary files

All versions of the package mcp-markdownify-server are vulnerable to Files or Directories Accessible to External Parties via the get-markdown-file tool. An attacker can craft a prompt that, once accessed by the MCP host, will allow it to read arbitrary files from the host running the server...

8.2CVSS7AI score0.00325EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2025/05/29 6:31 a.m.12 views

Markdownify MCP Server allows attackers to read arbitrary files

All versions of the package mcp-markdownify-server are vulnerable to Files or Directories Accessible to External Parties via the get-markdown-file tool. An attacker can craft a prompt that, once accessed by the MCP host, will allow it to read arbitrary files from the host running the server...

8.2CVSS7AI score0.00325EPSS
Exploits0References5Affected Software1
Vulnrichment
Vulnrichment
added 2025/05/28 1:14 p.m.16 views

CVE-2025-5277

aws-mcp-server MCP server is vulnerable to command injection. An attacker can craft a prompt that once accessed by the MCP client will run arbitrary commands on the host system...

9.6CVSS7.6AI score0.01257EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/05/28 1:14 p.m.24 views

CVE-2025-5277

aws-mcp-server MCP server is vulnerable to command injection. An attacker can craft a prompt that once accessed by the MCP client will run arbitrary commands on the host system...

9.6CVSS0.01257EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/05/28 12:0 a.m.6 views

PT-2025-23083

Name of the Vulnerable Software and Affected Versions: aws-mcp-server affected versions not specified Description: The issue is related to command injection. An attacker can craft a prompt that, once accessed by the MCP client, will run arbitrary commands on the host system. Recommendations: At t...

9.6CVSS6.7AI score0.01257EPSS
Exploits0References12
Cvelist
Cvelist
added 2025/05/12 2:57 p.m.25 views

CVE-2025-47274 ToolHive stores secrets in the state store with no encryption

ToolHive is a utility designed to simplify the deployment and management of Model Context Protocol MCP servers. Due to the ordering of code used to start an MCP server container, versions of ToolHive prior to 0.0.33 inadvertently store secrets in the run config files which are used to restart...

2.4CVSS0.00107EPSS
Exploits0References3
Rows per page
Query Builder