CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

5 matches found

OSV•added 2026/05/21 10:39 p.m.•6 views

GHSA-J3VX-CX2R-PVG8 Network-AI: Unauthenticated Cross-Origin MCP Tool Invocation via Empty Default Secret

Unauthenticated Cross-Origin MCP Tool Invocation via Empty Default Secret | Field | Value | | ---------------- | ----- | | Repository | Jovancoding/Network-AI | | Affected version | v5.4.4 commit c12686e181f231cf8d7bcf836a96d78f0f0877ac | Summary The MCP SSE server defaults to an empty secret...

7.6CVSS6AI score0.00023EPSS

Exploits0References2

Github Security Blog•added 2026/05/21 10:39 p.m.•12 views

Network-AI: Unauthenticated Cross-Origin MCP Tool Invocation via Empty Default Secret

6AI score0.00023EPSS

Exploits0References2Affected Software1

Positive Technologies•added 2026/05/21 12:0 a.m.•6 views

PT-2026-42629

7.6CVSS6AI score

Exploits0References3

Vulnrichment•added 2026/05/12 4:25 p.m.•6 views

CVE-2026-43992 JunoClaw: MCP write tools exposed raw BIP-39 mnemonic as a tool-call parameter

JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x.y-security-1, every MCP write tool sendtokens, executecontract, instantiatecontract, uploadwasm, ibctransfer, etc. accepted 'mnemonic: string' as an explicit tool-call parameter. The BIP-39 seed was consequently embedded in th...

9.8CVSS5.8AI score0.00023EPSS

Exploits0References3

OSV•added 2026/03/31 1:43 p.m.•2 views

CVE-2026-34163 Server-Side Request Forgery via MCP Tools Endpoint in FastGPT

FastGPT is an AI Agent building platform. Prior to version 4.14.9.5, FastGPT's MCP Model Context Protocol tools endpoints /api/core/app/mcpTools/getTools and /api/core/app/mcpTools/runTool accept a user-supplied URL parameter and make server-side HTTP requests to it without validating whether the...

7.7CVSS5.8AI score0.00043EPSS

Exploits1References6

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by