Lucene search
K

5 matches found

NVD
NVD
added 4 days ago7 views

CVE-2026-54149

MaxKB is an open-source AI assistant for enterprise. Prior to 2.10.0-lts, MaxKB tool import functionality in apps/tools/serializers/tool.py and MCP referencing mode in apps/application/chatpipeline/step/chatstep/impl/basechatstep.py do not consistently validate MCP transport type, allowing an...

8.8CVSS0.00384EPSS
Exploits0References2
CVE
CVE
added 4 days ago10 views

CVE-2026-54149

MaxKB is affected by CVE-2026-54149 prior to version 2.10.0-lts. The vulnerability resides in tool import validation (apps/tools/serializers/tool.py) and MCP referencing mode (apps/application/chat_pipeline/step/chat_step/impl/base_chat_step.py), where MCP transport type is not consistently valid...

8.8CVSS6.2AI score0.00384EPSS
Exploits0References2
Rapid7 Blog
Rapid7 Blog
added 2026/07/03 10:11 p.m.26 views

Weekly Metasploit Update: Modules for SMB-to-Meterpreter, Peyara Remote Mouse RCE exploit, and more

It's Time to Upgrade Your SMB Session This week, Metasploit contributor Dean Welch has added an SMB to Meterpreter session upgrade module. It uses PsExec to facilitate the upgrade. Users can load the module with use windows/manage/smbtometerpreter and specify the session number they wish to...

6AI score
Exploits0
NVD
NVD
added 2026/06/22 4:16 p.m.13 views

CVE-2026-7664

IBM Langflow OSS 1.0.0 through 1.8.4 could allow unauthenticated attackers to access protected MCP project resources and execute MCP operations due to improper authorization enforcement in the Streamable MCP transport endpoint...

9.8CVSS0.00277EPSS
Exploits0References1
RustSec
RustSec
added 2026/05/12 12:0 p.m.31 views

DNS rebinding and cross-origin CSRF in dynoxide's MCP HTTP transport

dynoxide's MCP HTTP transport was vulnerable to DNS rebinding via its transitive rmcp dependency, plus a related cross-origin CSRF gap. A malicious web page could make the user's browser send requests to a local dynoxide mcp --http or dynoxide serve --mcp server with a non-loopback Host header,...

8.8CVSS5.8AI score0.00213EPSS
Exploits0Affected Software1
Rows per page
Query Builder