Lucene search
K

9 matches found

Cvelist
Cvelist
added 2026/04/17 8:34 p.m.27 views

CVE-2026-35402 mcp-neo4j-cypher: SSRF and Data Modification via read_only Mode Bypass Through CALL Procedures

mcp-neo4j-cypher is an MCP server for executing Cypher queries against Neo4j databases. In versions prior to 0.6.0, the readonly mode enforcement can be bypassed using APOC CALL procedures, potentially allowing unauthorized write operations or server-side request forgery. This issue is fixed in...

2.3CVSS0.00264EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/17 8:34 p.m.6 views

CVE-2026-35402 mcp-neo4j-cypher: SSRF and Data Modification via read_only Mode Bypass Through CALL Procedures

mcp-neo4j-cypher is an MCP server for executing Cypher queries against Neo4j databases. In versions prior to 0.6.0, the readonly mode enforcement can be bypassed using APOC CALL procedures, potentially allowing unauthorized write operations or server-side request forgery. This issue is fixed in...

2.3CVSS5.7AI score0.00264EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-27549

Malicious code in bioql PyPI...

7.5CVSS6.6AI score0.00448EPSS
Exploits0References4
Snyk
Snyk
added 2025/09/11 11:26 p.m.5 views

Origin Validation Error

Overview mcp-neo4j-cypher is an A simple Neo4j MCP server Affected versions of this package are vulnerable to Origin Validation Error via the lack of proper origin validation in the server's request handling. An attacker can execute unauthorized tool invocations against locally running instances ...

7.4CVSS6.8AI score0.00206EPSS
Exploits0References2
OSV
OSV
added 2025/09/10 2:15 p.m.5 views

CVE-2025-56406

An issue was discovered in mcp-neo4j 0.3.0 allowing attackers to obtain sensitive information or execute arbitrary commands via the SSE service. NOTE: the Supplier's position is that authentication is not mandatory for MCP servers, and the mcp-neo4j MCP server is only intended for use in a local...

7.5CVSS6AI score0.00448EPSS
Exploits0References3
NVD
NVD
added 2025/09/10 2:15 p.m.5 views

CVE-2025-56406

An issue was discovered in mcp-neo4j 0.3.0 allowing attackers to obtain sensitive information or execute arbitrary commands via the SSE service. NOTE: the Supplier's position is that authentication is not mandatory for MCP servers, and the mcp-neo4j MCP server is only intended for use in a local...

7.5CVSS0.00448EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/09/10 12:0 a.m.9 views

CVE-2025-56406

An issue was discovered in mcp-neo4j 0.3.0 allowing attackers to obtain sensitive information or execute arbitrary commands via the SSE service. NOTE: the Supplier's position is that authentication is not mandatory for MCP servers, and the mcp-neo4j MCP server is only intended for use in a local...

0.00448EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/09/10 12:0 a.m.2 views

CVE-2025-56406

An issue was discovered in mcp-neo4j 0.3.0 allowing attackers to obtain sensitive information or execute arbitrary commands via the SSE service. NOTE: the Supplier's position is that authentication is not mandatory for MCP servers, and the mcp-neo4j MCP server is only intended for use in a local...

6.8AI score0.00448EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/09/10 12:0 a.m.4 views

PT-2025-37048

Name of the Vulnerable Software and Affected Versions: mcp-neo4j version 0.3.0 Description: An issue was discovered that allows attackers to gain sensitive information or execute arbitrary commands via the SSE service. Recommendations: At the moment, there is no information about a newer version...

7.5CVSS7.2AI score0.00448EPSS
Exploits0References6
Rows per page
Query Builder