CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

22 matches found

CVE-2026-49291

mcp-memory-service (semantic memory layer for AI apps) exposed the HTTP MCP JSON-RPC endpoint at /mcp such that OAuth read scope allowed mutating actions. Before patch 10.65.3, a read-only OAuth client could invoke tools/call to reach store_memory and delete_memory, bypassing REST write scope che...

8.1CVSS5.9AI score0.00264EPSS

Exploits0References3

Cvelist•added 6 days ago•16 views

CVE-2026-49291 mcp-memory-service: OAuth read-only clients can write and delete memories through MCP tools/call

mcp-memory-service is a semantic memory layer for AI applications. Prior to version 10.65.3, the HTTP MCP JSON-RPC endpoint at /mcp requires only OAuth read scope for all requests, then dispatches tools/call directly to handlers that include mutating tools. A read-only OAuth client can call...

8.1CVSS0.00264EPSS

Exploits0References3

Positive Technologies•added 6 days ago•13 views

PT-2026-51006

Name of the Vulnerable Software and Affected Versions mcp-memory-service versions prior to 10.65.3 Description The HTTP MCP JSON-RPC endpoint at "/mcp" fails to properly validate OAuth scopes. It allows requests with only the read scope to be dispatched to handlers that include mutating tools...

8.1CVSS5.9AI score0.00264EPSS

Exploits0References5

CNNVD•added 2026/04/10 12:0 a.m.•6 views

CowAgent 路径遍历漏洞

CowAgent is an intelligent assistant and scalable agent framework developed by zhayujie’s individual developer. Versions of CowAgent 2.0.4 and earlier had a path traversal vulnerability. This vulnerability stemmed from incorrect handling of the parameter filename in the file...

6.9CVSS6.1AI score0.00632EPSS

Exploits0References7

RedhatCVE•added 2026/03/26 3:0 p.m.•3 views

CVE-2026-33010

mcp-memory-service is an open-source memory backend for multi-agent systems. Prior to version 10.25.1, when the HTTP server is enabled MCPHTTPENABLED=true, the application configures FastAPI's CORSMiddleware with alloworigins='', allowcredentials=True, allowmethods="", and allowheaders="". The...

8.1CVSS5.7AI score0.00387EPSS

Exploits1References1

NVD•added 2026/03/20 7:16 p.m.•6 views

CVE-2026-33010

8.8CVSS0.00387EPSS

Exploits1References1

Vulnrichment•added 2026/03/20 6:33 p.m.•4 views

CVE-2026-33010 mcp-memory-service's Wildcard CORS with Credentials Enables Cross-Origin Memory Theft

8.1CVSS5.8AI score0.00387EPSS

Exploits1References1

Cvelist•added 2026/03/20 6:33 p.m.•24 views

CVE-2026-33010 mcp-memory-service's Wildcard CORS with Credentials Enables Cross-Origin Memory Theft

8.1CVSS0.00387EPSS

Exploits1References1

CVE•added 2026/03/20 6:33 p.m.•12 views

CVE-2026-33010

CVE-2026-33010 affects mcp-memory-service prior to 10.25.1. When MCP_HTTP_ENABLED is true, the app configures FastAPI CORSMiddleware with allow_origins=[''], allow_credentials=True, allow_methods=[' '], and allow_headers=['*'], yielding Access-Control-Allow-Origin: *. With MCP_ALLOW_ANONYMOUS_ACC...

8.8CVSS5.8AI score0.00387EPSS

Exploits1References1Affected Software1

OSV•added 2026/03/20 6:33 p.m.•6 views

CVE-2026-33010 mcp-memory-service's Wildcard CORS with Credentials Enables Cross-Origin Memory Theft

8.1CVSS5.8AI score0.00387EPSS

Exploits1References3

CNNVD•added 2026/03/20 12:0 a.m.•4 views

mcp-memory-service 安全漏洞

mcp-memory-service is a backend service developed by Henry’s individual developer, designed to provide persistent shared memory for AI agents. Versions of mcp-memory-service prior to 10.25.1 contained security vulnerabilities. These vulnerabilities stemmed from improper CORS configuration and...

8.8CVSS5.8AI score0.00387EPSS

Exploits1References1

Vulnrichment•added 2026/03/07 3:34 p.m.•2 views

CVE-2026-29787 mcp-memory-service: System Information Disclosure via Health Endpoint

mcp-memory-service is an open-source memory backend for multi-agent systems. Prior to version 10.21.0, the /api/health/detailed endpoint returns detailed system information including OS version, Python version, CPU count, memory totals, disk usage, and the full database filesystem path. When...

5.3CVSS5.7AI score0.00369EPSS

Exploits1References2

ATTACKERKB•added 2026/03/07 3:34 p.m.•3 views

CVE-2026-29787

5.3CVSS5.7AI score0.00369EPSS

Exploits1References3Affected Software1

Cvelist•added 2026/03/07 3:34 p.m.•26 views

CVE-2026-29787 mcp-memory-service: System Information Disclosure via Health Endpoint

5.3CVSS0.00369EPSS

Exploits1References2

CVE•added 2026/03/07 3:34 p.m.•13 views

CVE-2026-29787

Summary of CVE-2026-29787 (mcp-memory-service) : The /api/health/detailed endpoint exposes detailed reconnaissance data (OS version, Python version, CPU, memory, disk usage, and the full database path). This occurs when anonymous access is enabled (MCP_ALLOW_ANONYMOUS_ACCESS=true) and the service...

5.3CVSS5.7AI score0.00369EPSS

Exploits1References2Affected Software1

OSV•added 2026/03/07 3:34 p.m.•2 views

CVE-2026-29787 mcp-memory-service: System Information Disclosure via Health Endpoint

5.3CVSS5.8AI score0.00369EPSS

Exploits1References4

Snyk•added 2026/03/07 2:12 a.m.•3 views

Permissive Cross-domain Policy with Untrusted Domains

Overview mcp-memory-service is an Open-source persistent memory for AI agent pipelines and Claude. REST API + semantic search + knowledge graph + autonomous consolidation. Self-host, zero cloud cost. Affected versions of this package are vulnerable to Permissive Cross-domain Policy with Untrusted...

8.8CVSS5.8AI score0.00387EPSS

Exploits1References2

CNNVD•added 2026/03/07 12:0 a.m.•4 views

mcp-memory-service 信息泄露漏洞

mcp-memory-service is a backend service developed by Henry’s individual developer, designed to provide persistent shared memory for AI agents. Versions of mcp-memory-service prior to 10.21.0 contained an information leakage vulnerability. This vulnerability stemmed from the health check endpoint...

5.3CVSS5.8AI score0.00369EPSS

Exploits1References2

Snyk•added 2026/03/05 9:42 p.m.•2 views

Information Exposure

6.3CVSS5.8AI score0.00369EPSS

Exploits1References2