CVE-2026-33010

CVE-2026-33010 affects mcp-memory-service prior to 10.25.1. When MCP_HTTP_ENABLED is true, the app configures FastAPI CORSMiddleware with allow_origins=[''], allow_credentials=True, allow_methods=[' '], and allow_headers=['*'], yielding Access-Control-Allow-Origin: *. With MCP_ALLOW_ANONYMOUS_ACC...

CVE-2026-33010 mcp-memory-service's Wildcard CORS with Credentials Enables Cross-Origin Memory Theft

mcp-memory-service is an open-source memory backend for multi-agent systems. Prior to version 10.25.1, when the HTTP server is enabled MCPHTTPENABLED=true, the application configures FastAPI's CORSMiddleware with alloworigins='', allowcredentials=True, allowmethods="", and allowheaders="". The...

GHSA-G9RG-8VQ5-MPWM mcp-memory-service's Wildcard CORS with Credentials Enables Cross-Origin Memory Theft

Summary When the HTTP server is enabled MCPHTTPENABLED=true, the application configures FastAPI's CORSMiddleware with alloworigins='', allowcredentials=True, allowmethods="", and allowheaders="". The wildcard Access-Control-Allow-Origin: header permits any website to read API responses...

CVE-2024-34628

Out-of-bounds read in applying binary with path in Samsung Notes prior to version 4.4.21.62 allows local attackers to potentially read memory...