Lucene search
K

28 matches found

Positive Technologies
Positive Technologies
added 2026/07/08 12:0 a.m.11 views

PT-2026-56603

Name of the Vulnerable Software and Affected Versions libp2p versions prior to 16.0.0 Description In the @libp2p/gossipsub module, the defaultDecodeRpcLimits configuration sets maxIhaveMessageIDs and maxIwantMessageIDs to Infinity. This allows oversized IHAVE and IWANT control message arrays in...

7.5CVSS6.1AI score0.00446EPSS
Exploits0References9
EUVD
EUVD
added 2026/06/30 9:50 a.m.9 views

EUVD-2026-40279

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Apache ActiveMQ, Apache ActiveMQ Web Console. The browse page in the web console renders a message Id directly without sanitization. This allows an authenticated producer to send a message with a J...

6.1CVSS5.7AI score0.00667EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/29 3:0 p.m.7 views

EUVD-2026-26250

A flaw has been found in fatbobman mail-mcp-bridge up to 1.3.3. Affected is an unknown function of the file src/mailmcpserver.py. Executing a manipulation of the argument messageids can lead to path traversal. The attack can be executed remotely. The exploit has been published and may be used...

7.5CVSS6.9AI score0.00429EPSS
Exploits0References7
CVE
CVE
added 2026/04/29 3:0 p.m.17 views

CVE-2026-7386

The CVE-2026-7386 entry concerns fatbobman mail-mcp-bridge up to 1.3.3, with a path traversal flaw in an unknown function of src/mail_mcp_server.py. The vulnerability is triggered by manipulating the message_ids argument and can be exploited remotely; exploitation has been published. A fix is ava...

7.5CVSS7AI score0.00429EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/04/29 3:0 p.m.31 views

CVE-2026-7386 fatbobman mail-mcp-bridge mail_mcp_server.py path traversal

A flaw has been found in fatbobman mail-mcp-bridge up to 1.3.3. Affected is an unknown function of the file src/mailmcpserver.py. Executing a manipulation of the argument messageids can lead to path traversal. The attack can be executed remotely. The exploit has been published and may be used...

7.5CVSS0.00429EPSS
Exploits0References7
OSV
OSV
added 2026/04/29 3:0 p.m.4 views

CVE-2026-7386 fatbobman mail-mcp-bridge mail_mcp_server.py path traversal

A flaw has been found in fatbobman mail-mcp-bridge up to 1.3.3. Affected is an unknown function of the file src/mailmcpserver.py. Executing a manipulation of the argument messageids can lead to path traversal. The attack can be executed remotely. The exploit has been published and may be used...

6.9CVSS6.6AI score0.00429EPSS
Exploits0References9
EUVD
EUVD
added 2026/03/25 3:31 p.m.3 views

EUVD-2026-15415

A SQL Injection vulnerability has been found in Support Board v3.7.7. This vulnerability allows an attacker to retrieve, create, update and delete database via 'calls0messageids' parameter in '/supportboard/include/ajax.php' endpoint...

8.7CVSS5.8AI score0.00244EPSS
Exploits0References2
NVD
NVD
added 2026/03/25 2:16 p.m.7 views

CVE-2026-4815

A SQL Injection vulnerability has been found in Support Board v3.7.7. This vulnerability allows an attacker to retrieve, create, update and delete database via 'calls0messageids' parameter in '/supportboard/include/ajax.php' endpoint...

8.8CVSS0.00244EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/25 1:31 p.m.4 views

CVE-2026-4815

A SQL Injection vulnerability has been found in Support Board v3.7.7. This vulnerability allows an attacker to retrieve, create, update and delete database via 'calls0messageids' parameter in '/supportboard/include/ajax.php' endpoint...

8.7CVSS5.8AI score0.00244EPSS
Exploits0References2
CVE
CVE
added 2026/03/25 1:31 p.m.9 views

CVE-2026-4815

Support Board 3.7.7 is affected by a SQL injection vulnerability. The issue allows an attacker to retrieve, create, update, and delete data through the parameter calls[0][message_ids][] in the /supportboard/include/ajax.php endpoint. The connected CVE records confirm the affected product/version ...

8.8CVSS5.8AI score0.00244EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/02/04 8:4 p.m.5 views

GHSA-345P-7CG4-V4C7 @modelcontextprotocol/sdk has cross-client data leak via shared server/transport instance reuse

Summary Cross-client data leak via two distinct issues: 1 reusing a single StreamableHTTPServerTransport across multiple client requests, and 2 reusing a single McpServer/Server instance across multiple transports. Both are most common in stateless deployments. Impact This advisory covers two...

7.1CVSS5.6AI score0.00267EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2019-4659

Malware in sbrugna...

6.1CVSS6.2AI score0.01338EPSS
Exploits0References8
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-37255

Malicious code in bioql PyPI...

6.5CVSS6.6AI score0.01529EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-32063

Malicious code in bioql PyPI...

7.5CVSS7.5AI score0.01116EPSS
Exploits0References8
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-53428

Malicious code in bioql PyPI...

4.3CVSS4.8AI score0.00693EPSS
Exploits1References1
OSV
OSV
added 2023/09/01 4:15 p.m.4 views

ALPINE-CVE-2023-28366

The broker in Eclipse Mosquitto 1.3.2 through 2.x before 2.0.16 has a memory leak that can be abused remotely when a client sends many QoS 2 messages with duplicate message IDs, and fails to respond to PUBREC commands. This occurs because of mishandling of EAGAIN from the libc send function...

7.5CVSS6.9AI score0.01116EPSS
Exploits0References1
Prion
Prion
added 2023/09/01 4:15 p.m.31 views

Memory corruption

The broker in Eclipse Mosquitto 1.3.2 through 2.x before 2.0.16 has a memory leak that can be abused remotely when a client sends many QoS 2 messages with duplicate message IDs, and fails to respond to PUBREC commands. This occurs because of mishandling of EAGAIN from the libc send function...

5CVSS7.2AI score0.01116EPSS
Exploits0References7Affected Software1
UbuntuCve
UbuntuCve
added 2023/09/01 4:15 p.m.33 views

CVE-2023-28366

The broker in Eclipse Mosquitto 1.3.2 through 2.x before 2.0.16 has a memory leak that can be abused remotely when a client sends many QoS 2 messages with duplicate message IDs, and fails to respond to PUBREC commands. This occurs because of mishandling of EAGAIN from the libc send function...

7.5CVSS7AI score0.01116EPSS
Exploits0References7
Cvelist
Cvelist
added 2023/09/01 12:0 a.m.45 views

CVE-2023-28366

The broker in Eclipse Mosquitto 1.3.2 through 2.x before 2.0.16 has a memory leak that can be abused remotely when a client sends many QoS 2 messages with duplicate message IDs, and fails to respond to PUBREC commands. This occurs because of mishandling of EAGAIN from the libc send function...

7.5AI score0.01116EPSS
Exploits0References7
AlpineLinux
AlpineLinux
added 2023/09/01 12:0 a.m.98 views

CVE-2023-28366

The broker in Eclipse Mosquitto 1.3.2 through 2.x before 2.0.16 has a memory leak that can be abused remotely when a client sends many QoS 2 messages with duplicate message IDs, and fails to respond to PUBREC commands. This occurs because of mishandling of EAGAIN from the libc send function...

7.5CVSS6.9AI score0.01116EPSS
Exploits0
Rows per page
Query Builder