28 matches found
PT-2026-56603
Name of the Vulnerable Software and Affected Versions libp2p versions prior to 16.0.0 Description In the @libp2p/gossipsub module, the defaultDecodeRpcLimits configuration sets maxIhaveMessageIDs and maxIwantMessageIDs to Infinity. This allows oversized IHAVE and IWANT control message arrays in...
EUVD-2026-40279
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Apache ActiveMQ, Apache ActiveMQ Web Console. The browse page in the web console renders a message Id directly without sanitization. This allows an authenticated producer to send a message with a J...
EUVD-2026-26250
A flaw has been found in fatbobman mail-mcp-bridge up to 1.3.3. Affected is an unknown function of the file src/mailmcpserver.py. Executing a manipulation of the argument messageids can lead to path traversal. The attack can be executed remotely. The exploit has been published and may be used...
CVE-2026-7386
The CVE-2026-7386 entry concerns fatbobman mail-mcp-bridge up to 1.3.3, with a path traversal flaw in an unknown function of src/mail_mcp_server.py. The vulnerability is triggered by manipulating the message_ids argument and can be exploited remotely; exploitation has been published. A fix is ava...
CVE-2026-7386 fatbobman mail-mcp-bridge mail_mcp_server.py path traversal
A flaw has been found in fatbobman mail-mcp-bridge up to 1.3.3. Affected is an unknown function of the file src/mailmcpserver.py. Executing a manipulation of the argument messageids can lead to path traversal. The attack can be executed remotely. The exploit has been published and may be used...
CVE-2026-7386 fatbobman mail-mcp-bridge mail_mcp_server.py path traversal
A flaw has been found in fatbobman mail-mcp-bridge up to 1.3.3. Affected is an unknown function of the file src/mailmcpserver.py. Executing a manipulation of the argument messageids can lead to path traversal. The attack can be executed remotely. The exploit has been published and may be used...
EUVD-2026-15415
A SQL Injection vulnerability has been found in Support Board v3.7.7. This vulnerability allows an attacker to retrieve, create, update and delete database via 'calls0messageids' parameter in '/supportboard/include/ajax.php' endpoint...
CVE-2026-4815
A SQL Injection vulnerability has been found in Support Board v3.7.7. This vulnerability allows an attacker to retrieve, create, update and delete database via 'calls0messageids' parameter in '/supportboard/include/ajax.php' endpoint...
CVE-2026-4815
A SQL Injection vulnerability has been found in Support Board v3.7.7. This vulnerability allows an attacker to retrieve, create, update and delete database via 'calls0messageids' parameter in '/supportboard/include/ajax.php' endpoint...
CVE-2026-4815
Support Board 3.7.7 is affected by a SQL injection vulnerability. The issue allows an attacker to retrieve, create, update, and delete data through the parameter calls[0][message_ids][] in the /supportboard/include/ajax.php endpoint. The connected CVE records confirm the affected product/version ...
GHSA-345P-7CG4-V4C7 @modelcontextprotocol/sdk has cross-client data leak via shared server/transport instance reuse
Summary Cross-client data leak via two distinct issues: 1 reusing a single StreamableHTTPServerTransport across multiple client requests, and 2 reusing a single McpServer/Server instance across multiple transports. Both are most common in stateless deployments. Impact This advisory covers two...
EUVD-2019-4659
Malware in sbrugna...
EUVD-2022-37255
Malicious code in bioql PyPI...
EUVD-2023-32063
Malicious code in bioql PyPI...
EUVD-2022-53428
Malicious code in bioql PyPI...
ALPINE-CVE-2023-28366
The broker in Eclipse Mosquitto 1.3.2 through 2.x before 2.0.16 has a memory leak that can be abused remotely when a client sends many QoS 2 messages with duplicate message IDs, and fails to respond to PUBREC commands. This occurs because of mishandling of EAGAIN from the libc send function...
Memory corruption
The broker in Eclipse Mosquitto 1.3.2 through 2.x before 2.0.16 has a memory leak that can be abused remotely when a client sends many QoS 2 messages with duplicate message IDs, and fails to respond to PUBREC commands. This occurs because of mishandling of EAGAIN from the libc send function...
CVE-2023-28366
The broker in Eclipse Mosquitto 1.3.2 through 2.x before 2.0.16 has a memory leak that can be abused remotely when a client sends many QoS 2 messages with duplicate message IDs, and fails to respond to PUBREC commands. This occurs because of mishandling of EAGAIN from the libc send function...
CVE-2023-28366
The broker in Eclipse Mosquitto 1.3.2 through 2.x before 2.0.16 has a memory leak that can be abused remotely when a client sends many QoS 2 messages with duplicate message IDs, and fails to respond to PUBREC commands. This occurs because of mishandling of EAGAIN from the libc send function...
CVE-2023-28366
The broker in Eclipse Mosquitto 1.3.2 through 2.x before 2.0.16 has a memory leak that can be abused remotely when a client sends many QoS 2 messages with duplicate message IDs, and fails to respond to PUBREC commands. This occurs because of mishandling of EAGAIN from the libc send function...