Lucene search
K

89 matches found

Cvelist
Cvelist
added 6 days ago31 views

CVE-2026-61459 MCP Server Kubernetes < 3.9.0 Argument Injection via kubectl Structured Tools

MCP Server Kubernetes before 3.9.0 contains an argument injection vulnerability in structured tools kubectlget, kubectldescribe, kubectldelete that allows attackers to bypass the assertNoDangerousFlags security check by supplying resourceType and name parameters with leading dashes. Attackers can...

9.8CVSS0.00421EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/30 9:5 p.m.35 views

CVE-2026-58446 Presenton < 0.8.8-beta - Authentication Bypass of Session Auth via Unprotected MCP Endpoint

Presenton before 0.8.8-beta bundles an MCP server that, on server/Docker deployments configured with session authentication AUTHUSERNAME/AUTHPASSWORD, is reachable unauthenticated at /mcp because the nginx front-end does not apply the authrequest gate to that path and the MCP server auto-mints a...

6.9CVSS0.00437EPSS
Exploits0References5
OSV
OSV
added 2026/06/21 3:15 a.m.3 views

CVE-2026-12773 BerriAI litellm MCP Proxy user_api_key_auth_mcp.py UserAPIKeyAuth improper authentication

A weakness has been identified in BerriAI litellm up to 1.59.8. Affected is the function UserAPIKeyAuth of the file litellm/proxy/experimental/mcpserver/auth/userapikeyauthmcp.py of the component MCP Proxy. Executing a manipulation can lead to improper authentication. The attack may be launched...

6.9CVSS6.5AI score0.00612EPSS
Exploits1References10
Packet Storm News
Packet Storm News
added 2026/04/21 12:0 a.m.59 views

API Security Based on Automatic OpenAPI Mapping

This paper presents Map Reduce Graph MRG, a novel unsupervised method for modeling and securing HTTP REST APIs. MRG learns API structure from real-world traffic without prior knowledge or labels, automatically generating OpenAPI-compliant documentation by reconstructing routes, methods, and...

5.7AI score
Exploits0
OSV
OSV
added 2026/04/16 9:49 a.m.6 views

MAL-2026-2747 Malicious code in cloud-run-microservice-template (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e4c636a68869426b4befc9af7d044d9643686691165d52263cee9b1075b437f4 The package cloud-run-microservice-template was found to contain malicious code...

5.7AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/04/16 9:49 a.m.8 views

Malicious code in cloud-run-microservice-template (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e4c636a68869426b4befc9af7d044d9643686691165d52263cee9b1075b437f4 The package cloud-run-microservice-template was found to contain malicious code...

5.7AI score
Exploits0
Positive Technologies
Positive Technologies
added 2026/04/13 12:0 a.m.9 views

PT-2026-32512

Apache SkyWalking CVE-2025-54057: Stored XSS https://t.co/U4ZzTJS7iT CVE-2026-34476: SSRF via SW-URL Header in MCP Server https://t.co/zPXOQv1Xff CVE-2026-34884: SSRF via set skywalking url Tool and GraphQL Expression Injection in MCP Server https://t.co/5H4PWKYENG...

7.1CVSS5.8AI score0.00625EPSS
Exploits0References1
Nuclei
Nuclei
added 2026/02/04 7:0 a.m.86 views

SpringBlade - Information Leakage

SpringBlade is a comprehensive project upgraded and optimized from a commercial-grade project, featuring both a SpringCloud distributed microservice architecture and a SpringBoot monolithic microservice architecture. The SpringBlade framework has a default SIGNKEY, which can be exploited by...

6.7AI score
Exploits0References1
vulnersOsv
vulnersOsv
added 2025/10/15 7:29 p.m.9 views

tom-microservice (=3.2.28) potentially affected by CVE-2025-62380 via mailgen (=2.0.20)

mailgen NPM version =2.0.20 is affected by a known vulnerability. The following packages have a transitive dependency on mailgen and may be impacted: - tom-microservice =3.2.28 Source cves: CVE-2025-62380 Source advisory: SNYK:JS-MAILGEN-13559301...

6.3CVSS5.8AI score0.00418EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2025/10/14 7:49 p.m.7 views

tom-microservice (=3.2.28) potentially affected by CVE-2025-62366 via mailgen (=2.0.20)

mailgen NPM version =2.0.20 is affected by a known vulnerability. The following packages have a transitive dependency on mailgen and may be impacted: - tom-microservice =3.2.28 Source cves: CVE-2025-62366 Source advisory: SNYK:JS-MAILGEN-13552209...

6.3CVSS5.8AI score0.00395EPSS
Exploits0
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2019-2968

Malware in sbrugna...

8.8CVSS8.8AI score0.01452EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-30256

Malicious code in bioql PyPI...

9.3CVSS6.6AI score0.0051EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-1817

Malicious code in bioql PyPI...

8.1CVSS8AI score0.01356EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2022-33890

Malicious code in bioql PyPI...

9.8CVSS9AI score0.00987EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2025/09/22 7:45 p.m.6 views

tom-microservice (=3.2.28) potentially affected by CVE-2025-59526 via mailgen (=2.0.20)

mailgen NPM version =2.0.20 is affected by a known vulnerability. The following packages have a transitive dependency on mailgen and may be impacted: - tom-microservice =3.2.28 Source cves: CVE-2025-59526 Source advisory: SNYK:JS-MAILGEN-13004540...

6.9CVSS5.8AI score0.00409EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2025/09/22 6:3 p.m.9 views

tom-microservice (=3.2.28) potentially affected by CVE-2025-59526 via mailgen (=2.0.20)

mailgen NPM version =2.0.20 is affected by a known vulnerability. The following packages have a transitive dependency on mailgen and may be impacted: - tom-microservice =3.2.28 Source cves: CVE-2025-59526 Source advisory: OSV:GHSA-J2XJ-H7W5-R7VP...

6.9CVSS5.8AI score0.00409EPSS
Exploits0
CVE
CVE
added 2025/09/19 6:48 p.m.24 views

CVE-2025-34199

Vasion Print Virtual Appliance Host (pre-22.0.1049) and Vasion Print Application (pre-20.0.2786) expose insecure TLS usage due to disabling verification. Specifically, the code disables CURLOPT_SSL_VERIFYHOST and CURLOPT_SSL_VERIFYPEER and uses environment variables (e.g., API_*_VERIFYSSL=false) ...

9.3CVSS6.7AI score0.0051EPSS
Exploits1References4Affected Software2
Positive Technologies
Positive Technologies
added 2025/09/19 12:0 a.m.7 views

PT-2025-38598

Name of the Vulnerable Software and Affected Versions Vasion Print formerly PrinterLogic Virtual Appliance Host versions prior to 22.0.1049 Vasion Print formerly PrinterLogic Application versions prior to 20.0.2786 Description Vasion Print formerly PrinterLogic Virtual Appliance Host and...

9.3CVSS6.8AI score0.0051EPSS
Exploits1References10
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/08/14 6:52 p.m.4 views

Malicious code in generator-ikom-microservice (npm)

The package generator-ikom-microservice was found to contain malicious code...

7AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/08/14 6:52 p.m.5 views

Malicious code in generator-accelerate-node-microservice (npm)

The package generator-accelerate-node-microservice was found to contain malicious code...

7AI score
Exploits0
Rows per page
Query Builder