4 matches found
CVE-2026-49291
mcp-memory-service (semantic memory layer for AI apps) exposed the HTTP MCP JSON-RPC endpoint at /mcp such that OAuth read scope allowed mutating actions. Before patch 10.65.3, a read-only OAuth client could invoke tools/call to reach store_memory and delete_memory, bypassing REST write scope che...
crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption
A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security TLS session resumption when certificate authority CA settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing ...
EUVD-2022-3689
Malicious code in bioql PyPI...
GHSA-2MRQ-W8PV-5PVQ Malicious input can provoke XSS when preserving comments
Impact There is a potential for a mutation XSS mXSS vulnerability in AntiSamy caused by flawed parsing of the HTML being sanitized. To be subject to this vulnerability the preserveComments directive must be enabled in your policy file. As a result, certain crafty inputs can result in elements in...