Lucene search
+L

12 matches found

NVD
NVD
added 2 days ago6 views

CVE-2026-44970

dbt-mcp is a Model Context Protocol server for interacting with dbt. Prior to 1.17.1, DefaultUsageTracker.emittoolcalledevent in src/dbtmcp/tracking/tracking.py serialized every MCP tool call's complete arguments dictionary and sent it through dbtlabsvortex.producer.logproto without redaction,...

3.1CVSS0.00205EPSS
Exploits0References4
Cvelist
Cvelist
added 2 days ago35 views

CVE-2026-44968 dbt-mcp: Argument Injection in dbt CLI Tool Wrappers via node_selection and resource_type Parameters

dbt-mcp is a Model Context Protocol server for interacting with dbt. Prior to 1.17.1, rundbtcommand in src/dbtmcp/dbtcli/tools.py appended unsanitized nodeselection and resourcetype values to the dbt subprocess argument list, allowing an MCP client to inject dbt global flags such as --profiles-di...

6.3CVSS0.00137EPSS
Exploits0References4
OSV
OSV
added 2 days ago3 views

CVE-2026-44968 dbt-mcp: Argument Injection in dbt CLI Tool Wrappers via node_selection and resource_type Parameters

dbt-mcp is a Model Context Protocol server for interacting with dbt. Prior to 1.17.1, rundbtcommand in src/dbtmcp/dbtcli/tools.py appended unsanitized nodeselection and resourcetype values to the dbt subprocess argument list, allowing an MCP client to inject dbt global flags such as --profiles-di...

6.3CVSS6.1AI score0.00137EPSS
Exploits0References6
CVE
CVE
added 2 days ago18 views

CVE-2026-44968

Summary: CVE-2026-44968 affects dbt-mcp (Model Context Protocol server). Prior to v1.17.1, _run_dbt_command() in src/dbt_mcp/dbt_cli/tools.py appended user-supplied MCP parameters to the dbt subprocess argv without validation. This enables argument-list injection via two vectors: (1) node_selecti...

6.3CVSS6.1AI score0.00137EPSS
Exploits0References4
Snyk
Snyk
added 2026/05/14 6:24 p.m.9 views

Arbitrary Argument Injection

Overview dbt-mcp is an A MCP Model Context Protocol server for interacting with dbt resources. Affected versions of this package are vulnerable to Arbitrary Argument Injection via the nodeselection or resourcetype parameters in the rundbtcommand process. An attacker can override configuration fil...

7.2CVSS6AI score0.00137EPSS
Exploits0References2
OSV
OSV
added 2026/05/14 6:24 p.m.5 views

GHSA-XPWW-F6PM-CFHQ dbt MCP Server has an Argument Injection in dbt CLI Tool Wrappers via node_selection and resource_type Parameters

Discovered through manual source code review. Verified by PoC execution against a local dbt-mcp v1.15.1 installation. Summary rundbtcommand in src/dbtmcp/dbtcli/tools.py constructs the dbt subprocess argument list by appending user-supplied MCP tool parameters without sanitization. Two independen...

6.3CVSS6.1AI score0.00137EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/05/14 6:24 p.m.13 views

dbt MCP Server has an Argument Injection in dbt CLI Tool Wrappers via node_selection and resource_type Parameters

Discovered through manual source code review. Verified by PoC execution against a local dbt-mcp v1.15.1 installation. Summary rundbtcommand in src/dbtmcp/dbtcli/tools.py constructs the dbt subprocess argument list by appending user-supplied MCP tool parameters without sanitization. Two independen...

6.3CVSS6.1AI score0.00137EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.18 views

PT-2026-41148

Name of the Vulnerable Software and Affected Versions dbt-mcp version 1.15.1 Description The run dbt command function in src/dbt mcp/dbt cli/tools.py is susceptible to argument list injection. This occurs because user-supplied parameters are appended to the dbt subprocess argument list without...

6.3CVSS6.3AI score0.00137EPSS
Exploits0References10
Packet Storm News
Packet Storm News
added 2025/06/20 12:0 a.m.6 views

Secret Sharing in 5G-MEC: Applicability for Joint Security and Dependability

Multi-access Edge Computing MEC, an enhancement of 5G, processes data closer to its generation point, reducing latency and network load. However, the distributed and edge-based nature of 5G-MEC presents privacy and security challenges, including data exposure risks. Ensuring efficient manipulatio...

6.7AI score
Exploits0
OSV
OSV
added 2023/11/02 12:59 a.m.9 views

SUSE-RU-2023:4334-1 Recommended update for slurm_23_02

This update for slurm2302 fixes the following issues: - Updated to version 23.02.5 with the following changes: Bug Fixes: + Revert a change in 23.02 where SLURMNTASKS was no longer set in the job's environment when --ntasks-per-node was requested. The method that is is being set, however, is...

9CVSS8.6AI score0.02102EPSS
Exploits0References3
OSV
OSV
added 2023/11/02 12:57 a.m.5 views

SUSE-RU-2023:4332-1 Recommended update for slurm

This update for slurm fixes the following issues: - Updated to version 23.02.5 with the following changes: Bug Fixes: + Revert a change in 23.02 where SLURMNTASKS was no longer set in the job's environment when --ntasks-per-node was requested. The method that is is being set, however, is differen...

9CVSS8.6AI score0.02102EPSS
Exploits0References3
OSV
OSV
added 2007/07/30 9:17 p.m.6 views

DEBIAN-CVE-2007-4099

Tor before 0.1.2.15 can select a guard node beyond the first listed never-before-connected-to guard node, which allows remote attackers with control of certain guard nodes to obtain sensitive information and possibly leverage further attacks...

5.8CVSS6.7AI score0.01896EPSS
Exploits0References1
Rows per page
Query Builder