26 matches found
CVE-2026-1990
A security vulnerability has been detected in oatpp up to 1.3.1. This impacts the function oatpp::data::type::ObjectWrapper::ObjectWrapper of the file src/oatpp/data/type/Type.hpp. The manipulation leads to null pointer dereference. Local access is required to approach this attack. The exploit ha...
NULL Pointer Dereference
Overview Affected versions of this package are vulnerable to NULL Pointer Dereference via the ObjectWrapper constructor in the affected header file. An attacker can cause a denial of service by triggering a null pointer dereference through local access. Remediation There is no fixed version for...
CVE-2026-1990
A security vulnerability has been detected in oatpp up to 1.3.1. This impacts the function oatpp::data::type::ObjectWrapper::ObjectWrapper of the file src/oatpp/data/type/Type.hpp. The manipulation leads to null pointer dereference. Local access is required to approach this attack. The exploit ha...
CVE-2026-1990
A security vulnerability has been detected in oatpp up to 1.3.1. This impacts the function oatpp::data::type::ObjectWrapper::ObjectWrapper of the file src/oatpp/data/type/Type.hpp. The manipulation leads to null pointer dereference. Local access is required to approach this attack. The exploit ha...
CVE-2026-1990
A security vulnerability has been detected in oatpp up to 1.3.1. This impacts the function oatpp::data::type::ObjectWrapper::ObjectWrapper of the file src/oatpp/data/type/Type.hpp. The manipulation leads to null pointer dereference. Local access is required to approach this attack. The exploit ha...
CVE-2026-1990
The CVE-2026-1990 vulnerability affects oatpp up to 1.3.1, specifically the ObjectWrapper constructor in src/oatpp/data/type/Type.hpp. It causes a null pointer dereference and requires local access to exploit. Public disclosure of the exploit is noted; vendors have been informed but responses var...
CVE-2026-1990 oatpp Type.hpp ObjectWrapper null pointer dereference
A security vulnerability has been detected in oatpp up to 1.3.1. This impacts the function oatpp::data::type::ObjectWrapper::ObjectWrapper of the file src/oatpp/data/type/Type.hpp. The manipulation leads to null pointer dereference. Local access is required to approach this attack. The exploit ha...
EUVD-2026-5584
A security vulnerability has been detected in oatpp up to 1.3.1. This impacts the function oatpp::data::type::ObjectWrapper::ObjectWrapper of the file src/oatpp/data/type/Type.hpp. The manipulation leads to null pointer dereference. Local access is required to approach this attack. The exploit ha...
CVE-2026-1990 oatpp Type.hpp ObjectWrapper null pointer dereference
A security vulnerability has been detected in oatpp up to 1.3.1. This impacts the function oatpp::data::type::ObjectWrapper::ObjectWrapper of the file src/oatpp/data/type/Type.hpp. The manipulation leads to null pointer dereference. Local access is required to approach this attack. The exploit ha...
PT-2026-6674
Name of the Vulnerable Software and Affected Versions oatpp versions up to 1.3.1 Description A security issue has been identified in oatpp. The issue involves a null pointer dereference within the oatpp::data::type::ObjectWrapper::ObjectWrapper function located in the src/oatpp/data/type/Type.hpp...
oatpp-mcp 代码问题漏洞
Oatpp-mcp is an implementation of a model context protocol under the Oat++ open-source project. Versions of oatpp-mcp 1.3.1 and earlier contained code vulnerabilities. These vulnerabilities stemmed from incorrect operations on the oatpp::data::type::ObjectWrapper::ObjectWrapper function in the fi...
CVE-2025-6515 Reuse of session IDs in oatpp-mcp leads to session hijacking and prompt hijacking by remote attackers
The MCP SSE endpoint in oatpp-mcp returns an instance pointer as the session ID, which is not unique nor cryptographically secure. This allows network attackers with access to the oatpp-mcp server to guess future session IDs and hijack legitimate client MCP sessions, returning malicious responses...
CVE-2025-6515
The CVE concerns oatpp-mcp’s MCP SSE endpoint, where a session ID is derived from an instance pointer instead of a unique, cryptographically secure value. This enables a network attacker with access to the oatpp-mcp server to predict/guess future session IDs, hijack legitimate MCP sessions, and c...
CVE-2025-6515 Reuse of session IDs in oatpp-mcp leads to session hijacking and prompt hijacking by remote attackers
The MCP SSE endpoint in oatpp-mcp returns an instance pointer as the session ID, which is not unique nor cryptographically secure. This allows network attackers with access to the oatpp-mcp server to guess future session IDs and hijack legitimate client MCP sessions, returning malicious responses...
PT-2025-42788
Name of the Vulnerable Software and Affected Versions oatpp-mcp affected versions not specified Description The MCP SSE endpoint returns an instance pointer as the session ID, which is not unique or cryptographically secure. This allows network attackers with access to the oatpp-mcp server to gue...
oatpp-mcp 安全特征问题漏洞
oatpp-mcp is an Oat++ open source implementation of the Model Context Protocol. A security signature issue vulnerability exists in oatpp-mcp that stems from an MCP SSE endpoint returning an instance pointer as a session ID, which could lead to a session hijacking attack...
EUVD-2025-19006
Malicious code in bioql PyPI...
Stack-based Buffer Overflow
Overview Affected versions of this package are vulnerable to Stack-based Buffer Overflow via the deserializeArray function in the src/oatpp/json/Deserializer.cpp file. An attacker can cause a crash or disrupt service by sending specially crafted input that triggers a stack-based buffer overflow...
CVE-2025-6566
A vulnerability was found in oatpp Oat++ up to 1.3.1. It has been declared as critical. This vulnerability affects the function deserializeArray of the file src/oatpp/json/Deserializer.cpp. The manipulation leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit ha...
CVE-2025-6566 oatpp Oat++ Deserializer.cpp deserializeArray stack-based overflow
A vulnerability was found in oatpp Oat++ up to 1.3.1. It has been declared as critical. This vulnerability affects the function deserializeArray of the file src/oatpp/json/Deserializer.cpp. The manipulation leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit ha...