Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

6 matches found

CNNVD
CNNVDadded 2026/02/06 12:0 a.m.3 views

oatpp-mcp 代码问题漏洞

Oatpp-mcp is an implementation of a model context protocol under the Oat++ open-source project. Versions of oatpp-mcp 1.3.1 and earlier contained code vulnerabilities. These vulnerabilities stemmed from incorrect operations on the oatpp::data::type::ObjectWrapper::ObjectWrapper function in the fi...

4.8CVSS5.9AI score0.00008EPSS
Exploits0References6
CVE
CVEadded 2025/10/20 4:13 p.m.7 views

CVE-2025-6515

The CVE concerns oatpp-mcp’s MCP SSE endpoint, where a session ID is derived from an instance pointer instead of a unique, cryptographically secure value. This enables a network attacker with access to the oatpp-mcp server to predict/guess future session IDs, hijack legitimate MCP sessions, and c...

6.8CVSS6.5AI score0.00043EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2025/10/20 4:13 p.m.4 views

CVE-2025-6515 Reuse of session IDs in oatpp-mcp leads to session hijacking and prompt hijacking by remote attackers

The MCP SSE endpoint in oatpp-mcp returns an instance pointer as the session ID, which is not unique nor cryptographically secure. This allows network attackers with access to the oatpp-mcp server to guess future session IDs and hijack legitimate client MCP sessions, returning malicious responses...

6.8CVSS6.5AI score0.00043EPSS
Exploits0References1
Cvelist
Cvelistadded 2025/10/20 4:13 p.m.6 views

CVE-2025-6515 Reuse of session IDs in oatpp-mcp leads to session hijacking and prompt hijacking by remote attackers

The MCP SSE endpoint in oatpp-mcp returns an instance pointer as the session ID, which is not unique nor cryptographically secure. This allows network attackers with access to the oatpp-mcp server to guess future session IDs and hijack legitimate client MCP sessions, returning malicious responses...

6.8CVSS0.00043EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2025/10/20 12:0 a.m.2 views

PT-2025-42788

Name of the Vulnerable Software and Affected Versions oatpp-mcp affected versions not specified Description The MCP SSE endpoint returns an instance pointer as the session ID, which is not unique or cryptographically secure. This allows network attackers with access to the oatpp-mcp server to gue...

6.8CVSS6.5AI score0.00043EPSS
Exploits0References13
CNNVD
CNNVDadded 2025/10/20 12:0 a.m.2 views

oatpp-mcp 安全特征问题漏洞

oatpp-mcp is an Oat++ open source implementation of the Model Context Protocol. A security signature issue vulnerability exists in oatpp-mcp that stems from an MCP SSE endpoint returning an instance pointer as a session ID, which could lead to a session hijacking attack...

6.8CVSS6.8AI score0.00043EPSS
Exploits0References2
Rows per page
Query Builder