2 matches found
PYSEC-2026-162
Improper Protection of Alternate Path exists in the no-access and workdir feature of the AWS API MCP Server versions = 0.2.14 and 1.3.9 on all platforms may allow the bypass of intended file access restriction and expose arbitrary local file contents in the MCP client application context. To...
DRUPAL-CONTRIB-2025-009
This module allows a site to setup two factor authentication via QR code using authenticator applications on mobile devices including phones. The module does not properly protect its custom paths, allowing one user to access a different user's two factor configuration...