PT-2026-29672

Name of the Vulnerable Software and Affected Versions Go MCP SDK versions prior to 1.4.0 Description The Go MCP SDK, utilizing Go's standard encoding/json, did not enable DNS rebinding protection by default for HTTP-based servers prior to version 1.4.0. When an HTTP-based MCP server was run on...

EUVD-2026-8770

mcp-server-git : Path traversal in gitadd allows staging files outside repository boundaries...

aiptx-cyber-mcp

Cyber MCPs - Security Tools for AI !MCP Securityhttps://...

Model Context Protocol Servers 路径遍历漏洞

Model Context Protocol Servers is a large model context protocol server from Model Context Protocol open source. A path traversal vulnerability exists in versions of Model Context Protocol Servers prior to 2025.9.25, which stems from the gitinit utility accepting an arbitrary filesystem path and...

Model Context Protocol Servers 路径遍历漏洞

Model Context Protocol Servers is a large model context protocol server from Model Context Protocol open source. A path traversal vulnerability exists in Model Context Protocol Servers versions prior to 0.6.4 and prior to 2025.7.01, which stems from the fact that prefix matching can lead to...

PT-2025-27616

Name of the Vulnerable Software and Affected Versions: Model Context Protocol Servers Filesystem versions prior to 0.6.4 or 2025.7.01 Model Context Protocol Servers Filesystem versions prior to 0.6.3 or 2025.7.1 Description: Model Context Protocol Servers is a collection of reference...

CVE-2023-4503

An improper initialization vulnerability was found in Galleon. When using Galleon to provision custom EAP or EAP-XP servers, the servers are created unsecured. This issue could allow an attacker to access remote HTTP services available from the server...

CVE-2023-34462

CVE-2023-34462 affects Netty SniHandler: during TLS handshake, it can allocate up to 16 MB of heap per channel (ByteBuf from ClientHello) if no idle timeout is set, enabling a crafted ClientHello to trigger memory growth and DoS. The issue is fixed in Netty 4.1.94.Final. Remediation: upgrade Nett...

Metasploit Weekly Wrap-Up

Fetch Based Payloads: Making the Path from Command Injection to Metasploit Session Shorter This week we’re releasing Metasploit fetch payloads. Fetch payloads are command-based payloads that leverage network-enabled applications on remote hosts and different protocol servers to serve, download, a...

CVE-2021-43797

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. Netty prior to version 4.1.71.Final skips control chars when they are present at the beginning / end of the header name. It should instead fail fa...

Design/Logic Flaw

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. Netty prior to version 4.1.71.Final skips control chars when they are present at the beginning / end of the header name. It should instead fail fa...

CVE-2021-43797

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. Netty prior to version 4.1.71.Final skips control chars when they are present at the beginning / end of the header name. It should instead fail fa...

[SECURITY] Fedora 33 Update: netty-4.1.51-1.fc33

Netty is a NIO client server framework which enables quick and easy development of network applications such as protocol servers and clients. It greatly simplifies and streamlines network programming such as TCP and UDP socket server. 'Quick and easy' doesn't mean that a resulting application wil...

[SECURITY] Fedora 21 Update: netty-4.0.28-1.fc21

Netty is a NIO client server framework which enables quick and easy development of network applications such as protocol servers and clients. It greatly simplifies and streamlines network programming such as TCP and UDP socket server. 'Quick and easy' doesn't mean that a resulting application wil...