CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

129 matches found

NVD•added 2026/06/13 10:16 a.m.•11 views

CVE-2026-11624

The Model Context Protocol has a security warning advising servers to validate the "Origin" header on all incoming connections to prevent DNS rebinding attacks. Prior to the v0.25.0 release, users had no way to validate the origin's host. In v0.25.0, a new "--allowed-hosts" flag was introduced...

9.4CVSS0.00222EPSS

Exploits0References2

Tenable Nessus•added 2026/06/13 12:0 a.m.•5 views

Linux Distros Unpatched Vulnerability : CVE-2025-15104

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Nu Html Checker validator.nu contains a restriction bypass that allows remote attackers to make the server perform arbitrary HTTP/HTTPS requests to internal...

6.9CVSS5.7AI score0.00425EPSS

Exploits1References2

CNNVD•added 2026/05/29 12:0 a.m.•6 views

WWBN AVideo 代码问题漏洞

WWBN AVideo is a video platform building system developed by the WWBN team using PHP. Versions of WWBN AVideo prior to 29.0 contained code vulnerabilities. These vulnerabilities stemmed from the lack of using the $resolvedIP output parameter from functions like EpgParser.php and...

6.5CVSS5.9AI score0.00136EPSS

Exploits0References1

ATTACKERKB•added 2026/05/14 2:24 p.m.•7 views

CVE-2026-42559

RMCP is an official Rust SDK for the Model Context Protocol. Prior to version 1.4.0, the rmcp crate's Streamable HTTP server transport crates/rmcp/src/transport/streamablehttpserver/ did not validate the incoming Host header. This allowed a malicious public website, via a DNS rebinding attack, to...

8.8CVSS5.8AI score0.00213EPSS

Exploits0References6Affected Software1

RedhatCVE•added 2026/05/11 8:26 p.m.•6 views

CVE-2026-42344

FastGPT is an AI Agent building platform. In versions 4.14.11 and prior, FastGPT's isInternalAddress function in packages/service/common/system/utils.ts is vulnerable to DNS rebinding TOCTOU — Time-of-Check to Time-of-Use. The function resolves the hostname via dns.resolve4/dns.resolve6 and check...

6.3CVSS5.8AI score0.00148EPSS

Exploits0References1

CNVD•added 2026/04/08 12:0 a.m.•2 views

OpenClaw has an unspecified vulnerability (CNVD-2026-16699)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw has a security vulnerability that can be exploited by an attacker to rebind the tool root path between validation and final write...

6.2CVSS5.7AI score0.00087EPSS

Exploits0

CNNVD•added 2026/03/19 12:0 a.m.•4 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.1 contained security vulnerabilities. These vulnerabilities stemmed from the failure to properly secure the executable identity of argv0 tokens that were not path-related, which...

6.7CVSS5.8AI score0.00091EPSS

Exploits0References2

Positive Technologies•added 2026/03/18 12:0 a.m.•5 views

PT-2026-26074

Name of the Vulnerable Software and Affected Versions Jenkins versions 2.442 through 2.554 Jenkins LTS versions 2.426.3 through 2.541.2 Description The software does not properly validate the origin of requests made through the CLI WebSocket endpoint. It calculates the expected origin using the...

7.6CVSS6AI score0.00297EPSS

Exploits0References16

Snyk•added 2026/01/07 4:55 a.m.•4 views

Exposed Dangerous Method or Function

Overview playwright is an A high-level API to automate web browsers Affected versions of this package are vulnerable to Exposed Dangerous Method or Function via missing validation of the Origin header on incoming connections. An attacker can gain unauthorized access to locally running endpoints b...

8.8CVSS6.8AI score0.00844EPSS

Exploits0References2

Positive Technologies•added 2026/01/07 12:0 a.m.•6 views

PT-2026-1558

Name of the Vulnerable Software and Affected Versions Microsoft Playwright MCP Server versions prior to 0.0.40 Description The software does not properly validate the Origin header on incoming connections. This allows an attacker to perform a DNS rebinding attack via a victim’s web browser and se...

7.2CVSS6.5AI score0.00844EPSS

Exploits0References6

CVE•added 2025/12/09 6:48 p.m.•16 views

CVE-2025-9614

CVE-2025-9614 is part of PCIe IDE vulnerabilities described in multiple sources (PCI-SIG/PCIe IDE spec). The issue: insufficient guidance on re-keying/stream flushing during device rebinding can allow stale writes from one security context to be processed in a new one, compromising confidentialit...

6.5CVSS6.6AI score0.00118EPSS

Exploits0References2Affected Software1

CNNVD•added 2025/10/30 12:0 a.m.•2 views

Liferay Portal和Liferay DXP 安全漏洞

Liferay Portal and Liferay DXP are both products of Liferay, Inc.Liferay Portal is a J2EE based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP...

6.9CVSS6.5AI score0.00369EPSS

Exploits0References1

OSV•added 2025/10/23 4:25 p.m.•2 views

GO-2025-3991 Coder AgentAPI exposed user chat history via a DNS rebinding attack in github.com/coder/agentapi

Coder AgentAPI exposed user chat history via a DNS rebinding attack in github.com/coder/agentapi...

6.5CVSS6.9AI score0.00388EPSS

Exploits1References7

CERT•added 2025/10/17 12:0 a.m.•5 views

DNS Rebinding and Manipulating CORS Headers Enables Exfiltration of Information

Overview A vulnerability in cross-origin resource sharing CORS headers in Chromium, Google Chrome, Microsoft Edge, Safari, and Firefox enables the CORS policy to be manipulated. Combined with a DNS rebind, an attacker can send arbitrary requests to services listening on arbitrary ports regardless...

8.1CVSS6.1AI score0.0042EPSS

Exploits0References4