38 matches found
EUVD-2026-28854
FastGPT is an AI Agent building platform. In versions 4.14.11 and prior, FastGPT's isInternalAddress function in packages/service/common/system/utils.ts is vulnerable to DNS rebinding TOCTOU — Time-of-Check to Time-of-Use. The function resolves the hostname via dns.resolve4/dns.resolve6 and check...
FastGPT 安全漏洞
FastGPT is an open-source knowledge base question-answering system based on large language models developed by Labring. Versions of FastGPT 4.14.11 and earlier contain security vulnerabilities. These vulnerabilities stem from a DNS rebinding vulnerability in the isInternalAddress function, which...
DNS Rebinding
MCP Java SDK is vulnerable to DNS Rebinding. The vulnerability is due to lack of Origin Validation, allowing a malicious website to bypass same-origin restrictions and access a local or network-private MCP server via the victim’s browser, enabling unauthorized tool invocation...
CVE-2026-35568
MCP Java SDK is the official Java SDK for Model Context Protocol servers and clients. Prior to 1.0.0, the java-sdk contains a DNS rebinding vulnerability. This vulnerability allows an attacker to access a locally or network-private java-sdk MCP server via a victims browser that is either local, o...
CVE-2026-35568
The CVE-2026-35568 entry corresponds to a DNS rebinding vulnerability in the MCP Java SDK (official Java SDK for Model Context Protocol servers/clients). Prior to version 1.0.0, the java-sdk did not validate the Origin header, enabling an attacker-controlled webpage on local or adjacent networks ...
SUSE CVE-2026-30858
WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.3.0, a DNS rebinding vulnerability in the webfetch tool allows an unauthenticated attacker to bypass URL validation and access internal resources on the server, including privat...
PT-2026-25507
I found an SSRF vulnerability bypass via DNS rebinding in simstudioai/sim a project with 25k+ stars on GitHub CVE-2025-69660. Full write-up: https://t.co/eU3wf4d4Rd security websecurity appsec cve bugbounty...
CVE-2025-14279
The CVE details a DNS rebinding vulnerability in MLflow up to version 3.4.0 caused by lack of Origin header validation in the MLflow REST server. The issue allows an attacker to bypass Same-Origin Policy and issue unauthorized requests to REST endpoints, enabling querying, updating, and deleting ...
CVE-2020-24375
A DNS rebinding vulnerability in the UPnP MediaServer implementation in Freebox Server before 4.2.3...
CVE-2020-24376
A DNS rebinding vulnerability in the UPnP IGD implementations in Freebox v5 before 1.5.29 and Freebox Server before 4.2.3...
CVE-2025-64443 DNS Rebinding vulnerability present when running MCP Gateway in sse or streaming mode
MCP Gateway allows easy and secure running and deployment of MCP servers. In versions 0.27.0 and earlier, when MCP Gateway runs in sse or streaming transport mode, it is vulnerable to DNS rebinding. An attacker who can get a victim to visit a malicious website or be served a malicious advertiseme...
DNS Rebinding
Neo4j Cypher MCP is vulnerable to DNS Rebinding. The vulnerability is due to the MCP server trusting requests from rebinding hostnames, and attackers can lure users to a malicious website that rebinding succeeds on to bypass Same-Origin Policy and invoke tools against local Neo4j instances...
EUVD-2019-9115
Malware in sbrugna...
EUVD-2020-17107
Malware in sbrugna...
EUVD-2020-17106
Malware in sbrugna...
EUVD-2020-17108
Malware in sbrugna...
EUVD-2020-17109
Malware in sbrugna...
EUVD-2022-15567
Malicious code in bioql PyPI...
EUVD-2024-51930
Malicious code in bioql PyPI...
EUVD-2022-1226
Malicious code in bioql PyPI...