CVE-2026-26118 Azure MCP Server Tools Elevation of Privilege Vulnerability

...

CVE-2026-26118

CVE-2026-26118 – Azure MCP Server Tools SSRF allows an authorized attacker to elevate privileges. Affected component: MCP Server Tools. Root cause: server-side request forgery enabling elevation of privilege with network access. CVSSv3.1 base score 8.8 (High); Vector: Network; Privileges required...

CVE-2026-26118 Azure MCP Server Tools Elevation of Privilege Vulnerability

...

RLSA-2026:3938 Moderate: nfs-utils security update

The nfs-utils packages provide a daemon for the kernel Network File System NFS server and related tools, which provides better performance than the traditional Linux NFS server used by most users. These packages also contain the mount.nfs, umount.nfs, and showmount programs. Security Fixes:...

Microsoft Azure MCP Server Tools 代码问题漏洞

Microsoft Azure MCP Server Tools is a model context protocol of the American company Microsoft. It supports various tools, languages, and frameworks, enabling the construction and deployment of applications on Azure. There are code-related vulnerabilities in Microsoft Azure MCP Server Tools...

KLA90924 Multiple vulnerabilities in Microsoft Azure

Multiple vulnerabilities were found in Microsoft Azure. Malicious users can exploit these vulnerabilities to spoof user interface, bypass security restrictions, gain privileges, obtain sensitive information. Below is a complete list of vulnerabilities: 1. A spoofing vulnerability in Azure IOT...

Moderate: nfs-utils security update

The nfs-utils packages provide a daemon for the kernel Network File System NFS server and related tools, which provides better performance than the traditional Linux NFS server used by most users. These packages also contain the mount.nfs, umount.nfs, and showmount programs. Security Fixes:...

[SECURITY] Fedora 43 Update: bind9-next-9.21.17-1.fc43

BIND Berkeley Internet Name Domain is an implementation of the DNS Domain Name System protocols. BIND includes a DNS server named, which resolves host names to IP addresses; a resolver library routines for applications to use when interfacing with DNS; and tools for verifying that the DNS server ...

Microsoft Playwright MCP Server vulnerable to DNS Rebinding Attack; Allows Attackers Access to All Server Tools

Microsoft Playwright MCP Server versions prior to 0.0.40 fails to validate the Origin header on incoming connections. This allows an attacker to perform a DNS rebinding attack via a victim’s web browser and send unauthorized requests to a locally running MCP server, resulting in unintended...

EUVD-2026-1179

Microsoft Playwright MCP Server versions prior to 0.0.40 fails to validate the Origin header on incoming connections. This allows an attacker to perform a DNS rebinding attack via a victim’s web browser and send unauthorized requests to a locally running MCP server, resulting in unintended...

EUVD-2006-0091

Malware in sbrugna...

EUVD-2002-0434

Malware in sbrugna...

GHSA-VF9J-H32G-2764 mcp-package-docs vulnerable to command injection in several tools

Summary A command injection vulnerability exists in the mcp-package-docs MCP Server. The vulnerability is caused by the unsanitized use of input parameters within a call to childprocess.exec, enabling an attacker to inject arbitrary system commands. Successful exploitation can lead to remote code...

The Isle Evrima Server Tools 安全漏洞

The Isle Evrima Server Tools are working server configurations and scripts for Isle Evrima. A security vulnerability exists in The Isle Evrima Server Tools version 0.9.88.07, which stems from a buffer overflow in the FTcpListener thread, allowing remote attackers to crash any server with an...

Fedora: Security Advisory for eclipse-webtools (FEDORA-2020-cf8ef2f333)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Security Bulletin: Vulnerability in RC4 stream cipher affects various Optim data server tools desktop products (CVE-2015-2808)

Summary The RC4 “Bar Mitzvah” Attack for SSL/TLS affects various Optim data server tools desktop products. Vulnerability Details CVEID: CVE-2015-2808 DESCRIPTION: The RC4 algorithm, as used in the TLS protocol and SSL protocol, could allow a remote attacker to obtain sensitive information. An...

DAws - Advanced Web Shell (Windows/Linux)

There's multiple things that makes DAws better than every Web Shell out there: 1. Bypasses Disablers; DAws isn't just about using a particular function to get the job done, it uses up to 6 functions if needed, for example, if shellexec was disabled it would automatically use exec or passthru or...

[SECURITY] Fedora 19 Update: bind-9.9.3-5.P2.fc19

BIND Berkeley Internet Name Domain is an implementation of the DNS Domain Name System protocols. BIND includes a DNS server named, which resolves host names to IP addresses; a resolver library routines for applications to use when interfacing with DNS; and tools for verifying that the DNS server ...

FlexNet License Server Manager lmgrd Buffer Overflow

This module exploits a vulnerability in the FlexNet License Server Manager. The vulnerability is due to the insecure usage of memcpy in the lmgrd service when handling network packets, which results in a stack buffer overflow. In order to improve reliability, this module will make lots of...

DeluxeBB 1.3 - Multiple Vulnerabilities

DeluxeBB 1.3 - Multiple Vulnerabilities Author: cp77fk4r | Empty0pagEShift+2gmail.com Vendor: http://www.deluxebb.com Directory Listing http://server/templates/ http://server/images/ http://server/logs/ http://server/wysiwyg/ http://server/docs/ http://server/classes http://server/lang...