Lucene search
K

30 matches found

NVD
NVD
added last week8 views

CVE-2026-55605

DeepSeek MCP Server is an MCP server for DeepSeek V4. Starting in version 1.4.2 and prior to version 1.8.0, the self-hosted HTTP transport of @arikusi/deepseek-mcp-server exposes POST /mcp without any authentication: createMcpExpressApp is called without an authProvider and no middleware guards t...

5.3CVSS0.00429EPSS
Exploits0References3
OSV
OSV
added last week3 views

CVE-2026-55605 @arikusi/deepseek-mcp-server Missing Authentication on Self-Hosted HTTP MCP Endpoint

DeepSeek MCP Server is an MCP server for DeepSeek V4. Starting in version 1.4.2 and prior to version 1.8.0, the self-hosted HTTP transport of @arikusi/deepseek-mcp-server exposes POST /mcp without any authentication: createMcpExpressApp is called without an authProvider and no middleware guards t...

5.3CVSS6AI score0.00429EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added last week6 views

CVE-2026-55605

DeepSeek MCP Server is an MCP server for DeepSeek V4. Starting in version 1.4.2 and prior to version 1.8.0, the self-hosted HTTP transport of @arikusi/deepseek-mcp-server exposes POST /mcp without any authentication: createMcpExpressApp is called without an authProvider and no middleware guards t...

5.3CVSS5.9AI score0.00429EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added last week32 views

CVE-2026-55605 @arikusi/deepseek-mcp-server Missing Authentication on Self-Hosted HTTP MCP Endpoint

DeepSeek MCP Server is an MCP server for DeepSeek V4. Starting in version 1.4.2 and prior to version 1.8.0, the self-hosted HTTP transport of @arikusi/deepseek-mcp-server exposes POST /mcp without any authentication: createMcpExpressApp is called without an authProvider and no middleware guards t...

5.3CVSS0.00429EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/23 3:36 p.m.6 views

CVE-2026-54309

n8n is an open source workflow automation platform. Prior to 2.25.7 and 2.26.2, when @n8n/mcp-browser is run in HTTP transport mode, the MCP endpoint accepts session initialization and tool invocation requests without any authentication. Any network-reachable client, or any website visited by the...

8.8CVSS5.9AI score0.00403EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/06/23 3:36 p.m.41 views

CVE-2026-54309

CVE-2026-54309 affects n8n when using the MCP Browser extension in HTTP transport mode. The MCP endpoint accepts unauthenticated session initialization and tool invocation requests, enabling network-reachable clients (or websites visited by the user) to establish an MCP session and invoke browser...

10CVSS5.9AI score0.00403EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.28 views

PT-2026-50175

Name of the Vulnerable Software and Affected Versions n8n versions prior to 2.25.7 n8n versions prior to 2.26.2 Description When @n8n/mcp-browser is operated in HTTP transport mode using the --transport http flag, the MCP endpoint allows session initialization and tool invocation requests without...

10CVSS5.9AI score0.00403EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/06/12 6:44 p.m.38 views

CVE-2026-50287 Missing Authentication for Critical Function in @agenticmail/mcp

AgenticMail gives AI agents real email addresses and phone numbers. Prior to version 0.9.27, @agenticmail/mcp exposes a Streamable HTTP transport when started with --http or MCPHTTP=1. In that mode, the /mcp endpoint accepts requests without any HTTP authentication layer. A remote client can...

8.7CVSS0.00359EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/20 6:31 a.m.12 views

CVE-2026-33145

A flaw was found in xrdp. An authenticated remote user can exploit this vulnerability due to the unsafe handling of the AlternateShell parameter in xrdp-sesman. When the AllowAlternateShell setting is enabled, xrdp executes client-supplied AlternateShell values via /bin/sh -c during session...

6.3CVSS6.1AI score0.00356EPSS
Exploits0References2
OSV
OSV
added 2026/04/17 9:16 p.m.11 views

DEBIAN-CVE-2026-33145

xrdp is an open source RDP server. Versions through 0.10.5 allow an authenticated remote user to execute arbitrary commands on the server due to unsafe handling of the AlternateShell parameter in xrdp-sesman. When the AllowAlternateShell setting is enabled which is the default when not explicitly...

6.3CVSS6.3AI score0.00356EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/04/17 8:14 p.m.7 views

CVE-2026-33145

xrdp is an open source RDP server. Versions through 0.10.5 allow an authenticated remote user to execute arbitrary commands on the server due to unsafe handling of the AlternateShell parameter in xrdp-sesman. When the AllowAlternateShell setting is enabled which is the default when not explicitly...

6.3CVSS6.2AI score0.00356EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2026/04/17 8:14 p.m.3 views

CVE-2026-33145 xrdp: Authenticated RCE via unsanitized AlternateShell execution in xrdp-sesman

xrdp is an open source RDP server. Versions through 0.10.5 allow an authenticated remote user to execute arbitrary commands on the server due to unsafe handling of the AlternateShell parameter in xrdp-sesman. When the AllowAlternateShell setting is enabled which is the default when not explicitly...

6.3CVSS6.2AI score0.00356EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/17 8:14 p.m.8 views

CVE-2026-33145

xrdp is an open source RDP server. Versions through 0.10.5 allow an authenticated remote user to execute arbitrary commands on the server due to unsafe handling of the AlternateShell parameter in xrdp-sesman. When the AllowAlternateShell setting is enabled which is the default when not explicitly...

6.3CVSS6.2AI score0.00356EPSS
Exploits0References3Affected Software1
AlpineLinux
AlpineLinux
added 2026/04/17 8:14 p.m.9 views

CVE-2026-33145

xrdp is an open source RDP server. Versions through 0.10.5 allow an authenticated remote user to execute arbitrary commands on the server due to unsafe handling of the AlternateShell parameter in xrdp-sesman. When the AllowAlternateShell setting is enabled which is the default when not explicitly...

6.3CVSS6.3AI score0.00356EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2026/02/05 3:8 p.m.14 views

kernel: libceph: fix potential use-after-free in have_mon_and_osd_map()

A use-after-free vulnerability was found in the Ceph client session initialization in the Linux kernel. The havemonandosdmap function checks map epochs without holding the appropriate locks, racing with concurrent map updates that free the old map. This can result in dereferencing freed memory...

5.8AI score0.00179EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/01/19 12:45 a.m.12 views

kernel: libceph: fix potential use-after-free in have_mon_and_osd_map()

A use-after-free vulnerability was found in the Ceph client session initialization in the Linux kernel. The havemonandosdmap function checks map epochs without holding the appropriate locks, racing with concurrent map updates that free the old map. This can result in dereferencing freed memory...

5.8AI score0.00179EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/01/14 12:17 a.m.10 views

kernel: libceph: fix potential use-after-free in have_mon_and_osd_map()

A use-after-free vulnerability was found in the Ceph client session initialization in the Linux kernel. The havemonandosdmap function checks map epochs without holding the appropriate locks, racing with concurrent map updates that free the old map. This can result in dereferencing freed memory...

5.8AI score0.00179EPSS
Exploits0References5
OSV
OSV
added 2025/10/09 4:15 p.m.9 views

CVE-2025-52960

A Buffer Copy without Checking Size of Input vulnerability in the Session Initialization Protocol SIP ALG of Juniper Networks Junos OS on MX Series and SRX Series allows an unauthenticated, network-based attacker to cause a Denial of Service DoS. When memory utilization is high, and specific...

8.2CVSS5.8AI score0.00309EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/10/09 12:0 a.m.6 views

Juniper Networks Junos OS SRX和Juniper Networks Junos OS MX 安全漏洞

Juniper Networks Junos OS is a Juniper Networks USA network operating system dedicated to the company's hardware devices. The operating system provides a secure programming interface and the Junos SDK. A security vulnerability exists in Juniper Networks Junos OS on SRX Series and MX Series versio...

8.2CVSS6.2AI score0.00309EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2017-16005

Malware in sbrugna...

7.5CVSS8.3AI score0.01177EPSS
Exploits0References6
Rows per page
Query Builder