10 matches found
EUVD-2026-36650
The Model Context Protocol has a security warning advising servers to validate the "Origin" header on all incoming connections to prevent DNS rebinding attacks. Prior to the v0.25.0 release, users had no way to validate the origin's host. In v0.25.0, a new "--allowed-hosts" flag was introduced...
CVE-2026-11624
The Model Context Protocol has a security warning advising servers to validate the "Origin" header on all incoming connections to prevent DNS rebinding attacks. Prior to the v0.25.0 release, users had no way to validate the origin's host. In v0.25.0, a new "--allowed-hosts" flag was introduced...
CVE-2026-11624
The Model Context Protocol has a security warning advising servers to validate the "Origin" header on all incoming connections to prevent DNS rebinding attacks. Prior to the v0.25.0 release, users had no way to validate the origin's host. In v0.25.0, a new "--allowed-hosts" flag was introduced...
PT-2026-49089
Name of the Vulnerable Software and Affected Versions Model Context Protocol versions prior to 0.25.0 Description Servers fail to validate the "Origin" header on incoming connections, which may allow DNS rebinding attacks. DNS rebinding is a method of bypassing the Same-Origin Policy to interact...
GHSA-Q926-C743-49QJ Centrifugo's InsecureSkipTokenSignatureVerify flag silently disables JWT verification with no warning
Summary Centrifugo supports a configuration flag insecureskiptokensignatureverify that completely disables JWT signature verification. When enabled, Centrifugo accepts any JWT token regardless of signature validity — including tokens signed with wrong keys, random signatures, or no signature at...
Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989909)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989909 advisory. In the Linux kernel, the following vulnerability has been resolved: MIPS: smp: fill in sibling and core maps earlier After enabling CONFIGSCHEDCORE landed during 5.1...
Unity Linux 20.1070e Security Update: kernel (UTSA-2025-986583)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-986583 advisory. In the Linux kernel, the following vulnerability has been resolved: MIPS: smp: fill in sibling and core maps earlier After enabling CONFIGSCHEDCORE landed during 5.1...
EUVD-2025-29501
Malicious code in bioql PyPI...
GHSA-PH6W-F82W-28W6 Claude Code Vulnerable to Arbitrary Code Execution Due to Insufficient Startup Warning
When Claude Code was started in a new directory, it displayed a warning asking, "Do you trust the files in this folder?". This warning did not properly document that selecting "Yes, proceed" would allow Claude Code to execute files in the folder without additional confirmation. This may not have...
Claude Code Vulnerable to Arbitrary Code Execution Due to Insufficient Startup Warning
When Claude Code was started in a new directory, it displayed a warning asking, "Do you trust the files in this folder?". This warning did not properly document that selecting "Yes, proceed" would allow Claude Code to execute files in the folder without additional confirmation. This may not have...