DNS Rebinding

Overview Affected versions of this package are vulnerable to DNS Rebinding due to insufficient validation of the Host and Origin headers. An attacker can gain unauthorized access to sensitive data by luring a victim to a malicious website, enabling the attacker to read information from the report...

CVE-2025-59155

hackmd-mcp is a Model Context Protocol server for integrating HackMD's note-taking platform with AI assistants. From 1.4.0 to before 1.5.0, hackmd-mcp contains a server-side request forgery SSRF vulnerability when the server is run in HTTP transport mode. Arbitrary hackmdApiUrl values supplied vi...

CVE-2025-59155 hackmd-mcp server-side request forgery in HTTP transport mode

hackmd-mcp is a Model Context Protocol server for integrating HackMD's note-taking platform with AI assistants. From 1.4.0 to before 1.5.0, hackmd-mcp contains a server-side request forgery SSRF vulnerability when the server is run in HTTP transport mode. Arbitrary hackmdApiUrl values supplied vi...

Neo4j Cypher MCP server is vulnerable to DNS rebinding

Impact DNS rebinding vulnerability in Neo4j Cypher MCP server allows malicious websites to bypass Same-Origin Policy protections and execute unauthorised tool invocations against locally running Neo4j MCP instances. The attack relies on the user being enticed to visit a malicious website and spen...

GHSA-VCQX-V2MG-7CHX Neo4j Cypher MCP server is vulnerable to DNS rebinding

Impact DNS rebinding vulnerability in Neo4j Cypher MCP server allows malicious websites to bypass Same-Origin Policy protections and execute unauthorised tool invocations against locally running Neo4j MCP instances. The attack relies on the user being enticed to visit a malicious website and spen...

Linux Distros Unpatched Vulnerability : CVE-2022-35107

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - SWFTools commit 772e55a2 was discovered to contain a stack overflow via vfprintf at /stdio- common/vfprintf.c. CVE-2022-35107 Note that Nessus relies on the...

Command Injection

Overview @akoskm/create-mcp-server-stdio is a MCP Server Starter kit using the StdioServerTransport Affected versions of this package are vulnerable to Command Injection via the which-app-on-port tool, which executes exec on user input. An attacker can execute arbitrary commands on the host syste...

vul-37

AgentUniverse MCP Command Injection Vulnerability Report S...

CVE-2023-5941

In versions of FreeBSD 12.4-RELEASE prior to 12.4-RELEASE-p7 and FreeBSD 13.2-RELEASE prior to 13.2-RELEASE-p5 the sflush stdio function in libc does not correctly update FILE objects' write space members for write-buffered streams when the write2 system call returns an error. Depending on the...

Malicious code in node-elm-stdio (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 009716aab1cfd479b733ac360984c2ede681513ace927b45f6b7f8a65c9bb92b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-10855 Malicious code in node-elm-stdio (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 009716aab1cfd479b733ac360984c2ede681513ace927b45f6b7f8a65c9bb92b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2023-5941

In versions of FreeBSD 12.4-RELEASE prior to 12.4-RELEASE-p7 and FreeBSD 13.2-RELEASE prior to 13.2-RELEASE-p5 the sflush stdio function in libc does not correctly update FILE objects' write space members for write-buffered streams when the write2 system call returns an error. Depending on the...

CVE-2023-5941

CVE-2023-5941 affects FreeBSD: libc stdio __sflush() may heap-buffer overflow on write(2) errors for line-buffered streams, impacting 12.4-RELEASE before 12.4-p7 and 13.2-RELEASE before 13.2-p5. Consequence is data corruption or arbitrary code execution at the attacker’s privileges depending on a...

FreeBSD-SA-23:15.stdio

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-23:15.libc Security Advisory The FreeBSD Project Topic: libc stdio buffer overflow Category: core Module: libc Announced: 2023-11-07 Credits: inooo All supporte...

FreeBSD -- libc stdio buffer overflow

Problem Description: For line-buffered streams the sflush function did not correctly update the FILE object's write space member when the write2 system call returns an error. Impact: Depending on the nature of an application that calls libc's stdio functions and the presence of errors returned fr...

SUSE CVE-2014-1876

The unpacker::redirectstdio function in unpack.cpp in unpack200 in OpenJDK 6, 7, and 8; Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 does not securely create temporary files when a log file cannot be opened, which allows local users to overwrite...

SUSE CVE-2019-12217

An issue was discovered in libSDL2.a in Simple DirectMedia Layer SDL 2.0.9 when used in conjunction with libSDL2image.a in SDL2image 2.0.4. There is a NULL pointer dereference in the SDL stdioread function in file/SDLrwops.c...

CVE-2022-35107

SWFTools commit 772e55a2 was discovered to contain a stack overflow via vfprintf at /stdio-common/vfprintf.c...

SWFTools 安全漏洞

SWFTools is a set of utilities for working with Adobe Flash files SWF files from the individual developer Matthias Kramm. A security vulnerability exists in SWFTools, which stems from a stack overflow in vfprintf in the /stdio-common/vfprintf.c file...

ALPINE-CVE-2019-12217

An issue was discovered in libSDL2.a in Simple DirectMedia Layer SDL 2.0.9 when used in conjunction with libSDL2image.a in SDL2image 2.0.4. There is a NULL pointer dereference in the SDL stdioread function in file/SDLrwops.c...