2 matches found
MCP Ruby SDK - Insufficient Session Binding Allows SSE Stream Hijacking via Session ID Replay
Summary The Ruby SDK's streamablehttptransport.rb implementation contains a session hijacking vulnerability. An attacker who obtains a valid session ID can completely hijack the victim's Server-Sent Events SSE stream and intercept all real-time data. Details Root Cause The StreamableHTTPTransport...
Blackmagic Design Web Presenter HD 安全漏洞
Blackmagic Design Web Presenter HD is a live video streaming appliance from Blackmagic Design, USA. A security vulnerability exists in Blackmagic Design Web Presenter HD version 3.3 that originates from an unauthenticated Telnet service exposing sensitive information, which could lead to live...