Lucene search
K

44 matches found

EUVD
EUVD
added 2026/07/02 8:39 p.m.7 views

EUVD-2026-41438

fast-mcp-telegram is a Telegram MCP Server. Prior to 0.19.1, fast-mcp-telegram validates HTTP Bearer tokens by joining the raw token string into a session-file path. The verifier rejects the exact reserved token telegram, but it does not reject path separators or normalize the path before checkin...

9.4CVSS5.8AI score0.00423EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/07/02 8:38 p.m.15 views

fast-mcp-telegram: Bearer token path traversal bypasses reserved Telegram session protection

Summary fast-mcp-telegram validates HTTP Bearer tokens by joining the raw token string into a session-file path. The verifier rejects the exact reserved token telegram, but it does not reject path separators or normalize the path before checking whether the session file exists. A remote HTTP clie...

9.4CVSS6.1AI score0.00423EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/07/02 8:38 p.m.6 views

GHSA-RXW2-PC8J-VXWM fast-mcp-telegram: Bearer token path traversal bypasses reserved Telegram session protection

Summary fast-mcp-telegram validates HTTP Bearer tokens by joining the raw token string into a session-file path. The verifier rejects the exact reserved token telegram, but it does not reject path separators or normalize the path before checking whether the session file exists. A remote HTTP clie...

9.4CVSS6.1AI score0.00423EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/02 8:38 p.m.5 views

Improper Authentication

Overview fast-mcp-telegram is a Multi-tenant Telegram gateway for AI agents — HTTP+stdio transport, 8 agent-optimized tools, MTProto User API Affected versions of this package are vulnerable to Improper Authentication via the SessionFileTokenVerifier.verifytoken process. An attacker can gain...

9.4CVSS6AI score0.00423EPSS
Exploits0References3
Circl
Circl
added 2026/04/14 5:17 a.m.8 views

GHSA-VC46-VW85-3WVM

creationtimestamp| type| source ---|---|--- 2026-04-14 05:17:42+00:00| seen| Telegram/EXit4BCARRaTXD4SBLqO-yd3UPNB5jBijYowsPR2aTE5HY...

4.8AI score
Exploits0
OSV
OSV
added 2026/03/23 3:38 p.m.15 views

MAL-2026-2118 Malicious code in hash-utils-py (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 4177b7c46ecbfa35116b35a2a491107d0514cd6551a447b7213ef6e097172939 During importing the module, the code attempts to exfiltrate sensitive Telegram's client session files. --- Category: MALICIOUS - The campaign has clearly...

5.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/02/27 7:50 p.m.13 views

Malicious code in hashtools32 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 689514b83cd6496b0a4213d26325e73cd2c4f0e19128b969d19797bcdd4b131d During import, the package attempts to exfiltrate sensitive Telegram session files --- Category: MALICIOUS - The campaign has clearly malicious intent, like...

6AI score
Exploits0References1
OSV
OSV
added 2026/02/27 7:50 p.m.7 views

MAL-2026-1080 Malicious code in hashtools32 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 689514b83cd6496b0a4213d26325e73cd2c4f0e19128b969d19797bcdd4b131d During import, the package attempts to exfiltrate sensitive Telegram session files --- Category: MALICIOUS - The campaign has clearly malicious intent, like...

6AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/12/29 10:4 a.m.9 views

Malicious code in smtmlib (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 e871336d0effe99cb62efeda3a287186e75c1bd4ca5770efd81718db8ababe4e Malicious copy of a standard library module that during class initialization downloads and executes remote code and after that attempts to cover its tracks by...

7.6AI score
Exploits0References2
Circl
Circl
added 2025/10/08 12:9 p.m.7 views

CVE-2025-10222

creationtimestamp| type| source ---|---|--- 2025-10-08 12:09:36+00:00| seen| Telegram/XF-4RgrKKfVldXNJULEUgMw60CodFE4RqOqC6guHTsufE...

4.8CVSS4.8AI score0.00113EPSS
Exploits0
Circl
Circl
added 2025/07/08 6:16 p.m.7 views

CVE-2025-4663

creationtimestamp| type| source ---|---|--- 2025-07-08 18:16:34+00:00| seen| Telegram/xvJ0nm8kAySasnE4IS1nozIJK8-iqMVzd1BRmLAGEDQ-yU...

6.8CVSS4.8AI score0.00302EPSS
Exploits0
Circl
Circl
added 2025/02/20 11:26 p.m.7 views

CVE-2024-2938

creationtimestamp| type| source ---|---|--- 2025-02-20 23:26:56+00:00| seen| Telegram/2shBV1KxAbgFNuLla09vy-7QSsd0tuslK717i9uBrscYJJdR...

6.5CVSS4.8AI score0.00572EPSS
Exploits1
Circl
Circl
added 2024/09/15 11:45 a.m.8 views

CVE-2024-44057

creationtimestamp| type| source ---|---|--- 2024-09-15 11:45:32+00:00| seen| https://t.me/cvedetector/5692...

6.5CVSS4.8AI score0.00281EPSS
Exploits0References1
OSV
OSV
added 2024/08/29 10:57 a.m.9 views

MAL-2024-9264 Malicious code in crustyhttp (PyPI)

Base64-encoded commands are executed from init.py, which exfiltrate Telegram session data. --- -= Per source details. Do not edit below this line.=- Source: kam193 806b071147126057a7de9b570f85f694ad06923e4d580ddd5274731b5343f556 In the invokehttp, the init.py contains obfuscated code attempting t...

7.3AI score
Exploits0References3
Circl
Circl
added 2024/08/22 7:23 p.m.7 views

CVE-2024-7110

creationtimestamp| type| source ---|---|--- 2024-08-22 19:23:00+00:00| seen| https://t.me/cvedetector/3924...

6.4CVSS4.8AI score0.00338EPSS
Exploits0References1
Circl
Circl
added 2024/07/30 11:16 p.m.8 views

CVE-2024-39012

creationtimestamp| type| source ---|---|--- 2024-07-30 23:16:23+00:00| seen| https://t.me/cvedetector/2068...

9.8CVSS4.8AI score0.00973EPSS
Exploits1References1
Circl
Circl
added 2024/07/24 11:20 p.m.6 views

CVE-2024-33519

creationtimestamp| type| source ---|---|--- 2024-07-24 23:20:36+00:00| seen| https://t.me/cvedetector/1599...

7.2CVSS4.8AI score0.00702EPSS
Exploits0References1
Circl
Circl
added 2024/03/10 2:11 p.m.8 views

CVE-2019-19580

creationtimestamp| type| source ---|---|--- 2024-03-10 14:11:53+00:00| seen| https://t.me/ctinow/204258...

6.6CVSS6.7AI score0.01187EPSS
Exploits0References1
Circl
Circl
added 2024/03/06 11:12 a.m.7 views

CVE-2023-27308

creationtimestamp| type| source ---|---|--- 2024-03-06 11:12:00+00:00| seen| https://t.me/ctinow/201205...

4.6CVSS4.6AI score0.00207EPSS
Exploits0References1
Circl
Circl
added 2024/03/05 6:27 p.m.8 views

CVE-2024-27561

creationtimestamp| type| source ---|---|--- 2024-03-05 18:27:05+00:00| seen| https://t.me/ctinow/200545 2024-03-05 18:27:12+00:00| seen| https://t.me/ctinow/200551...

9.1CVSS4.8AI score0.00585EPSS
Exploits1References2
Rows per page
Query Builder