Lucene search
K

761 matches found

NVD
NVD
added 2026/05/27 11:16 p.m.21 views

CVE-2026-9739

Vulnerable to DNS rebinding attacks when using SSE http://b/499408790. During the beta phase, we implemented allowed-origins and allowed-hosts flags to align with MCP security guidelines. However, the hardcoded Access-Control-Allow-Origin: header in the SSE initialization handler was inadvertentl...

9.4CVSS0.00279EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/27 9:38 p.m.10 views

CVE-2026-9739

Vulnerable to DNS rebinding attacks when using SSE http://b/499408790. During the beta phase, we implemented allowed-origins and allowed-hosts flags to align with MCP security guidelines. However, the hardcoded Access-Control-Allow-Origin: header in the SSE initialization handler was inadvertentl...

9.4CVSS5.8AI score0.00279EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/27 9:38 p.m.11 views

CVE-2026-9739

Vulnerable to DNS rebinding attacks when using SSE http://b/499408790. During the beta phase, we implemented allowed-origins and allowed-hosts flags to align with MCP security guidelines. However, the hardcoded Access-Control-Allow-Origin: header in the SSE initialization handler was inadvertentl...

9.4CVSS5.8AI score0.00279EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/27 9:38 p.m.35 views

CVE-2026-9739

Vulnerable to DNS rebinding attacks when using SSE http://b/499408790. During the beta phase, we implemented allowed-origins and allowed-hosts flags to align with MCP security guidelines. However, the hardcoded Access-Control-Allow-Origin: header in the SSE initialization handler was inadvertentl...

9.4CVSS0.00279EPSS
Exploits0References2
CVE
CVE
added 2026/05/27 9:38 p.m.32 views

CVE-2026-9739

CVE-2026-9739 describes a DNS rebinding vulnerability due to a hardcoded Access-Control-Allow-Origin: * in the SSE initialization handler, despite earlier attempts to align with MCP security guidelines using allowed-origins and allowed-hosts. The issue specifically affects users connecting via To...

9.4CVSS5.8AI score0.00279EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.10 views

Google MCP Toolbox for Databases 安全漏洞

Google MCP Toolbox for Databases is an open-source Model Context Protocol MCP server developed by Google, Inc. There is a security vulnerability in Google MCP Toolbox for Databases. This vulnerability arises from the susceptibility to DNS redirection attacks when using SSE, and the hard-coded...

9.4CVSS5.8AI score0.00279EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.15 views

PT-2026-44123

Name of the Vulnerable Software and Affected Versions Toolbox affected versions not specified Description The software is susceptible to DNS rebinding attacks when using Server-Sent Events SSE under specification v2024-11-05. This occurs because the SSE initialization handler retains a hardcoded...

9.4CVSS5.8AI score0.00279EPSS
Exploits0References8
Imperva Blog
Imperva Blog
added 2026/05/18 11:0 a.m.37 views

Dify: When Your AI Platform Becomes the Attack Surface

Executive Summary We identified a couple of vulnerabilities in AI automation platform Dify resulting in cross-tenant sensitive information disclosure and one-click account takeover. These findings reinforce the pattern we documented in our previous n8n blogpost: even though AI automation platform...

6.1AI score
Exploits0
EUVD
EUVD
added 2026/05/12 6:30 p.m.11 views

EUVD-2026-29552

The Adversarial Robustness Toolbox ART thru 1.20.1 contains an insecure deserialization vulnerability CWE-502 in its Kubeflow component's model loading functionality. When loading model weights from a file e.g., model.pt during robustness evaluation, the code uses torch.load without the...

6.3AI score0.006EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/12 6:30 p.m.13 views

EUVD-2026-29553

The Adversarial Robustness Toolbox ART thru 1.20.1 contains a command-line argument injection vulnerability in its Kubeflow component robustnessevaluationfgsmpytorch.py. The script uses the unsafe eval function to parse string values provided via the --clipvalues and --inputshape command-line...

6.3AI score0.00554EPSS
Exploits0References3
NVD
NVD
added 2026/05/12 6:16 p.m.13 views

CVE-2026-31230

The Adversarial Robustness Toolbox ART thru 1.20.1 contains a command-line argument injection vulnerability in its Kubeflow component robustnessevaluationfgsmpytorch.py. The script uses the unsafe eval function to parse string values provided via the --clipvalues and --inputshape command-line...

9.8CVSS0.00554EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.10 views

PT-2026-40116

The Adversarial Robustness Toolbox ART thru 1.20.1 contains an insecure deserialization vulnerability CWE-502 in its Kubeflow component's model loading functionality. When loading model weights from a file e.g., model.pt during robustness evaluation, the code uses torch.load without the...

6.3AI score0.006EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/12 12:0 a.m.8 views

CVE-2026-31228

The Adversarial Robustness Toolbox ART thru 1.20.1 contains a remote code execution vulnerability in its Kubeflow component. The robustness evaluation function for PyTorch models uses the unsafe eval function to dynamically evaluate user-supplied strings for the LossFn and Optimizer parameters...

6.5AI score0.0061EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.12 views

PT-2026-40117

The Adversarial Robustness Toolbox ART thru 1.20.1 contains a command-line argument injection vulnerability in its Kubeflow component robustness evaluation fgsm pytorch.py. The script uses the unsafe eval function to parse string values provided via the --clip values and --input shape command-lin...

6.3AI score0.00554EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.9 views

Adversarial Robustness Toolbox 安全漏洞

Adversarial Robustness Toolbox is an open-source machine learning security defense and evaluation tool developed by Trusted-AI. Versions of Adversarial Robustness Toolbox 1.20.1 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the robustnessevaluationfgsmpytorch....

9.8CVSS6.1AI score0.00554EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/12 12:0 a.m.36 views

CVE-2026-31230

The Adversarial Robustness Toolbox ART thru 1.20.1 contains a command-line argument injection vulnerability in its Kubeflow component robustnessevaluationfgsmpytorch.py. The script uses the unsafe eval function to parse string values provided via the --clipvalues and --inputshape command-line...

0.00554EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/12 12:0 a.m.38 views

CVE-2026-31229

The Adversarial Robustness Toolbox ART thru 1.20.1 contains an insecure deserialization vulnerability CWE-502 in its Kubeflow component's model loading functionality. When loading model weights from a file e.g., model.pt during robustness evaluation, the code uses torch.load without the...

0.006EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.9 views

Adversarial Robustness Toolbox 安全漏洞

Adversarial Robustness Toolbox is an open-source machine learning security defense and evaluation tool developed by Trusted-AI. Versions of Adversarial Robustness Toolbox 1.20.1 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the model loading function in the...

9.8CVSS6.2AI score0.006EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/12 12:0 a.m.35 views

CVE-2026-31228

The Adversarial Robustness Toolbox ART thru 1.20.1 contains a remote code execution vulnerability in its Kubeflow component. The robustness evaluation function for PyTorch models uses the unsafe eval function to dynamically evaluate user-supplied strings for the LossFn and Optimizer parameters...

0.0061EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.11 views

Adversarial Robustness Toolbox 安全漏洞

Adversarial Robustness Toolbox is an open-source machine learning security defense and evaluation tool developed by Trusted-AI. Versions of Adversarial Robustness Toolbox 1.20.1 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the robustness evaluation function i...

9.8CVSS5.9AI score0.0061EPSS
Exploits0References1
Rows per page
Query Builder