12 matches found
EUVD-2025-14322
Malicious code in bioql PyPI...
CVE-2025-47274
ToolHive is a utility designed to simplify the deployment and management of Model Context Protocol MCP servers. Due to the ordering of code used to start an MCP server container, versions of ToolHive prior to 0.0.33 inadvertently store secrets in the run config files which are used to restart...
Missing Encryption of Sensitive Data
Overview Affected versions of this package are vulnerable to Missing Encryption of Sensitive Data due to the ordering of code used to start an MCP server container. An attacker can read secrets without needing access to the secrets store itself by gaining access to the home folder of the user who...
Missing Encryption of Sensitive Data
Overview Affected versions of this package are vulnerable to Missing Encryption of Sensitive Data due to the ordering of code used to start an MCP server container. An attacker can read secrets without needing access to the secrets store itself by gaining access to the home folder of the user who...
Missing Encryption of Sensitive Data
Overview Affected versions of this package are vulnerable to Missing Encryption of Sensitive Data due to the ordering of code used to start an MCP server container. An attacker can read secrets without needing access to the secrets store itself by gaining access to the home folder of the user who...
CVE-2025-47274
ToolHive is a utility designed to simplify the deployment and management of Model Context Protocol MCP servers. Due to the ordering of code used to start an MCP server container, versions of ToolHive prior to 0.0.33 inadvertently store secrets in the run config files which are used to restart...
CVE-2025-47274 ToolHive stores secrets in the state store with no encryption
ToolHive is a utility designed to simplify the deployment and management of Model Context Protocol MCP servers. Due to the ordering of code used to start an MCP server container, versions of ToolHive prior to 0.0.33 inadvertently store secrets in the run config files which are used to restart...
CVE-2025-47274
CVE-2025-47274 affects ToolHive, a utility for deploying/managing MCP servers. The issue arises from the startup code ordering that causes sensitive data to be written into run configuration files used to restart stopped MCP containers. An attacker with access to the user’s home directory can rea...
CVE-2025-47274 ToolHive stores secrets in the state store with no encryption
ToolHive is a utility designed to simplify the deployment and management of Model Context Protocol MCP servers. Due to the ordering of code used to start an MCP server container, versions of ToolHive prior to 0.0.33 inadvertently store secrets in the run config files which are used to restart...
CVE-2025-47274 ToolHive stores secrets in the state store with no encryption
ToolHive is a utility designed to simplify the deployment and management of Model Context Protocol MCP servers. Due to the ordering of code used to start an MCP server container, versions of ToolHive prior to 0.0.33 inadvertently store secrets in the run config files which are used to restart...
ToolHive 安全漏洞
ToolHive is a Stacklok open source tool for easily and securely running and managing MCP servers. A security vulnerability exists in ToolHive versions prior to 0.0.33, which stems from a key stored in the runtime configuration file and could lead to a key disclosure...
PT-2025-20705 · Toolhive · Toolhive
Name of the Vulnerable Software and Affected Versions: ToolHive versions prior to 0.0.33 Description: The issue arises from the ordering of code used to start a Model Context Protocol MCP server container in ToolHive, inadvertently storing secrets in run config files. This allows an attacker with...