CVE-2026-42856

Network-AI is a TypeScript/Node.js multi-agent orchestrator. Prior to 5.1.3, the MCP HTTP transport accepts JSON-RPC tools/call requests with no authentication, session, origin, or token check, and dispatches them directly to the orchestrator's tool registry. The default bind address is 0.0.0.0. ...

CVE-2026-27004 OpenClaw session tool visibility hardening and Telegram webhook secret fallback

OpenClaw is a personal AI assistant. Prior to version 2026.2.15, in some shared-agent deployments, OpenClaw session tools sessionslist, sessionshistory, sessionssend allowed broader session targeting than some operators intended. This is primarily a configuration/visibility-scoping issue in...

CVE-2025-66599

CVE-2025-66599 affects Yokogawa FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) from R9.01 through R10.04. The issue is that physical paths could be displayed on web pages, which could be exploited for other attacks (no exploit details provided). CVSS v4 base score is 6.9 (NETWORK ac...

MCP Server Tools Detected

This is an informational notice that the scanner was able to detect the exposition of tools on the target Model Context Protocol MCP server. No source data...