DNS Rebinding Protection Disabled by Default in Model Context Protocol Go SDK for Servers Running on Localhost

The Model Context Protocol MCP Go SDK does not enable DNS rebinding protection by default for HTTP-based servers. When an HTTP-based MCP server is run on localhost without authentication with StreamableHTTPHandler or SSEHandler, a malicious website could exploit DNS rebinding to bypass same-origi...

UBUNTU-CVE-2026-23408

In the Linux kernel, the following vulnerability has been resolved: apparmor: Fix double free of nsname in aareplaceprofiles if nsname is NULL after 1071 error = aaunpackudata, &lh, &nsname; and if ent-nsname contains an nsname in 1089 else if ent-nsname then nsname is assigned the ent-nsname 109...

CVE-2026-23408

In the Linux kernel, the following vulnerability has been resolved: apparmor: Fix double free of nsname in aareplaceprofiles if nsname is NULL after 1071 error = aaunpackudata, , name; and if ent-nsname contains an nsname in 1089 else if ent-nsname then nsname is assigned the ent-nsname 1095 nsna...

kernel: Linux kernel: Use-After-Free vulnerability in ATM subsystem

A flaw was found in the Linux kernel's Asynchronous Transfer Mode ATM subsystem. An authenticated local attacker could exploit a Use-After-Free UAF vulnerability in the /proc/net/atm/lec handling. This flaw occurs due to improper devput calls without prior devhold calls, leading to an imbalance i...

Cisco Integrated Management Controller 命令注入漏洞

The Cisco Integrated Management Controller IMC is a set of software developed by Cisco, Inc., used for managing UCS Unified Computing System environments. This software supports HTTP and SSH access, and allows operations such as powering on, powering off, and restarting servers. The Cisco IMC has...

CVE-2026-24030

A flaw was found in DNSdist. A remote attacker could exploit this vulnerability by sending specially crafted DNS over QUIC Quick UDP Internet Connections or DNS over HTTP/3 Hypertext Transfer Protocol version 3 payloads. This could trick DNSdist into allocating excessive memory, leading to a deni...

SUSE-SU-2026:20988-1 Security update for gnome-online-accounts, gvfs

This update for gnome-online-accounts, gvfs fixes the following issues: Changes for gvfs: Update gvfs to 1.59.90: - CVE-2026-28295: information disclosure when processing untrusted PASV responses from FTP servers bsc1258953. - CVE-2026-28296: arbitrary FTP command injection due to unsanitized CRL...

UBUNTU-CVE-2026-33952

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, an unvalidated authlength field read from the network triggers a WINPRASSERT failure in rtsreadauthverifiernochecks, causing any FreeRDP client connecting through a malicious RDP Gateway to crash with SIGABR...

EUVD-2026-16734

AVideo Vulnerable to Wallet Balance Double-Spend via TOCTOU Race Condition in transferBalance...

AVideo Vulnerable to Wallet Balance Double-Spend via TOCTOU Race Condition in transferBalance

Summary The transferBalance method in plugin/YPTWallet/YPTWallet.php contains a Time-of-Check-Time-of-Use TOCTOU race condition. The method reads the sender's wallet balance, checks sufficiency in PHP, then writes the new balance — all without database transactions or row-level locking. An attack...

Race Condition

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Race Condition through the transferBalance process in plugin/YPTWallet/YPTWallet.php. An attacker can create a wallet balance from nothing by sending concurrent...

EUVD-2018-21710

FTPShell Server 6.83 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string in the account name field. Attackers can trigger a denial of service by pasting a 417-byte payload into the 'Account name to ban' parameter...

EUVD-2018-21716

BulletProof FTP Server 2019.0.0.50 contains a denial of service vulnerability in the SMTP configuration interface that allows local attackers to crash the application by supplying an oversized string. Attackers can input a buffer of 257 'A' characters in the SMTP Server field and trigger a crash ...

CVE-2018-25229

BulletProof FTP Server 2019.0.0.50 contains a denial of service vulnerability in the SMTP configuration interface that allows local attackers to crash the application by supplying an oversized string. Attackers can input a buffer of 257 'A' characters in the SMTP Server field and trigger a crash ...

CVE-2026-3945

A flaw was found in tinyproxy. An unauthenticated remote attacker can exploit an integer overflow vulnerability in the HTTP chunked transfer encoding parser. By sending a crafted HTTP request with a specially formed chunk size, the attacker can cause the proxy to miscalculate the size of incoming...

UBUNTU-CVE-2026-3945

An integer overflow vulnerability in the HTTP chunked transfer encoding parser in tinyproxy up to and including version 1.11.3 allows an unauthenticated remote attacker to cause a denial of service DoS. The issue occurs because chunk size values are parsed using strtol without properly validating...

CVE-2026-3945

An integer overflow vulnerability in the HTTP chunked transfer encoding parser in tinyproxy up to and including version 1.11.3 allows an unauthenticated remote attacker to cause a denial of service DoS. The issue occurs because chunk size values are parsed using strtol without properly validating...

CVE-2026-3945

An integer overflow vulnerability in the HTTP chunked transfer encoding parser in tinyproxy up to and including version 1.11.3 allows an unauthenticated remote attacker to cause a denial of service DoS. The issue occurs because chunk size values are parsed using strtol without properly validating...

CVE-2026-3945

An integer overflow vulnerability in the HTTP chunked transfer encoding parser in tinyproxy up to and including version 1.11.3 allows an unauthenticated remote attacker to cause a denial of service DoS. The issue occurs because chunk size values are parsed using strtol without properly validating...

BulletProof FTP Server 安全漏洞

BulletProof FTP Server is an FTP server software developed by BulletProof Corporation. Version 2019.0.0.50 of BulletProof FTP Server contains a security vulnerability. This vulnerability stems from a denial-of-service vulnerability in the SMTP configuration interface, which could allow local...