EUVD-2026-33323

mcp-security provides Security and Authorization support for Model Context Protocol in Spring AI. Prior to 0.1.9, the mcp-security framework fails to implement the mandatory SSRF mitigations outlined in the Model Context Protocol MCP security specifications. Specifically, it processes untrusted...

CVE-2026-40160

Prais onAIAgents’ web_crawl has an SSRF in the httpx fallback prior to version 1.5.128. The fallback passes user-supplied URLs directly to httpx.AsyncClient.get() with follow_redirects=True and no host validation, enabling an LLM agent to crawl internal endpoints (including 169.254.169.254), inte...

EUVD-2020-17718

Malware in sbrugna...

CVE-2024-52593 Missing validation allows spoofed "origin" links in Misskey

Misskey is an open source, federated social media platform.In affected versions missing validation in NoteCreateService.insertNote, ApPersonService.createPerson, and ApPersonService.updatePerson allows an attacker to control the target of any "origin" links such as the "view on remote instance"...

WordPress Plugin Seraphinite Accelerator Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...