3 matches found
Incorrect Authorization
Overview mcp-server-kubernetes is a MCP server for interacting with Kubernetes clusters via kubectl Affected versions of this package are vulnerable to Incorrect Authorization through the CallTool handler in src/index.ts. An attacker can invoke disallowed Kubernetes tools and perform destructive...
Use of a Broken or Risky Cryptographic Algorithm
Overview Affected versions of this package are vulnerable to Use of a Broken or Risky Cryptographic Algorithm due to missing cryptographic key commitment when storing encrypted data keys in an instruction file. An attacker with write access to the S3 bucket can manipulate encrypted data keys to...
PT-2024-30449 · WordPress · Wp Travel Gutenberg Blocks
Name of the Vulnerable Software and Affected Versions: WP Travel Gutenberg Blocks versions through 3.5.1 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS attacks. Recommendations: F...