Lucene search
K

4 matches found

Snyk
Snyk
added 2026/04/23 2:31 p.m.4 views

Insertion of Sensitive Information into Log File

Overview n8n-mcp is an Integration between n8n workflow automation and Model Context Protocol MCP Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File in the POST /mcp endpoint. An attacker can cause sensitive information such as bearer tokens, API...

6CVSS5.4AI score0.00255EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/09/17 5:45 p.m.4 views

CVE-2025-59155

hackmd-mcp is a Model Context Protocol server for integrating HackMD's note-taking platform with AI assistants. From 1.4.0 to before 1.5.0, hackmd-mcp contains a server-side request forgery SSRF vulnerability when the server is run in HTTP transport mode. Arbitrary hackmdApiUrl values supplied vi...

6.9CVSS6.9AI score0.00332EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2025/09/15 8:37 p.m.7 views

HackMD MCP Server has Server-Side Request Forgery (SSRF) vulnerability

Impact A Server-Side Request Forgery SSRF vulnerability that affects all users running the HackMD MCP server in HTTP mode. Attackers could exploit this vulnerability by passing arbitrary hackmdApiUrl values through HTTP headers Hackmd-Api-Url or base64-encoded JSON query parameters. This allows...

6.9CVSS7AI score0.00332EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2025/09/15 4:56 p.m.10 views

CVE-2025-59155 hackmd-mcp server-side request forgery in HTTP transport mode

hackmd-mcp is a Model Context Protocol server for integrating HackMD's note-taking platform with AI assistants. From 1.4.0 to before 1.5.0, hackmd-mcp contains a server-side request forgery SSRF vulnerability when the server is run in HTTP transport mode. Arbitrary hackmdApiUrl values supplied vi...

6.9CVSS0.00332EPSS
Exploits0References2
Rows per page
Query Builder