4 matches found
CVE-2025-11285
SAMANHAPPY MCPHub up to 0.9.10 contains a command injection in src/controllers/serverController.ts caused by improper handling of the command/args input. An attacker can remotely trigger arbitrary OS commands; the exploit has been publicly released. No fixed version is available for remediation; ...
CVE-2025-11287
CVE-2025-11287 affects samanhappy MCPHub up to version 0.9.10. The vulnerability is in the function handleSseConnectionfunction of src/services/sseService.ts, causing improper authentication. It can be triggered remotely and public exploits exist. Remediation per referenced advisories is to upgra...
CVE-2025-11286
CVE-2025-11286 affects samanhappy MCPHub up to version 0.9.10. The flaw is in src/controllers/serverController.ts of the MCPRouter Service, where manipulation of the baseUrl argument enables server-side request forgery (SSRF). Exploitation can be remote; the exploit has been publicly disclosed. T...
CVE-2025-13822
CVE-2025-13822 concerns MCPHub versions below 0.11.0, where authentication bypass exists due to endpoints lacking authentication middleware. An unauthenticated attacker could perform actions in the name of other users with their privileges. The provided metrics indicate low impact on confidential...