Lucene search
K
McphubxMcphub

4 matches found

CVE
CVE
added 2025/10/05 6:2 a.m.17 views

CVE-2025-11285

SAMANHAPPY MCPHub up to 0.9.10 contains a command injection in src/controllers/serverController.ts caused by improper handling of the command/args input. An attacker can remotely trigger arbitrary OS commands; the exploit has been publicly released. No fixed version is available for remediation; ...

8.8CVSS6.5AI score0.07794EPSS
CVE
CVE
added 2025/10/05 7:2 a.m.15 views

CVE-2025-11287

CVE-2025-11287 affects samanhappy MCPHub up to version 0.9.10. The vulnerability is in the function handleSseConnectionfunction of src/services/sseService.ts, causing improper authentication. It can be triggered remotely and public exploits exist. Remediation per referenced advisories is to upgra...

9.8CVSS6.4AI score0.00577EPSS
CVE
CVE
added 2025/10/05 6:32 a.m.14 views

CVE-2025-11286

CVE-2025-11286 affects samanhappy MCPHub up to version 0.9.10. The flaw is in src/controllers/serverController.ts of the MCPRouter Service, where manipulation of the baseUrl argument enables server-side request forgery (SSRF). Exploitation can be remote; the exploit has been publicly disclosed. T...

5.8CVSS5AI score0.00287EPSS
CVE
CVE
added 2026/04/14 10:23 a.m.13 views

CVE-2025-13822

CVE-2025-13822 concerns MCPHub versions below 0.11.0, where authentication bypass exists due to endpoints lacking authentication middleware. An unauthenticated attacker could perform actions in the name of other users with their privileges. The provided metrics indicate low impact on confidential...

5.3CVSS5.8AI score0.00353EPSS