Latest CVE Feed
Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.
A security flaw has been discovered in mastergo-design mastergo-magic-mcp up to 0.2.0. This issue affects the function execute of the file src/tools/get-c2d.ts of the component mcp__C2d. Performing a…
Incorrect behavior order in the Gateway API listener-rule generation in Amazon AWS Load Balancer Controller before 3.4.2 might allow an authenticated remote user to intercept, spoof, or deny another …
AWS HealthLake MCP Server (awslabs.healthlake-mcp-server) is a Model Context Protocol server that enables AI assistants to interact with AWS HealthLake FHIR datastores. A server-side request forgery …
Vitest is a testing framework powered by Vite. From 3.0.0 until 3.2.5, 4.1.8, and 5.0.0-beta.4, Vitest Browser Mode exposed a cdp() API that forwarded raw Chrome DevTools Protocol methods without bei…
Improper encoding or escaping of output in .NET allows an authorized attacker to perform spoofing over a network.
Allocation of resources without limits or throttling in .NET allows an unauthorized attacker to deny service over a network.
Improper control of generation of code ('code injection') in .NET Framework allows an unauthorized attacker to elevate privileges locally.
Deserialization of untrusted data in .NET allows an unauthorized attacker to execute code locally.
Allocation of resources without limits or throttling in .NET Framework allows an unauthorized attacker to deny service over a network.
Protection mechanism failure in .NET Framework allows an unauthorized attacker to execute code locally.
Incorrect authorization in .NET allows an unauthorized attacker to bypass a security feature over a network.
Stack-based buffer overflow in .NET Framework allows an unauthorized attacker to deny service over a network.
Improper link resolution before file access ('link following') in .NET allows an authorized attacker to perform tampering locally.
Allocation of resources without limits or throttling in .NET allows an unauthorized attacker to deny service over a network.
Improper validation of specified type of input in .NET Framework allows an unauthorized attacker to deny service over a network.
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 5.4.53, 6.4.41, 7.4.13, and 8.0.13, UrlGenerator::doGenerate() used strtr() dot-segment enco…
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. From 6.1.0 until 6.4.41, 7.4.13, and 8.0.13, UrlAttributeSanitizer::getSupportedAttributes() omitted …
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. From 6.1.0 until 6.4.41, 7.4.13, and 8.0.13, UrlSanitizer::parse() rejected raw BiDi formatting chara…
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 7.4.13 and 8.0.13, MailomatRequestParser::validateSignature() parsed X-MOM-Webhook-Signature…
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. From 5.4.0 to 5.4.53, 6.4.41, 7.4.13, and 8.0.13, NoPrivateNetworkHttpClient and IpUtils::PRIVATE_SUB…