mcp
mcp
- CVE-2025-71336 - Flowise Custom MCP auth bypass RCE
- CVE-2025-66336 - Apache Doris MCP Server metadata SQL injection
- CVE-2026-48039 - Meta Ads MCP HTTP tool auth bypass
- CVE-2025-49596 - MCP Inspector proxy unauthenticated RCE
- CVE-2025-53967 - Framelink Figma MCP curl command injection
- CVE-2025-6514 - mcp-remote OAuth command injection
- CVE-2025-68143 - mcp-server-git arbitrary repository creation
- CVE-2025-68144 - mcp-server-git diff and checkout argument injection
- CVE-2025-68145 - mcp-server-git repository path validation bypass
- CVE-2026-42271 - LiteLLM MCP stdio command execution
- CVE-2026-44895 - GitLab MCP Server SSE auth bypass
- CVE-2026-5058 - aws-mcp-server command injection RCE
- CVE-2026-33032 - nginx-ui MCP auth bypass
- CVE-2026-40576 - excel-mcp-server path traversal
- CVE-2026-47708 - stata-mcp log_file_name command injection
- CVE-2026-48710 - Starlette BadHost request.url path bypass
- GHSA-63gr-g7jc-v8rg - AgenticMail MCP HTTP auth bypass
- CVE-2026-30861 - WeKnora MCP stdio command injection
- GHSA-m99r-2hxc-cp3q - Flowise MCP security bypass RCE
- CVE-2026-44336 - PraisonAI MCP tools/call path traversal RCE
- GHSA-v6wj-c83f-v46x - profullstack MCP server command injection
- GHSA-xmxx/GHSA-mr34/GHSA-2gvc - OpenClaw gateway boundary hardening
- CVE-2026-40933 - Flowise MCP adapter command execution
- CVE-2026-41497 - PraisonAI MCP command injection incomplete fix
- CVE-2026-42449 - n8n-mcp IPv4-mapped IPv6 SSRF
- CVE-2026-7039 - ssh-mcp description command injection