Microsoft vs Chaotic Eclipse
Microsoft nyilvánosan bírálta a Nightmare Eclipse (Chaotic Eclipse) néven ismert biztonsági kutatót, aki az elmúlt hónapokban több Windows zero-day sérülékenységet hozott nyilvánosságra
Read More
Month: May 2026
CVE-2026-0257: Rapid7 Caught Attackers Abusing Forged VPN Cookies Against Multiple Customers
CVE-2026-0257 lets attackers forge Palo Alto GlobalProtect auth cookies and bypass VPN login. Exploitation confirmed since May 17. Palo Alto
Read More
CVE-2026-10275 | OpenSC up to 0.26.1 pkcs11-tool Key Generation src/tools/pkcs11-tool.c test_kpgen_certwrite buffer overflow (Issue 3682)
A vulnerability marked as critical has been reported in OpenSC up to 0.26.1. This affects the function test_kpgen_certwrite of the
Read More
CVE-2026-10276 | hekmon8 Jenkins-server-mcp 0.1.0 get_build_status/get_build_log/trigger_build src/index.ts jobPath server-side request forgery
A vulnerability described as critical has been identified in hekmon8 Jenkins-server-mcp 0.1.0. This vulnerability affects the function jobPath of the
Read More
CVE-2026-10277 | j3k0 mcp-google-workspace up to 831790e7d5c2663325733d9f5579cc339a267c4c MCP Gmail Tool src/tools/gmail.ts saveToDisk access control
A vulnerability classified as critical has been found in j3k0 mcp-google-workspace up to 831790e7d5c2663325733d9f5579cc339a267c4c. This issue affects the function saveToDisk
Read More
CVE-2026-10278 | ishayoyo excel-mcp up to 1.0.2 read_file/write_file src/index.ts filePath/outputPath path traversal
A vulnerability classified as critical was found in ishayoyo excel-mcp up to 1.0.2. Impacted is an unknown function of the
Read More
CVE-2026-10279 | hiraishikentaro wezterm-mcp 0.1.0 switch_pane/write_to_specific_pane src/wezterm_executor.ts request.params.arguments.pane_id os command injection
A vulnerability, which was classified as critical, has been found in hiraishikentaro wezterm-mcp 0.1.0. The affected element is an unknown
Read More
CVE-2026-10280 | horizon921 mcpilot 0.1.0 MCP API Call Endpoint route.ts serverBaseUrl server-side request forgery
A vulnerability, which was classified as critical, was found in horizon921 mcpilot 0.1.0. The impacted element is an unknown function
Read More
CVE-2026-10281 | Enderfga claw-orchestrator up to 3.5.5 API Endpoint src/embedded-server.ts EmbeddedServer missing authentication (Issue 61)
A vulnerability has been found in Enderfga claw-orchestrator up to 3.5.5 and classified as critical. This affects the function EmbeddedServer
Read More
CVE-2026-10282 | Bottelet DaybydayCRM up to 2.2.1 DocumentsController.php view improper authorization (Issue 347)
A vulnerability was found in Bottelet DaybydayCRM up to 2.2.1 and classified as problematic. This impacts the function view of
Read More