7.6
CVE-2025-66416 - DNS Rebinding Protection Disabled by Default in Model Context Protocol Python SDK for Servers Runniβ¦
The MCP Python SDK, called `mcp` on PyPI, is a Python implementation of the Model Context Protocol (MCP). Prior to version 1.23.0, tThe Model Context Protocol (MCP) Python SDK does not enable DNS rebinding protection by default for HTTP-based servers. When an HTTP-based MCP server is run on localhoβ¦
7.6
CVE-2025-66414 - DNS Rebinding Protection Disabled by Default in Model Context Protocol TypeScript SDK for Servers Rβ¦
MCP TypeScript SDK is the official TypeScript SDK for Model Context Protocol servers and clients. Prior to 1.24.0, The Model Context Protocol (MCP) TypeScript SDK does not enable DNS rebinding protection by default for HTTP-based servers. When an HTTP-based MCP server is run on localhost without auβ¦
2.7
CVE-2025-66409 - ESF-IDF has an Out-of-Bounds Read in ESP32 Bluetooth AVRCP Command Handling
ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In 5.5.1, 5.4.3, 5.3.4, 5.2.6, 5.1.6, and earlier, when AVRCP is enabled on ESP32, receiving a malformed VENDOR DEPENDENT command from a peer device can cause the Bluetooth stack to access memory before validating the command β¦
5.4
CVE-2025-52622 - HCL BigFix SaaS Remediate is affected by a security vulnerability
The BigFix SaaS's HTTP responses were missing some security headers. The absence of these headers weakens the application's client-side security posture, making it more vulnerable to common web attacks that these headers are designed to mitigate, such as Cross-Site Scripting (XSS), Clickjacking, anβ¦
7.4
CVE-2025-66399 - SNMP Command Injection leads to RCE in Cacti
Cacti is an open source performance and fault management framework. Prior to 1.2.29, there is an input-validation flaw in the SNMP device configuration functionality. An authenticated Cacti user can supply crafted SNMP community strings containing control characters (including newlines) that are acβ¦
4.5
CVE-2025-65105 - Apptainer ineffective application of selinux and apparmor --security options
Apptainer is an open source container platform. In Apptainer versions less than 1.4.5, a container can disable two of the forms of the little used --security option, in particular the forms --security=apparmor:<profile> and --security=selinux:<label> which otherwise put restrictions on operations tβ¦
4.5
CVE-2025-64750 - Singluarity ineffectively applies of selinux / apparmor LSM process labels
SingularityCE and SingularityPRO are open source container platforms. Prior to SingularityCE 4.3.5 and SingularityPRO 4.1.11 and 4.3.5, if a user relies on LSM restrictions to prevent malicious operations then, under certain circumstances, an attacker can redirect the LSM label write operation so tβ¦
0.0
CVE-2025-66478 -
This CVE is a duplicate of CVE-2025-55182.
9
CVE-2025-13828 - Mautic user without privileged access to the Marketplace can install and uninstall composer packages
SummaryA non privileged user can install and remove arbitrary packages via composer for a composer based installed, even if the flag in update settings for enable composer based update is unticked. ImpactA low-privileged user of the platform can install malicious code to obtain higher privileges.
8.8
CVE-2025-13827 - GrapesJsBuilder File Upload allows all file uploads
Summary Arbitrary files can be uploaded via the GrapesJS Builder, as the types of files that can be uploaded are not restricted. ImpactIf the media folder is not restricted from running files this can lead to a remote code execution.