4 CRIT · 1 HIGH · 1 INFO · THREAT RED · 6 items · Generated in 220s
User input directly interpolated into a Stata command string without sanitization, allowing command injection attacks
MCP Server Kubernetes: kubectl-generic flag injection enables Kubernetes bearer token exfiltration, privilege escalation attack possible
vLLM's revision pinning controls do not consistently apply to all artifacts loaded for a model
Unauthenticated HTTP requests can be executed without authentication
MCP token holder can read any file in shared storage, including attachments from other bases and workspaces
Claude Fable is using Python to iterate through all available windows on the machine, potentially accessing sensitive information