5 CRIT · 1 HIGH · 1 INFO · THREAT RED · 7 items · Generated in 241s
Unauthenticated HTTP requests can execute MCP tools without authentication
vLLM API auth bypass allows unauthorized access
vLLM's activation function loading allows arbitrary code execution on the server by publishing a malicious HuggingFace model
LangChain components can disclose files outside intended boundary if path values or search patterns come from untrusted sources
unauthenticated browser-control sessions can be established without any authentication
vulnerable to host header injection, allowing unauthenticated access to protected routes
Claude Fable is using Python to iterate through all available windows on the machine, potentially accessing sensitive information