24h | 7d | 30d

CVE-2026-43033

Overview

  • Linux
  • Linux
01 May 2026
Published
03 May 2026
Updated
CVSS v3.1
HIGH (7.8)
EPSS
0.02%
KEV

Description

In the Linux kernel, the following vulnerability has been resolved: crypto: authencesn - Do not place hiseq at end of dst for out-of-place decryption When decrypting data that is not in-place (src != dst), there is no need to save the high-order sequence bits in dst as it could simply be re-copied from the source. However, the data to be hashed need to be rearranged accordingly. Thanks,

Statistics

  • 1 Post
Last activity: 14 hours ago

Bluesky

Profile picture fallback
ferramentaslinux.bsky.social @ferramentaslinux.bsky.social
Linux kernel LPE & DoS vulnerabilities (CVE-2026-31431 / CVE-2026-43033) affect #Debian 11 Bullseye. Detection commands, full fix script, and temporary mitigations inside. Update to kernel 5.10.251-3. 🛡️ Full guide & script Read more- > tinyurl.com/yfpvfpa8 #Security
  • 0
  • 0
  • 0
  • 14h ago

CVE-2026-7446

Overview

  • VetCoders
  • mcp-server-semgrep
30 Apr 2026
Published
30 Apr 2026
Updated
CVSS v4.0
MEDIUM (6.9)
EPSS
0.85%
KEV

Description

A vulnerability was detected in VetCoders mcp-server-semgrep 1.0.0. This affects the function analyze_results/filter_results/export_results/compare_results/scan_directory/create_rule of the file src/index.ts of the component MCP Interface. The manipulation of the argument ID results in os command injection. The attack can be executed remotely. The exploit is now public and may be used. Upgrading to version 1.0.1 is able to mitigate this issue. The patch is identified as 141335da044e53c3f5b315e0386e01238405b771. It is advisable to upgrade the affected component.

Statistics

  • 1 Post
Last activity: 12 hours ago

Fediverse

Profile picture fallback
Vito Botta @vitobotta

Command injection in MCP servers. Not surprised. CVE-2026-7446 hits mcp-server-semgrep, and CVE-2026-7416 hits xcode-mcp-server.

Both let remote attackers inject OS commands with no auth needed. The attack surface on MCP servers keeps growing, and most of these community-built tools were never designed with security in mind. mcp-server-semgrep has a fix in v1.0.1, but who's checking their MCP server versions? Nobody. That's the problem.

nvd.nist.gov/vuln/detail/CVE-2

  • 0
  • 0
  • 0
  • 12h ago

CVE-2026-7416

Overview

  • PolarVista
  • xcode-mcp-server
29 Apr 2026
Published
30 Apr 2026
Updated
CVSS v4.0
MEDIUM (6.9)
EPSS
0.20%
KEV

Description

A vulnerability was found in PolarVista xcode-mcp-server 1.0.0. This issue affects the function build_project/run_tests of the file src/index.ts of the component MCP Interface. The manipulation of the argument Request results in os command injection. The attack may be launched remotely. The exploit has been made public and could be used. The project was informed of the problem early through an issue report but has not responded yet.

Statistics

  • 1 Post
Last activity: 12 hours ago

Fediverse

Profile picture fallback
Vito Botta @vitobotta

Command injection in MCP servers. Not surprised. CVE-2026-7446 hits mcp-server-semgrep, and CVE-2026-7416 hits xcode-mcp-server.

Both let remote attackers inject OS commands with no auth needed. The attack surface on MCP servers keeps growing, and most of these community-built tools were never designed with security in mind. mcp-server-semgrep has a fix in v1.0.1, but who's checking their MCP server versions? Nobody. That's the problem.

nvd.nist.gov/vuln/detail/CVE-2

  • 0
  • 0
  • 0
  • 12h ago
Showing 21 to 23 of 23 CVEs