CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-49596 – MCP Inspector proxy server lacks authentication between the Inspector client and proxy
https://notcve.org/view.php?id=CVE-2025-49596
13 Jun 2025 — The MCP inspector is a developer tool for testing and debugging MCP servers. Versions of MCP Inspector below 0.14.1 are vulnerable to remote code execution due to lack of authentication between the Inspector client and proxy, allowing unauthenticated requests to launch MCP commands over stdio. Users should immediately upgrade to version 0.14.1 or later to address these vulnerabilities. • https://github.com/modelcontextprotocol/inspector/commit/50df0e1ec488f3983740b4d28d2a968f12eb8979 • CWE-306: Missing Authentication for Critical Function •
CVSS: 7.2EPSS: 0%CPEs: 5EXPL: 0CVE-2023-27383
https://notcve.org/view.php?id=CVE-2023-27383
14 Nov 2023 — Protection mechanism failure in some Intel(R) oneAPI HPC Toolkit 2023.1 and Intel(R)MPI Library software before version 2021.9 may allow a privileged user to potentially enable escalation of privilege via adjacent access. La falla del mecanismo de protección en algunos software Intel(R) oneAPI HPC Toolkit 2023.1 e Intel(R)MPI Library anteriores a la versión 2021.9 puede permitir que un usuario privilegiado habilite potencialmente la escalada de privilegios a través del acceso adyacente. • https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00841.html • CWE-693: Protection Mechanism Failure •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2023-24592
https://notcve.org/view.php?id=CVE-2023-24592
14 Nov 2023 — Path traversal in the some Intel(R) oneAPI Toolkits and Component software before version 2023.1 may allow authenticated user to potentially enable escalation of privilege via local access. Path Traversal en algunos software Intel(R) oneAPI Toolkits and Component anteriores a la versión 2023.1 puede permitir que el usuario autenticado habilite potencialmente la escalada de privilegios a través del acceso local. • https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00841.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 0%CPEs: 30EXPL: 0CVE-2023-22355
https://notcve.org/view.php?id=CVE-2023-22355
10 May 2023 — Uncontrolled search path in some Intel(R) oneAPI Toolkit and component software installers before version 4.3.0.251 may allow an authenticated user to potentially enable escalation of privilege via local access. • https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00819.html • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-15022
https://notcve.org/view.php?id=CVE-2019-15022
09 Oct 2019 — A security vulnerability exists in Zingbox Inspector versions 1.294 and earlier, that allows for the Inspector to be susceptible to ARP spoofing. Se presenta una vulnerabilidad de seguridad en Zingbox Inspector versiones 1.294 y anteriores, que permite que el Inspector sea susceptible a la falsificación de ARP. • https://security.paloaltonetworks.com/CVE-2019-15022 • CWE-290: Authentication Bypass by Spoofing •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2019-15020
https://notcve.org/view.php?id=CVE-2019-15020
09 Oct 2019 — A security vulnerability exists in the Zingbox Inspector versions 1.293 and earlier, that could allow an attacker to supply an invalid software update image to the Zingbox Inspector that could result in command injection. Se presenta una vulnerabilidad de seguridad en Zingbox Inspector, versiones 1.293 y anteriores, que podría permitir a un atacante suministrar una imagen de actualización de software no válida al Zingbox Inspector que podría resultar en la inyección de comandos. • https://security.paloaltonetworks.com/CVE-2019-15020 • CWE-346: Origin Validation Error •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-15016
https://notcve.org/view.php?id=CVE-2019-15016
09 Oct 2019 — An SQL injection vulnerability exists in the management interface of Zingbox Inspector versions 1.288 and earlier, that allows for unsanitized data provided by an authenticated user to be passed from the web UI into the database. Se presenta una vulnerabilidad de inyección SQL en la interfaz de administración de Zingbox Inspector versiones 1.288 y anteriores, lo que permite que los datos no saneados provistos por un usuario autenticado sean pasados desde la interfaz de usuario web hacia la base de datos. • https://security.paloaltonetworks.com/CVE-2019-15016 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 0CVE-2019-1584
https://notcve.org/view.php?id=CVE-2019-1584
09 Oct 2019 — A security vulnerability exists in Zingbox Inspector version 1.293 and earlier, that allows for remote code execution if the Inspector were sent a malicious command from the Zingbox cloud, or if the Zingbox Inspector were tampered with to connect to an attacker's cloud endpoint. Se presenta una vulnerabilidad de seguridad en Zingbox Inspector versión 1.293 y anteriores, que permite la ejecución de código remota si el Inspector recibió un comando malicioso desde la nube de Zingbox, o si el Zingbox Inspector ... • https://security.paloaltonetworks.com/CVE-2019-1584 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2019-15021
https://notcve.org/view.php?id=CVE-2019-15021
09 Oct 2019 — A security vulnerability exists in the Zingbox Inspector versions 1.294 and earlier, that can allow an attacker to easily identify instances of Zingbox Inspectors in a local area network. Se presenta una vulnerabilidad de seguridad en Zingbox Inspector, versiones 1.294 y anteriores, que puede permitir a un atacante identificar fácilmente instancias de Zingbox Inspectors en una red de área local. • https://security.paloaltonetworks.com/CVE-2019-15021 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-15018
https://notcve.org/view.php?id=CVE-2019-15018
09 Oct 2019 — A security vulnerability exists in the Zingbox Inspector versions 1.280 and earlier, where authentication is not required when binding the Inspector instance to a different customer tenant. Se presenta una vulnerabilidad de seguridad en Zingbox Inspector versiones 1.280 y anteriores, donde no se requiere autenticación cuando se vincula la instancia de Inspector a un inquilino cliente diferente. • https://security.paloaltonetworks.com/CVE-2019-15018 • CWE-306: Missing Authentication for Critical Function •