Search Results (4 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-14702 1 Zcaceres 1 Markdownify-mcp 2026-07-05 2.5 Low
A flaw has been found in zcaceres markdownify-mcp up to 1.1.0. This impacts the function saveToTempFile of the file src/Markdownify.ts of the component webpage-to-markdown/youtube-to-markdown/bing-search-to-markdown. This manipulation causes insufficiently random values. The attack is restricted to local execution. A high degree of complexity is needed for the attack. The exploitability is said to be difficult. The exploit has been published and may be used. The pull request to fix this issue awaits acceptance.
CVE-2026-14699 1 Zcaceres 1 Markdownify-mcp 2026-07-05 3.3 Low
A weakness has been identified in zcaceres markdownify-mcp up to 1.1.0. The affected element is the function assertPathAllowed of the file src/Markdownify.ts. Executing a manipulation can lead to symlink following. The attack can only be executed locally. The pull request to fix this issue awaits acceptance.
CVE-2025-65512 1 Zcaceres 1 Markdownify Mcp Server 2026-01-02 7.5 High
A Server-Side Request Forgery (SSRF) vulnerability was discovered in the webpage-to-markdown conversion feature of markdownify-mcp v0.0.2 and before. This vulnerability allows an attacker to bypass private IP restrictions through hostname-based bypass and HTTP redirect chains, enabling access to internal network services.
CVE-2025-65513 1 Zcaceres 1 Fetch Mcp Server 2026-01-02 7.5 High
fetch-mcp v1.0.2 and before is vulnerable to Server-Side Request Forgery (SSRF) vulnerability, which allows attackers to bypass private IP validation and access internal network resources.