Missing Origin/Host header validation in Google's MCP Toolbox for Databases (Model Context Protocol server) prior to v0.25.0 allows remote attackers to reach the locally-bound HTTP server via DNS rebinding from a victim's browser, abusing the bridge to issue arbitrary tool/database commands. The fix introduces a new --allowed-hosts startup flag (companion to the existing --allowed-origins) that validates inbound Host headers, though both flags retain an insecure-by-default '*' value with only a startup warning. No public exploit identified at time of analysis; the issue was reported internally by Google.
Remote unauthenticated authentication bypass in Nefteprodukttekhnika BUK TS-G Gas Station Automation System 2.9.1 through 2.10.2 on Linux allows any HTTP client to obtain administrator-level access by POSTing arbitrary credentials to /php/ajax-login.php, which unconditionally returns userid=1. Downstream privileged endpoints under /php/ajax-main.php and /modules/* fail to validate a server-side session, exposing full control over fuel dispensers, tank gauges, pricing, POS, bank terminals, and relays. No public exploit identified at time of analysis, but a public reference to a proof-of-concept repository (ciprobe/bukts_auth_bypass) suggests trivially reproducible exploitation against ICS/OT infrastructure.
Divide-by-zero crash in GPAC's MP4Box tool allows denial of service when processing a crafted MP4 file containing a malformed Opus audio track header. The function gf_opus_parse_packet_header() in media_tools/av_parsers.c:11479 fails to validate that nb_frames is non-zero before performing arithmetic (max = header->nb_frames - 1), triggering a SIGFPE along the Opus dump path. A public proof-of-concept file is available, and no authentication or special privileges are required - only the ability to supply a crafted file to the tool. No confirmed active exploitation (not in CISA KEV); impact is limited to process crash with no code execution potential identified.