Team off-course

2 exploits Active since Dec 2025
CVE-2025-65512 WRITEUP HIGH WRITEUP
markdownify_mcp_server < 0.0.2 - Server-Side Request Forgery via Webpage-to-Markdown Conversion
A Server-Side Request Forgery (SSRF) vulnerability was discovered in the webpage-to-markdown conversion feature of markdownify-mcp v0.0.2 and before. This vulnerability allows an attacker to bypass private IP restrictions through hostname-based bypass and HTTP redirect chains, enabling access to internal network services.
CVSS 7.5
CVE-2025-65513 WRITEUP HIGH WRITEUP
fetch_mcp_server < 1.0.2 - Server-Side Request Forgery via Private IP Validation Bypass
fetch-mcp v1.0.2 and before is vulnerable to Server-Side Request Forgery (SSRF) vulnerability, which allows attackers to bypass private IP validation and access internal network resources.
CVSS 7.5