Browse all 5 CVE security advisories affecting jlowin. AI-powered Chinese analysis, POCs, and references for each vulnerability.
jlowin is a security researcher focused on identifying vulnerabilities in web applications and enterprise systems. Their work primarily centers on uncovering flaws that could lead to remote code execution, cross-site scripting, and privilege escalation vulnerabilities. With five CVEs to their name, jlowin has demonstrated expertise in finding critical weaknesses across multiple platforms. While no major public incidents are directly attributed to their findings, their contributions have helped address significant security gaps in affected systems. Their research consistently highlights common misconfigurations and input validation failures that attackers could exploit to gain unauthorized access or elevate privileges.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-27124 | FastMCP: Missing Consent Verification in OAuth Proxy Callback Facilitates Confused Deputy Vulnerabilities — fastmcpCWE-441 | 9.1AI | CriticalAI | 2026-04-03 |
| CVE-2025-64340 | FastMCP has a Command Injection vulnerability - Gemini CLI — fastmcpCWE-78 | 6.7 | Medium | 2026-04-03 |
| CVE-2025-69196 | FastMCP OAuth Proxy token reuse across MCP servers — fastmcpCWE-863 | 5.3AI | MediumAI | 2026-03-16 |
| CVE-2025-62801 | FastMCP vulnerable to windows command injection in FastMCP Cursor installer via server_name — fastmcpCWE-78 | 9.8AI | CriticalAI | 2025-10-28 |
| CVE-2025-62800 | FastMCP vulnerable to reflected XSS in client's callback page — fastmcpCWE-79 | 6.1AI | MediumAI | 2025-10-28 |
This page lists every published CVE security advisory associated with jlowin. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.