All topics

ai

32 pieces of writing

AReaL PR #1323 refuses the default admin API key on network-facing proxy binds
vulnerability9 min read

AReaL PR #1323 refuses the default admin API key on network-facing proxy binds

AReaL's proxy rollout server used a public default admin API key while binding to a network interface by default. PR #1323 turns that insecure default into a startup failure.

Harbor PR #236 blocks CWE-78 in remote profile downloads
vulnerability7 min read

Harbor PR #236 blocks CWE-78 in remote profile downloads

Softeria ms-365-mcp-server PR #456 validates redirect_uri before Microsoft Entra forwarding
vulnerability7 min read

Softeria ms-365-mcp-server PR #456 validates redirect_uri before Microsoft Entra forwarding

CodeGraphContext PR #882 rejects write Cypher on /api/graph
vulnerability7 min read

CodeGraphContext PR #882 rejects write Cypher on /api/graph

CodeGraphContext's visualisation endpoint accepted arbitrary Cypher through /api/graph and passed it directly to Neo4j. PR #882 adds the missing read-only guard.

vulnerability9 min read

Project NOMAD PR #823: a hardcoded HMAC secret was real, but the fix was incomplete

vulnerability7 min read

checkcle PR #224 moved PocketBase JWTs out of localStorage

mcp-searxng PR #71 fixed a CWE-1333 ReDoS in section extraction
vulnerability7 min read

mcp-searxng PR #71 fixed a CWE-1333 ReDoS in section extraction

mcp-searxng interpolated the user-controlled section parameter into a dynamically built regular expression, allowing a malicious MCP client to block the Node.js event loop.

security10 min read

Vercel breached through a compromised Context.ai OAuth grant

security9 min read

From tj-actions to LiteLLM to MCP: supply chain compromise now operates at infrastructure scale

NVIDIA's RAG Blueprint had a path traversal in its MCP server. We got the fix merged in three days.
vulnerability6 min read

NVIDIA's RAG Blueprint had a path traversal in its MCP server. We got the fix merged in three days.

A CWE-22 path traversal in NVIDIA's RAG Blueprint MCP server allowed any MCP client to read arbitrary files and ingest them into the RAG collection. We submitted the fix and NVIDIA merged it.

full-stack-ai-agent-template's webhook service had a full read SSRF with response exfiltration
vulnerability8 min read

full-stack-ai-agent-template's webhook service had a full read SSRF with response exfiltration

security11 min read

Seven authentication bypasses that keep shipping in 2025 and 2026: the same architectural antipatterns, rewritten in new frameworks

Edict's file:// handler let anyone read files outside the project directory (CWE-22)
vulnerability5 min read

Edict's file:// handler let anyone read files outside the project directory (CWE-22)

The add_remote_skill endpoint in cft0808/edict applied path traversal protection to local and relative paths but skipped the file:// branch entirely. One .resolve() and an allowed_roots check closed the gap.

AIPex's localhost daemon let any website control your browser through a WebSocket
vulnerability5 min read

AIPex's localhost daemon let any website control your browser through a WebSocket

security10 min read

LangFlow, n8n and the pattern where AI configuration becomes code execution