All topics

security

42 pieces of writing

Softeria ms-365-mcp-server PR #456 validates redirect_uri before Microsoft Entra forwarding
vulnerability7 min read

Softeria ms-365-mcp-server PR #456 validates redirect_uri before Microsoft Entra forwarding

Softeria's ms-365-mcp-server forwarded client-supplied OAuth redirect_uri values to Microsoft Entra without local validation. PR #456 adds scheme checks, loopback-only HTTP defaults and an exact-match allowlist for hosted deployments.

CodeGraphContext PR #882 rejects write Cypher on /api/graph
vulnerability7 min read

CodeGraphContext PR #882 rejects write Cypher on /api/graph

Tabby PR #11228 requires HTTPS for config sync after YAML profiles reached command execution
security7 min read

Tabby PR #11228 requires HTTPS for config sync after YAML profiles reached command execution

Koodo Reader PR #1598 replaced wildcard CORS with an ALLOWED_ORIGINS allowlist
vulnerability8 min read

Koodo Reader PR #1598 replaced wildcard CORS with an ALLOWED_ORIGINS allowlist

Koodo Reader's optional HTTP server advertised Access-Control-Allow-Origin: * with credentials enabled. PR #1598 removes the wildcard, rejects untrusted cross-origin requests and adds an ALLOWED_ORIGINS allowlist.

vulnerability7 min read

checkcle PR #224 moved PocketBase JWTs out of localStorage

mcp-searxng PR #71 fixed a CWE-1333 ReDoS in section extraction
vulnerability7 min read

mcp-searxng PR #71 fixed a CWE-1333 ReDoS in section extraction

security14 min read

Checkmarx KICS, npm Bitwarden CLI and GlassWorm show developer trust is the supply chain target

Checkmarx KICS, npm Bitwarden CLI packages and GlassWorm show how supply chain compromise has moved from poisoned code to weaponised developer trust.

security10 min read

Vercel breached through a compromised Context.ai OAuth grant

security9 min read

From tj-actions to LiteLLM to MCP: supply chain compromise now operates at infrastructure scale

security9 min read

NPM worms, credential harvesting and 2 billion weekly downloads: supply-chain attacks have professionalised

Supply-chain compromise is no longer opportunistic. Self-replicating NPM worms, coordinated developer phishing and credential-harvesting pipelines show an attack class that has industrialised faster than the defences meant to contain it.

NVIDIA's RAG Blueprint had a path traversal in its MCP server. We got the fix merged in three days.
vulnerability6 min read

NVIDIA's RAG Blueprint had a path traversal in its MCP server. We got the fix merged in three days.

full-stack-ai-agent-template's webhook service had a full read SSRF with response exfiltration
vulnerability8 min read

full-stack-ai-agent-template's webhook service had a full read SSRF with response exfiltration

security11 min read

Seven authentication bypasses that keep shipping in 2025 and 2026: the same architectural antipatterns, rewritten in new frameworks

Modern frameworks keep reimplementing the same seven authentication bypass patterns. From hardcoded credentials to missing origin checks, the bugs are structural, not accidental, and the AI tooling boom is accelerating the cycle.

Edict's file:// handler let anyone read files outside the project directory (CWE-22)
vulnerability5 min read

Edict's file:// handler let anyone read files outside the project directory (CWE-22)

AIPex's localhost daemon let any website control your browser through a WebSocket
vulnerability5 min read

AIPex's localhost daemon let any website control your browser through a WebSocket