All topics

security

55 pieces of writing

Tabby PR #11228 requires HTTPS for config sync after YAML profiles reached command execution
security7 min read

Tabby PR #11228 requires HTTPS for config sync after YAML profiles reached command execution

PR #11228 in Eugeny/tabby blocks cleartext config sync because a tampered YAML response could inject terminal profiles that later execute commands.

Koodo Reader PR #1598 replaced wildcard CORS with an ALLOWED_ORIGINS allowlist
vulnerability8 min read

Koodo Reader PR #1598 replaced wildcard CORS with an ALLOWED_ORIGINS allowlist

vulnerability7 min read

checkcle PR #224 moved PocketBase JWTs out of localStorage

mcp-searxng PR #71 fixed a CWE-1333 ReDoS in section extraction
vulnerability7 min read

mcp-searxng PR #71 fixed a CWE-1333 ReDoS in section extraction

mcp-searxng interpolated the user-controlled section parameter into a dynamically built regular expression, allowing a malicious MCP client to block the Node.js event loop.

security14 min read

Checkmarx KICS, npm Bitwarden CLI and GlassWorm show developer trust is the supply chain target

security10 min read

Vercel breached through a compromised Context.ai OAuth grant

security9 min read

From tj-actions to LiteLLM to MCP: supply chain compromise now operates at infrastructure scale

Eighteen months of supply chain attacks against AI infrastructure reveal a structural pattern: the build pipeline, the package registry and the runtime protocol all share the same trust model failure.

security9 min read

NPM worms, credential harvesting and 2 billion weekly downloads: supply-chain attacks have professionalised

NVIDIA's RAG Blueprint had a path traversal in its MCP server. We got the fix merged in three days.
vulnerability6 min read

NVIDIA's RAG Blueprint had a path traversal in its MCP server. We got the fix merged in three days.

full-stack-ai-agent-template's webhook service had a full read SSRF with response exfiltration
vulnerability8 min read

full-stack-ai-agent-template's webhook service had a full read SSRF with response exfiltration

The webhook service in vstorm-co's full-stack-ai-agent-template accepted arbitrary URLs and stored HTTP responses in the database, creating a full read SSRF that could exfiltrate cloud metadata credentials. The fix adds DNS-aware URL validation at every code path.

security11 min read

Seven authentication bypasses that keep shipping in 2025 and 2026: the same architectural antipatterns, rewritten in new frameworks

Edict's file:// handler let anyone read files outside the project directory (CWE-22)
vulnerability5 min read

Edict's file:// handler let anyone read files outside the project directory (CWE-22)

AIPex's localhost daemon let any website control your browser through a WebSocket
vulnerability5 min read

AIPex's localhost daemon let any website control your browser through a WebSocket

AIPex's MCP daemon on 127.0.0.1:9223 accepted WebSocket connections from any origin, letting malicious web pages invoke 30+ browser automation tools. A 39-line fix adds origin validation at the single upgrade handler.

security10 min read

LangFlow, n8n and the pattern where AI configuration becomes code execution

Anthropic shipped its entire source code to npm and the internet kept it forever
security10 min read

Anthropic shipped its entire source code to npm and the internet kept it forever