EDK2 安全漏洞

EDK2 is a set of cross-platform firmware development environments from the Tianocore community based on the UEFI and PI specifications. A security vulnerability exists in EDK2 that stems from improper input validation and could lead to arbitrary command execution...

PT-2025-50131

Name of the Vulnerable Software and Affected Versions DNG SDK versions 1.7.0 and earlier Description The DNG SDK is affected by an Integer Overflow or Wraparound issue. Successful exploitation could lead to arbitrary code execution with the privileges of the current user. User interaction is...

PT-2025-50132

Name of the Vulnerable Software and Affected Versions DNG SDK versions 1.7.0 and earlier Description The DNG SDK is affected by a Heap-based Buffer Overflow that may result in memory exposure or application denial of service. An attacker could exploit this issue to disclose sensitive memory...

PT-2025-50276

Name of the Vulnerable Software and Affected Versions @vitejs/plugin-rs versions 0.5.5 and below Description The @vitejs/plugin-rs software, which provides React Server Components RSC support for Vite, contains a flaw that could allow for arbitrary remote code execution on the development server...

Amazon Linux 2023 : bpftool, kernel, kernel-devel (ALAS2023-2025-1297)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1297 advisory. In the Linux kernel, the following vulnerability has been resolved: crypto: essiv - Check ssize for decryption and in-place encryption CVE-2025-40019 In the Linux kernel, the following...

GHSA-J76J-5P5G-9WFR @vitejs/plugin-rsc Remote Code Execution through unsafe dynamic imports in RSC server function APIs on development server

Summary Arbitrary Remote Code Execution on development server via unsafe dynamic imports in @vitejs/plugin-rsc server function APIs loadServerAction, decodeReply, decodeAction when integrated into RSC applications that expose server function endpoints. Impact Attackers with network access to the...

Arbitrary Code Injection

Overview @vitejs/plugin-rsc is a React Server Components RSC support for Vite. Affected versions of this package are vulnerable to Arbitrary Code Injection via unsafe dynamic imports in the loadServerAction, decodeReply, and decodeAction server APIs. An attacker can execute arbitrary JavaScript...

@vitejs/plugin-rsc Remote Code Execution through unsafe dynamic imports in RSC server function APIs on development server

Summary Arbitrary Remote Code Execution on development server via unsafe dynamic imports in @vitejs/plugin-rsc server function APIs loadServerAction, decodeReply, decodeAction when integrated into RSC applications that expose server function endpoints. Impact Attackers with network access to the...

Researcher Uncovers 30+ Flaws in AI Coding Tools Enabling Data Theft and RCE Attacks

Over 30 security vulnerabilities have been disclosed in various artificial intelligence AI-powered Integrated Development Environments IDEs that combine prompt injection primitives with legitimate features to achieve data exfiltration and remote code execution. The security shortcomings have been...

EUVD-2025-201493

A vulnerability exists in Google Apigee's JavaCallout policy https://docs.apigee.com/api-platform/reference/policies/java-callout-policy that allows for remote code execution. It is possible for a user to write a JavaCallout that injected a malicious object into the MessageContext to execute...

Development files shipped in files_pdfviewer app

None...

poc-miyabi

poc-miyab...

📄 Visual Studio 1.39.0 Remote Debugger

Visual Studio versions 1.30.0 through 1.39.0 had a remote debugger enabled by default that could cause multiple security issues. Code included to scan for any listeners...

RHSA-2025:22672 Red Hat Security Advisory: java-21-ibm-semeru-certified-jdk security update

Bulletin has no description...

[SECURITY] Fedora 43 Update: ubertooth-2020.12.R1-24.fc43

Project Ubertooth is an open source wireless development platform suitable for Bluetooth experimentation. Ubertooth ships with a capable BLE Bluetooth Smart sniffer and can sniff some data from Basic Rate BR Bluetooth Classic connections...

RHEL 10 : java-21-ibm-semeru-certified-jdk (RHSA-2025:22672)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:22672 advisory. The IBM Semeru Runtime Certified Edition 21 runtime environment. Security Fixes: openjdk: Enhance Path Factories Oracle CPU 2025-10...

CVE-2025-66414 DNS Rebinding Protection Disabled by Default in Model Context Protocol TypeScript SDK for Servers Running on Localhost

MCP TypeScript SDK is the official TypeScript SDK for Model Context Protocol servers and clients. Prior to 1.24.0, The Model Context Protocol MCP TypeScript SDK does not enable DNS rebinding protection by default for HTTP-based servers. When an HTTP-based MCP server is run on localhost without...

How to build forward-thinking cybersecurity teams for tomorrow

We are witnessing something unprecedented in cybersecurity: the democratization of advanced cyberattack capabilities. What once required nation-state resources sophisticated social engineering, polymorphic malware, coordinated infrastructure now fits in a prompt window. AI is no longer a futurist...

GHSA-9H52-P55H-VW2F Model Context Protocol (MCP) Python SDK does not enable DNS rebinding protection by default

Description The Model Context Protocol MCP Python SDK does not enable DNS rebinding protection by default for HTTP-based servers. When an HTTP-based MCP server is run on localhost without authentication using FastMCP with streamable HTTP or SSE transport, and has not configured...

CVE-2025-41700

An unauthenticated attacker can trick a local user into executing arbitrary code by opening a deliberately manipulated CODESYS project file with a CODESYS development system. This arbitrary code is executed in the user context...