EUVD-2026-37812

BBOT: Path traversal Zip-Slip in unarchive module - incomplete fix for CVE-2025-10284...

kiro-cybersecurity-skills

CyberSecurity Skills A collection of 15 security workflows co...

robot

Good all day, my friends, I finally finished the first versio...

sec-recon-agent

sec-recon-agent Type-safe security triage built on Pydantic A...

secscan

secscan !PyPI versionhttps://img.shields.io/pypi/v/secsca...

Clawed and Dangerous: Can We Trust Open Agentic Systems?

Open agentic systems combine LLM-based planning with external capabilities, persistent memory, and privileged execution. They are used in coding assistants, browser copilots, and enterprise automation. OpenClaw is a visible instance of this broader class. Without much attention yet, their securit...

Targeted Bit-Flip Attacks on LLM-Based Agents

Targeted bit-flip attacks BFAs exploit hardware faults to manipulate model parameters, posing a significant security threat. While prior work targets single-step inference models e.g., image classifiers, LLM-based agents with multi-stage pipelines and external tools present new attack surfaces,...

PT-2026-41180

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.8.6 Description A flaw in the chat completion API allows users to bypass tool restrictions, potentially leading to unauthorized actions or access. In the '/api/chat/completions' endpoint, the tool ids and tool...

CVE-2026-1772

RTU500 web interface: An unprivileged user can read user management information. The information cannot be accessed via the RTU500 web user interface but requires further tools like browser development utilities to access them without required privileges...

CVE-2026-1772

CVE-2026-1772 concerns the RTU500 web interface, where an unprivileged user can read user management information. The vulnerability does not require UI access and can be exploited via browser developer tools, with no user interaction and network-based access. The CVSS 4.0 vector indicates: AV:N/A...

pentest-scripts

Pentest Scripts - Unified Security Testing Framework 🎯 Qui...

EUVD-2024-3513

Malicious code in bioql PyPI...

Connect Your AI to Everything: Spring AI's MCP Boot Starters

The Model Context Protocol MCP standardizes how AI applications interact with external tools and resources. Spring joined the MCP ecosystem early as a key contributor, helping to develop and maintain the official MCP Java SDK that serves as the foundation for Java-based MCP implementations...

Linux Distros Unpatched Vulnerability : CVE-2024-53863

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Synapse is an open-source Matrix homeserver. In Synapse versions before 1.120.1, enabling the dynamicthumbnails option or processing a specially crafted request...

AutoPentest: Enhancing Vulnerability Management with Autonomous LLM Agents

A recent area of increasing research is the use of Large Language Models LLMs in penetration testing, which promises to reduce costs and thus allow for higher frequency. We conduct a review of related work, identifying best practices and common evaluation issues. We then present AutoPentest, an...

CVE-2025-0217

BeyondTrust Privileged Remote Access PRA versions prior to 25.1 are vulnerable to a local authentication bypass. A local authenticated attacker can view the connection details of a ShellJump session that was initiated with external tools, allowing unauthorized access to connected sessions...

Dynamic Tool Updates in Spring AI's Model Context Protocol

The Model Context Protocol MCP is a powerful feature in Spring AI that enables AI models to access external tools and resources through a standardized interface. One interesting capabilities of MCP is its ability to dynamically update available tools at runtime. This blog post explores how Spring...

USN-7444-1: Synapse vulnerabilities

It was discovered that Synapse network policies could be bypassed via specially crafted URLs. An attacker could possibly use this issue to bypass authentication mechanisms. CVE-2023-32683 It was discovered that Synapse exposed cached device information. An attacker could possibly use this issue t...

Synapse can be forced to thumbnail unexpected file formats, invoking external, potentially untrustworthy decoders

Impact In Synapse versions before 1.120.1, enabling the dynamicthumbnails option or processing a specially crafted request could trigger the decoding and thumbnail generation of uncommon image formats, potentially invoking external tools like Ghostscript for processing. This significantly expands...

DEBIAN-CVE-2024-53863

Synapse is an open-source Matrix homeserver. In Synapse versions before 1.120.1, enabling the dynamicthumbnails option or processing a specially crafted request could trigger the decoding and thumbnail generation of uncommon image formats, potentially invoking external tools like Ghostscript for...