Important: Red Hat Security Advisory: satellite/foreman-mcp-server-rhel9 container image available as a Technology Preview

A new satellite/foreman-mcp-server-rhel9 container image is now available as a Technology Preview in the Red Hat container registry. Satellite provides a container image that you can use to run an MCP server locally. The MCP server for Satellite is designed for advanced reporting and data analysi...

web-app-security-lab

Vulnerable Web App — Attack & Defend Lab A deliberately-vulne...

EUVD-2026-30331

Kubetail is a real-time logging dashboard for Kubernetes. Prior to 0.14.0, Kubetail's dashboard exposes WebSocket endpoints that did not adequately validate the Origin header on connection upgrade. A malicious web page visited by a user with an active Kubetail session could open a WebSocket to th...

CVE-2026-26015

DocsGPT is a GPT-powered chat for documentation. From version 0.15.0 to before version 0.16.0, an attacker accessing both the official DocsGPT website or any local and public deployment, can craft a malicious payload bypassing the "MCP test" behavior to achieve arbitrary remote code execution RCE...

LanG -- a Governance-Aware Agentic AI Platform for Unified Security Operations

Modern Security Operations Centers struggle with alert fatigue, fragmented tooling, and limited cross-source event correlation. Challenges that current Security Information Event Management and Extended Detection and Response systems only partially address through fragmented tools. This paper...

CVE-2026-25640

A flaw was found in Pydantic AI. A remote attacker can exploit a path traversal vulnerability in the Pydantic AI web UI by crafting a malicious URL. This vulnerability arises from insufficient validation of the version query parameter, allowing the server to fetch and serve attacker-controlled HT...

CVE-2026-25640

Pydantic AI (web UI) is affected by CVE-2026-25640 in versions 1.34.0–1.50.x. The vulnerability stems from insufficient validation of the version query parameter used to build the CDN URL for the frontend, allowing path traversal that can cause the server to fetch and serve attacker-controlled HT...

Microsoft Windows Admin Center 数据伪造问题漏洞

Microsoft Windows Admin Center is a locally deployed browser-based application from Microsoft USA. The program is primarily used to manage servers, clusters, and more. Microsoft Windows Admin Center is vulnerable to a data forgery issue. An attacker can exploit this vulnerability to elevate...

Small Language Models for Phishing Website Detection: Cost, Performance, and Privacy Trade-Offs

Phishing websites pose a major cybersecurity threat, exploiting unsuspecting users and causing significant financial and organisational harm. Traditional machine learning approaches for phishing detection often require extensive feature engineering, continuous retraining, and costly infrastructur...

Bridging Semantics and Structure for Software Vulnerability Detection Using Hybrid Network Models

Software vulnerabilities remain a persistent risk, yet static and dynamic analyses often overlook structural dependencies that shape insecure behaviors. Viewing programs as heterogeneous graphs, we capture control- and data-flow relations as complex interaction networks. Our hybrid framework...

CVE-2025-59159 SillyTavern Web Interface Vulnerable to DNS Rebinding

SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. In versions prior to 1.13.4, the web user interface for SillyTavern is susceptible to DNS rebinding, allowing...

EUVD-2024-0069

Malicious code in bioql PyPI...

Microsoft SharePoint Server Remote Code Execution Vulnerability

SharePoint Server is a locally deployed enterprise collaboration platform from Microsoft that supports content sharing, knowledge management, and application integration, and works seamlessly with Microsoft 365 subscriptions to access the latest features. A remote code execution vulnerability...

编号撤回

Ollama is a large language model that can be started and run locally by Ollama Open Source. This CVE number has been withdrawn...

yimioa 安全漏洞

yimioa CloudNet OA is a locally deployed OA software by rabbit individual developers. A security vulnerability exists in yimioa versions prior to v2024.07.04, which stems from an information leak in the application.yml component...

Ivanti CSA 操作系统命令注入漏洞

Ivanti CSA is a locally deployed virtual appliance designed to simplify and enhance the integration of Ivanti products with cloud services. The Ivanti CSA suffers from an OS command injection vulnerability that stems from the application failing to properly filter constructed command special...

JetBrains YouTrack 日志信息泄露漏洞

JetBrains YouTrack is a project management tool developed by JetBrains that supports cloud hosting and local deployment. JetBrains YouTrack suffers from a log information disclosure vulnerability that stems from the fact that persistent tokens can be exposed in logs. An attacker can exploit this...

JetBrains YouTrack Path Traversal Vulnerability

JetBrains YouTrack is a project management tool, developed by JetBrains, supporting cloud hosting and local deployment, providing task management, team collaboration, time tracking and other features for software development, human resources and other scenarios. JetBrains YouTrack suffers from a...

JetBrains YouTrack Denial of Service Vulnerability

JetBrains YouTrack is a project management tool developed by JetBrains that supports cloud hosting and local deployment. A denial of service vulnerability exists in JetBrains YouTrack, which can be exploited by an attacker to execute a regular expression resulting in a denial of service...

JetBrains YouTrack 安全漏洞

JetBrains YouTrack is a project management tool, developed by JetBrains, supporting cloud hosting and local deployment, providing task management, team collaboration, time tracking and other features for software development, human resources and other scenarios. JetBrains YouTrack suffers from a...