Kibana 8.19.11, 9.2.5 Security Update (ESA-2026-14)

Inefficient Regular Expression Complexity in Kibana Leading to Denial of Service Inefficient Regular Expression Complexity CWE-1333 in the AI Inference Anonymization Engine in Kibana can lead Denial of Service via Regular Expression Exponential Blowup CAPEC-492. Affected Versions: 8.x: All versio...

CVE-2026-27887

Spin is an open source developer tool for building and running serverless applications powered by WebAssembly. When Spin is configured to allow connections to a database or web server which could return responses of unbounded size e.g. tables with many rows or large content bodies, Spin may in so...

EUVD-2026-8796

Spin is an open source developer tool for building and running serverless applications powered by WebAssembly. When Spin is configured to allow connections to a database or web server which could return responses of unbounded size e.g. tables with many rows or large content bodies, Spin may in so...

ZITADEL 安全漏洞

ZITADEL is a modern open-source alternative to Auth0, Firebase Auth, AWS Cognito, and Keycloak, developed for the era of containers and serverless environments by ZITADEL in Switzerland. There were security vulnerabilities in versions of ZITADEL between 2.31.0 and 3.4.7, as well as in version...

refinance-poc

Refi-Ready POC This project is a Proof-of-Concept for a serve...

Exploit for CVE-2025-69256

hi CTT-Serverless-RCE-v1.0---Convergent-Time-Theory-Enhanced-MC...

Important: Red Hat Security Advisory: Release of OpenShift Serverless Logic 1.36.0 security update & enhancements

Release of OpenShift Serverless Logic 1.36.0 Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the...

Why Serverless Risk Demands Identity-Aware Security at Cloud Scale

Key Takeaways Serverless shifts security risk from infrastructure to identity, permissions, and configuration, where small design choices can have an outsized impact. Short-lived cloud credentials reduce persistence but remain powerful; when exposed, they enable authenticated access, escalation,...

PoC-Apisix

PoC-Apisix RCE via serverless-pre-function plugin when Admi...

Command Injection

Serverless Framework is vulnerable to Command Injection. The vulnerability is due to unsanitized user input being passed to childprocess.exec in the experimental MCP server feature, which allows an attacker to inject shell metacharacters and execute arbitrary system commands with the privileges o...

CVE-2025-69256

The Serverless Framework is a framework for using AWS Lambda and other managed cloud services to build applications. Starting in version 4.29.0 and prior to version 4.29.3, a command injection vulnerability exists in the Serverless Framework's built-in MCP server package @serverless/mcp. This...

EUVD-2025-205851

serverless MCP Server vulnerable to Command Injection in list-projects tool...

GHSA-RWC2-F344-Q6W6 serverless MCP Server vulnerable to Command Injection in list-projects tool

Summary A command injection vulnerability exists in the Serverless Framework's built-in MCP server package @serverless/mcp. This vulnerability only affects users of the experimental MCP server feature serverless mcp, which represents less than 0.1% of Serverless Framework users. The core Serverle...

serverless MCP Server vulnerable to Command Injection in list-projects tool

Summary A command injection vulnerability exists in the Serverless Framework's built-in MCP server package @serverless/mcp. This vulnerability only affects users of the experimental MCP server feature serverless mcp, which represents less than 0.1% of Serverless Framework users. The core Serverle...

CVE-2025-69256

The Serverless Framework is a framework for using AWS Lambda and other managed cloud services to build applications. Starting in version 4.29.0 and prior to version 4.29.3, a command injection vulnerability exists in the Serverless Framework's built-in MCP server package @serverless/mcp. This...

CVE-2025-69256 serverless MCP Server vulnerable to command injection in list-projects tool

The Serverless Framework is a framework for using AWS Lambda and other managed cloud services to build applications. Starting in version 4.29.0 and prior to version 4.29.3, a command injection vulnerability exists in the Serverless Framework's built-in MCP server package @serverless/mcp. This...

CVE-2025-69256

CVE-2025-69256 : The Serverless Framework MCP Server vulnerability enables command injection via unsanitized user input in the list-projects tool. The issue arises when building shell commands with workspaceRoots (user-controlled) and calling child_process.exec without proper sanitization, allowi...

CVE-2025-69256 serverless MCP Server vulnerable to command injection in list-projects tool

The Serverless Framework is a framework for using AWS Lambda and other managed cloud services to build applications. Starting in version 4.29.0 and prior to version 4.29.3, a command injection vulnerability exists in the Serverless Framework's built-in MCP server package @serverless/mcp. This...

CVE-2025-69256 serverless MCP Server vulnerable to command injection in list-projects tool

The Serverless Framework is a framework for using AWS Lambda and other managed cloud services to build applications. Starting in version 4.29.0 and prior to version 4.29.3, a command injection vulnerability exists in the Serverless Framework's built-in MCP server package @serverless/mcp. This...

PT-2025-54216

Name of the Vulnerable Software and Affected Versions Serverless Framework versions 4.29.0 through 4.29.2 Description The Serverless Framework includes a command injection issue within the built-in MCP server package @serverless/mcp. This affects users utilizing the experimental MCP server featur...