67 matches found
CVE-2026-45555
Roslyn CodeLens MCP Server is a Roslyn-based MCP server providing semantic code intelligence for .NET codebases. From 0.0.9 to 1.17.0, the getdiagnostics MCP tool loads and executes all DiagnosticAnalyzer assemblies referenced by the target solution without any allowlist, signature check, or user...
EUVD-2026-33302
Roslyn CodeLens MCP Server is a Roslyn-based MCP server providing semantic code intelligence for .NET codebases. From 0.0.9 to 1.17.0, the getdiagnostics MCP tool loads and executes all DiagnosticAnalyzer assemblies referenced by the target solution without any allowlist, signature check, or user...
PT-2026-44846
Roslyn CodeLens MCP Server is a Roslyn-based MCP server providing semantic code intelligence for .NET codebases. From 0.0.9 to 1.17.0, the get diagnostics MCP tool loads and executes all DiagnosticAnalyzer assemblies referenced by the target solution without any allowlist, signature check, or use...
Can I Check What I Designed? Mapping Security Design DSLs to Code Analyzers
When assessing the potential impact of code-level vulnerabilities, e.g., discovered by automated analyzers, it is essential to consider them in the context of the system's security design. However, this is a challenging task due to the abstraction gap between security design, often specified usin...
SNF - Shadow Network Fingerprinting Engine
SNF Shadow Network Fingerprinting Engine is a 100% offline, air-gap-native passive network intelligence engine written entirely in Rust. It was designed from the ground up for environments where outbound connectivity is not just unavailable but prohibited: classified defense networks, nuclear...
False Security Confidence in Benign LLM Code Generation
Prior work has demonstrated that functionally correct yet vulnerable outputs arise systematically in threat-oriented settings, where adversarial or implicit channels are used to induce security failures in code agents and automated patching workflows. This note introduces a complementary but...
Many Tools, Few Exploitable Vulnerabilities: A Survey of 246 Static Code Analyzers for Security
Static security analysis is a widely used technique for detecting software vulnerabilities across a wide range of weaknesses, application domains, and programming languages. While prior work surveyed static analyzes for specific weaknesses or application domains, no overview of the entire securit...
EUVD-2025-206138
Signal K Server Vulnerable to Unauthenticated Information Disclosure via Exposed Endpoints...
CVE-2025-68273
Summary: CVE-2025-68273 affects Signal K Server prior to version 2.19.0, exposing unauthenticated information via exposed endpoints and enabling information disclosure of the vessel data schema, connected serial devices, and analyzer tools. The root cause is missing authentication protection for ...
CVE-2025-14097
A vulnerability in the application software of multiple Radiometer products may allow remote code execution and unauthorized device management when specific internal conditions are met. Exploitation requires that a remote connection is established with additional information obtained through othe...
CVE-2025-14096
A vulnerability exists in multiple Radiometer products that allow an attacker with physical access to the analyzer possibility to extract credential information. The vulnerability is due to a weakness in the design and insufficient credential protection in operating system. Other related CVE's ar...
EUVD-2025-203889
A vulnerability exists in multiple Radiometer products that allow an attacker with physical access to the analyzer possibility to extract credential information. The vulnerability is due to a weakness in the design and insufficient credential protection in operating system. Other related CVE's ar...
PT-2025-51827
Name of the Vulnerable Software and Affected Versions Radiometer products affected versions not specified Description A security issue exists in multiple Radiometer products that could allow an attacker with physical access to the analyzer to obtain credential information. The vulnerability is du...
EUVD-2025-29364
Malicious code in bioql PyPI...
Anritsu ShockLine 代码问题漏洞
Anritsu ShockLine is a series of vector network analyzers from Anritsu Japan. A code issue vulnerability exists in Anritsu ShockLine that stems from insufficient validation of CHX file parsing data, which could lead to remote code execution...
CVE-2025-49582
XWiki is a generic wiki platform. When editing content that contains "dangerous" macros like malicious script macros that were authored by a user with fewer rights, XWiki warns about the execution of these macros since XWiki 15.9RC1. These required rights analyzers that trigger these warnings are...
XWiki's required right warnings for macros are incomplete
Impact When editing content that contains "dangerous" macros like malicious script macros that were authored by a user with fewer rights, XWiki warns about the execution of these macros since XWiki 15.9RC1. These required rights analyzers that trigger these warnings are incomplete, allowing an...
CVE-2025-49582
XWiki is a generic wiki platform. When editing content that contains "dangerous" macros like malicious script macros that were authored by a user with fewer rights, XWiki warns about the execution of these macros since XWiki 15.9RC1. These required rights analyzers that trigger these warnings are...
CVE-2025-49582 XWiki's required right warnings for macros are incomplete
XWiki is a generic wiki platform. When editing content that contains "dangerous" macros like malicious script macros that were authored by a user with fewer rights, XWiki warns about the execution of these macros since XWiki 15.9RC1. These required rights analyzers that trigger these warnings are...
CVE-2025-49582 XWiki's required right warnings for macros are incomplete
XWiki is a generic wiki platform. When editing content that contains "dangerous" macros like malicious script macros that were authored by a user with fewer rights, XWiki warns about the execution of these macros since XWiki 15.9RC1. These required rights analyzers that trigger these warnings are...