Attested Tool-Server Admission: A Security Extension to the Model Context Protocol

The Model Context Protocol MCP standardizes how a large-language-model LLM agent and an external tool server exchange messages, but not trust: a host reads a server's self-declared tool list and dispatches calls, with no notion of which servers it may use, at what sensitivity, or which of a...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: schedext: Fixed stale direct dispatch state in ddspdsqid @p-scx.ddspdsqid can be left set non-SCXDSQINVALID, causing a spurious warning in markdirectdispatch when the next wakeup’s ops.selectcpu calls scxbpfdsqinsert. For example...

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.31 contained security vulnerabilities. These vulnerabilities stemmed from incomplete range clearance issues in the trusted proxy authentication mode, which could allow attackers...

CVE-2026-40599 ClearanceKit: Ad-hoc signed binaries can spoof Apple process identities in the global allowlist

ClearanceKit intercepts file-system access events on macOS and enforces per-process access policies. Prior to 5.0.5, ClearanceKit incorrectly treats a process with an empty Team ID and a non-empty Signing ID as an Apple platform binary. This bug allows a malicious software to impersonate an apple...

EUVD-2026-24209

ClearanceKit intercepts file-system access events on macOS and enforces per-process access policies. Prior to 5.0.5, ClearanceKit incorrectly treats a process with an empty Team ID and a non-empty Signing ID as an Apple platform binary. This bug allows a malicious software to impersonate an apple...

EUVD-2026-17484

ClearanceKit intercepts file-system access events on macOS and enforces per-process access policies. Prior to version 4.2.14, two related startup defects created a window during which only the single compile-time baseline rule was enforced by opfilter. All managed MDM-delivered and user-defined...

ClearanceKit 安全漏洞

ClearanceKit is a macOS file system access control tool developed by Craig J. Bass. Versions of ClearanceKit 4.1 and earlier contained security vulnerabilities; these vulnerabilities stemmed from the failure to intercept seven types of file operation events, which could lead to bypassing file...

CVE-2026-3056

The Seraphinite Accelerator plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the seraphaccelapi AJAX action with fn=LogClear in all versions up to, and including, 2.28.14. This makes it possible for authenticated attackers, with...

MiracleLinux 7 : kernel-3.10.0-1160.15.2.el7 (AXSA:2021-1471:03)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-1471:03 advisory. kernel: use-after-free in fs/blockdev.c CVE-2020-15436 kernel: Nfsd failure to clear umask after processing an open or create CVE-2020-35513 Tenable...

CVE-2022-42235

A Stored XSS issue in Student Clearance System v.1.0 allows the injection of arbitrary JavaScript in the Student registration form...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from not holding a namespace lock when clearing peer group IDs, which could result in concurrent changes to the mount...

PT-2025-51853

Mattermost Desktop App versions 6.0.0 fail to sanitize sensitive information from Mattermost logs and clear data on server deletion which allows an attacker with access to the users system to gain access to potentially sensitive information via reading the application logs...

CVE-2025-14206

A vulnerability was determined in SourceCodester Online Student Clearance System 1.0. The affected element is an unknown function of the file /Admin/delete-fee.php of the component Fee Table Handler. Executing manipulation of the argument ID can lead to improper authorization. The attack may be...

CVE-2025-14206 SourceCodester Online Student Clearance System Fee Table delete-fee.php improper authorization

A vulnerability was determined in SourceCodester Online Student Clearance System 1.0. The affected element is an unknown function of the file /Admin/delete-fee.php of the component Fee Table Handler. Executing manipulation of the argument ID can lead to improper authorization. The attack may be...

EUVD-2025-201617

A vulnerability was determined in SourceCodester Online Student Clearance System 1.0. The affected element is an unknown function of the file /Admin/delete-fee.php of the component Fee Table Handler. Executing manipulation of the argument ID can lead to improper authorization. The attack may be...

CVE-2025-14206 SourceCodester Online Student Clearance System Fee Table delete-fee.php improper authorization

A vulnerability was determined in SourceCodester Online Student Clearance System 1.0. The affected element is an unknown function of the file /Admin/delete-fee.php of the component Fee Table Handler. Executing manipulation of the argument ID can lead to improper authorization. The attack may be...

CVE-2025-14206

CVE-2025-14206 affects SourceCodester Online Student Clearance System 1.0 in the Fee Table Handler, specifically /Admin/delete-fee.php. Manipulating the ID parameter can lead to improper authorization, with remote exploitation; public exploit details exist. Remediation guidance across connected s...

PT-2025-49420

Name of the Vulnerable Software and Affected Versions SourceCodester Online Student Clearance System version 1.0 Description A flaw exists in the system that could allow improper authorization. This issue stems from manipulating the ID argument within an unknown function of the file...

SourceCodester Online Student Clearance System 授权问题漏洞

SourceCodester Online Student Clearance System is a SourceCodester open source online student management system. An authorization issue vulnerability exists in version 1.0 of the SourceCodester Online Student Clearance System, which stems from incorrect manipulation of the parameter ID in the fil...

CVE-2025-13586

A flaw has been found in SourceCodester Online Student Clearance System 1.0. Impacted is an unknown function of the file /Admin/changepassword.php. This manipulation of the argument txtconfirmpassword causes sql injection. It is possible to initiate the attack remotely. The exploit has been...