📄 Visual Studio 1.39.0 Remote Debugger

Visual Studio versions 1.30.0 through 1.39.0 had a remote debugger enabled by default that could cause multiple security issues. Code included to scan for any listeners...

RHSA-2025:22672 Red Hat Security Advisory: java-21-ibm-semeru-certified-jdk security update

Bulletin has no description...

[SECURITY] Fedora 43 Update: ubertooth-2020.12.R1-24.fc43

Project Ubertooth is an open source wireless development platform suitable for Bluetooth experimentation. Ubertooth ships with a capable BLE Bluetooth Smart sniffer and can sniff some data from Basic Rate BR Bluetooth Classic connections...

RHEL 10 : java-21-ibm-semeru-certified-jdk (RHSA-2025:22672)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:22672 advisory. The IBM Semeru Runtime Certified Edition 21 runtime environment. Security Fixes: openjdk: Enhance Path Factories Oracle CPU 2025-10...

CVE-2025-66414 DNS Rebinding Protection Disabled by Default in Model Context Protocol TypeScript SDK for Servers Running on Localhost

MCP TypeScript SDK is the official TypeScript SDK for Model Context Protocol servers and clients. Prior to 1.24.0, The Model Context Protocol MCP TypeScript SDK does not enable DNS rebinding protection by default for HTTP-based servers. When an HTTP-based MCP server is run on localhost without...

How to build forward-thinking cybersecurity teams for tomorrow

We are witnessing something unprecedented in cybersecurity: the democratization of advanced cyberattack capabilities. What once required nation-state resources sophisticated social engineering, polymorphic malware, coordinated infrastructure now fits in a prompt window. AI is no longer a futurist...

GHSA-9H52-P55H-VW2F Model Context Protocol (MCP) Python SDK does not enable DNS rebinding protection by default

Description The Model Context Protocol MCP Python SDK does not enable DNS rebinding protection by default for HTTP-based servers. When an HTTP-based MCP server is run on localhost without authentication using FastMCP with streamable HTTP or SSE transport, and has not configured...

CVE-2025-41700

An unauthenticated attacker can trick a local user into executing arbitrary code by opening a deliberately manipulated CODESYS project file with a CODESYS development system. This arbitrary code is executed in the user context...

AMS Development GAMS 安全漏洞

AMS Development GAMS is an algebraic modeling system from AMS Development India. AMS Development GAMS suffers from a security vulnerability that stems from checksums and the use of insecure algorithms that could lead to the generation of an unlimited valid license...

ESP-IDF 缓冲区错误漏洞

ESP-IDF is an Espressif open source development framework for Espressif SoCs supported on Windows, Linux and macOS. A buffer error vulnerability exists in ESP-IDF versions 5.5.1, 5.4.3, 5.3.4, 5.2.6, 5.1.6, and prior versions, which stems from insufficient validation of the buffer length when AVR...

The Developer's Newest Bug: Speed

The Developer's Newest Bug: Speed By Tola Olawale · December 2, 2025 Artificial intelligence AI has unequivocally entered its “main character” era, moving from a niche tool to a universal creator. This massive shift has given rise to "vibe coding ": the practice of using AI to generate functional...

CVE-2025-66412

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 21.0.2, 20.3.15, and 19.2.17, A Stored Cross-Site Scripting XSS vulnerability has been identified in the Angular Template Compiler. It occurs because the...

EUVD-2025-200042

Malicious code in solana-dev-mcp npm...

CVE-2025-41700

An unauthenticated attacker can trick a local user into executing arbitrary code by opening a deliberately manipulated CODESYS project file with a CODESYS development system. This arbitrary code is executed in the user context...

CVE-2025-41700 CODESYS Development System - Deserialization of Untrusted Data

An unauthenticated attacker can trick a local user into executing arbitrary code by opening a deliberately manipulated CODESYS project file with a CODESYS development system. This arbitrary code is executed in the user context...

CVE-2025-41700

The CVE-2025-41700 entry concerns CODESYS Development System. The connected sources describe a vulnerability where an unauthenticated attacker can cause arbitrary code execution by tricking a local user into opening a specially crafted CODESYS project file, with code executed in the user’s contex...

CVE-2025-41700 CODESYS Development System - Deserialization of Untrusted Data

An unauthenticated attacker can trick a local user into executing arbitrary code by opening a deliberately manipulated CODESYS project file with a CODESYS development system. This arbitrary code is executed in the user context...

Exploit for Out-of-bounds Read in Openssl

--- Cybersecurity Labs Portfolio This repository contain...

CODESYS Development System 代码问题漏洞

CODESYS Development System is a suite of programming tools for use in the field of industrial controllers and automation technology from CODESYS, Germany. A code issue vulnerability exists in CODESYS Development System, which can be exploited by an unauthenticated attacker to trick a local user...

libcoap-devel-4.3.5a-1.1 on GA media (moderate)

libcoap-devel-4.3.5a-1.1 on GA media Announcement ID: openSUSE-SU-2025:15780-1 Rating: moderate Cross-References: CVE-2025-65493 CVE-2025-65494 CVE-2025-65495 CVE-2025-65496 CVE-2025-65497 CVE-2025-65498 CVE-2025-65499 CVE-2025-65500 CVE-2025-65501 Affected Products: openSUSE Tumbleweed An update...