CVE-2025-6515 Reuse of session IDs in oatpp-mcp leads to session hijacking and prompt hijacking by remote attackers

The MCP SSE endpoint in oatpp-mcp returns an instance pointer as the session ID, which is not unique nor cryptographically secure. This allows network attackers with access to the oatpp-mcp server to guess future session IDs and hijack legitimate client MCP sessions, returning malicious responses...

CVE-2025-40016

In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Mark invalid entities with id UVCINVALIDENTITYID Per UVC 1.1+ specification 3.7.2, units and terminals must have a non-zero unique ID. Each Unit and Terminal within the video function is assigned a unique...

CVE-2024-56571

In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Require entities to have a non-zero unique ID Per UVC 1.1+ specification 3.7.2, units and terminals must have a non-zero unique ID. Each Unit and Terminal within the video function is assigned a unique...

CVE-2024-20709

creationtimestamp| type| source ---|---|--- 2024-01-11 22:22:05+00:00| seen| https://t.me/ctinow/166872 2024-01-15 14:26:55+00:00| seen| https://t.me/ctinow/168369 2024-02-03 12:46:30+00:00| seen| https://t.me/ctinow/178538...

Understanding the Phobos affiliate structure and activity

Cisco Talos recently identified the most prolific Phobos variants, common affiliate tactics, techniques and procedures TTPs, and characteristics of the Phobos affiliate structure, based on observed Phobos activity and analysis of over 1,000 Phobos samples from VirusTotal dating back to 2019. We...

In TimeswapV2LiquidityToken.sol and TimeswapV2Token.sol, different positions might be minted to the same id.

Lines of code Vulnerability details Impact In this protocol, all positions should have unique ids to track and update their status. Currently, different positions might be minted to the same id and the main logic for the positions will be broken. Proof of Concept TimeswapV2LiquidityToken.mint set...

Fedora: Security Advisory for golang-github-segmentio-ksuid (FEDORA-2022-37aef44d1e)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 35 Update: golang-github-segmentio-ksuid-1.0.4-3.fc35

K-Sortable Globally Unique IDs...

Fedora: Security Advisory for golang-github-segmentio-ksuid (FEDORA-2022-ba365d3703)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

CVE-2020-25838

creationtimestamp| type| source ---|---|--- 2020-12-11 07:35:17+00:00| seen| https://t.me/cibsecurity/19778 2020-12-11 07:38:16+00:00| seen| https://t.me/cibsecurity/19798 2020-12-11 08:25:33+00:00| seen| https://t.me/cibsecurity/19818 2020-12-11 09:25:28+00:00| seen| https://t.me/cibsecurity/198...

Companies that Scrape Your Email

Motherboard has a long article on apps -- Edison, Slice, and Cleanfox -- that spy on your email by scraping your screen, and then sell that information to others: Some of the companies listed in the J.P. Morgan document sell data sourced from "personal inboxes," the document adds. A spokesperson...

Is Privacy Really iPhone? Researchers Weigh in on Apple's Targeted Ad Tracking

Apple has a consistent track record of implementing privacy controls, which it has been touting via a series of saturating “Privacy? That’s iPhone” television ads. Yet, though it may be deservedly capitalizing on the increasing privacy-consciousness of consumers out there and the negative headlin...

U.S. Dept Of Defense: Gateway information leakage

Summary: Many DoD systems use BlueCoat gateways. These gateways insert unique BlueCoat ids that permit tracking DoD users and gaining insight into the DoD network architecture when DoD users access the Internet. Description: I run a popular web service FotoForensics.com -- it's around 150,000 in...