Archive
61 pieces of security research, engineering and field notes.
AReaL's proxy rollout server used a public default admin API key while binding to a network interface by default. PR #1323 turns that insecure default into a startup failure.
Harbor accepted remotely downloaded profile values that could later be expanded through eval, allowing command injection through a configuration import path. PR #236 adds validation before remote profiles are installed.
Softeria's ms-365-mcp-server forwarded client-supplied OAuth redirect_uri values to Microsoft Entra without local validation. PR #456 adds scheme checks, loopback-only HTTP defaults and an exact-match allowlist for hosted deployments.
CodeGraphContext's visualisation endpoint accepted arbitrary Cypher through /api/graph and passed it directly to Neo4j. PR #882 adds the missing read-only guard.
PR #11228 in Eugeny/tabby blocks cleartext config sync because a tampered YAML response could inject terminal profiles that later execute commands.
mcp-searxng interpolated the user-controlled section parameter into a dynamically built regular expression, allowing a malicious MCP client to block the Node.js event loop.
Checkmarx KICS, npm Bitwarden CLI packages and GlassWorm show how supply chain compromise has moved from poisoned code to weaponised developer trust.
A compromised AI productivity tool called Context.ai gave attackers OAuth access to a Vercel employee's Google Workspace, pivoting into internal systems. The AI tool supply chain is the new CI/CD supply chain.
Eighteen months of supply chain attacks against AI infrastructure reveal a structural pattern: the build pipeline, the package registry and the runtime protocol all share the same trust model failure.
A CWE-22 path traversal in NVIDIA's RAG Blueprint MCP server allowed any MCP client to read arbitrary files and ingest them into the RAG collection. We submitted the fix and NVIDIA merged it.
Modern frameworks keep reimplementing the same seven authentication bypass patterns. From hardcoded credentials to missing origin checks, the bugs are structural, not accidental, and the AI tooling boom is accelerating the cycle.
CVE-2025-10492, a CVSS 9.8 Java deserialisation flaw in the JasperReports component of Hitachi Energy Ellipse, enables unauthenticated RCE on critical manufacturing systems. No patch exists for the community edition of the underlying library.
