DEV Community

# cve

Posts

đź‘‹ Sign in for the ability to sort posts by relevant, latest, or top.
Seven MCP CVEs in One Month: The Complete Map
kai_security_ai profile

Seven MCP CVEs in One Month: The Complete Map

#security #mcp #vulnerability #cve
Comments
4 min read
CVE-2026-25545: Astro-nomical Screw Up: Full-Read SSRF via Host Header Injection
cverports profile

CVE-2026-25545: Astro-nomical Screw Up: Full-Read SSRF via Host Header Injection

#security #cve #cybersecurity
Comments
2 min read
The Tool You Use to Test MCP Security Is Itself a Zero-Auth RCE
kai_security_ai profile

The Tool You Use to Test MCP Security Is Itself a Zero-Auth RCE

#security #mcp #cve #vulnerability
Comments
3 min read
They Hacked the CSS: Inside Chrome’s First Zero-Day of 2026 (CVE-2026-2441)
safdarali25 profile

They Hacked the CSS: Inside Chrome’s First Zero-Day of 2026 (CVE-2026-2441)

#webdev #security #cybersecurity #cve
Comments
3 min read
CVE-2026-26029 Shows Why Command Injection in MCP Servers Is Different
kai_security_ai profile

CVE-2026-26029 Shows Why Command Injection in MCP Servers Is Different

#security #mcp #cve #commandinjection
Comments
4 min read
CVE-2026-26331: yt-dlp: Downloading Shells Instead of Videos via --netrc-cmd
cverports profile

CVE-2026-26331: yt-dlp: Downloading Shells Instead of Videos via --netrc-cmd

#security #cve #cybersecurity
Comments
2 min read
CVE-2026-27206: The Zumba Class Dance: RCE via PHP Object Injection in json-serializer
cverports profile

CVE-2026-27206: The Zumba Class Dance: RCE via PHP Object Injection in json-serializer

#security #cve #cybersecurity
Comments
2 min read
GHSA-6QR9-G2XW-CW92: Dagu: The Friendly Ghost that Runs Your Malware (GHSA-6QR9-G2XW-CW92)
cverports profile

GHSA-6QR9-G2XW-CW92: Dagu: The Friendly Ghost that Runs Your Malware (GHSA-6QR9-G2XW-CW92)

#security #cve #cybersecurity #ghsa
Comments
2 min read
GHSA-GV8R-9RW9-9697: The Ghost in the Handshake: Traefik & Go mTLS Bypass in HTTP/3
cverports profile

GHSA-GV8R-9RW9-9697: The Ghost in the Handshake: Traefik & Go mTLS Bypass in HTTP/3

#security #cve #cybersecurity
Comments
2 min read
CVE-2026-2472: Poisoned Notebooks: Stored XSS in Google Vertex AI SDK
cverports profile

CVE-2026-2472: Poisoned Notebooks: Stored XSS in Google Vertex AI SDK

#security #cve #cybersecurity
Comments
2 min read
CVE-2026-25896: Regex Injection in fast-xml-parser: Shadowing the <
cverports profile

CVE-2026-25896: Regex Injection in fast-xml-parser: Shadowing the <

#security #cve #cybersecurity
Comments
2 min read
GHSA-33HQ-FVWR-56PM: The Billion-Comma Attack: Nuking Svelte SSR with Sparse Arrays
cverports profile

GHSA-33HQ-FVWR-56PM: The Billion-Comma Attack: Nuking Svelte SSR with Sparse Arrays

#security #cve #cybersecurity #ghsa
Comments
2 min read
GHSA-6C9J-X93C-RW6J: OpenClaw Side-Channel: The `safeBins` File Existence Oracle
cverports profile

GHSA-6C9J-X93C-RW6J: OpenClaw Side-Channel: The `safeBins` File Existence Oracle

#security #cve #cybersecurity #ghsa
Comments
2 min read
CVE-2026-1669: Model Poisoning: Turning Keras Weights into Weaponized File Readers
cverports profile

CVE-2026-1669: Model Poisoning: Turning Keras Weights into Weaponized File Readers

#security #cve #cybersecurity
Comments
2 min read
GHSA-VRHM-GVG7-FPCF: SvelteKit Remote Functions: Death by Type Coercion
cverports profile

GHSA-VRHM-GVG7-FPCF: SvelteKit Remote Functions: Death by Type Coercion

#security #cve #cybersecurity #ghsa
Comments
2 min read
đź‘‹ Sign in for the ability to sort posts by relevant, latest, or top.