Tag: path validation
-
Embrace The Red: Wrap Up: The Month of AI Bugs
Source URL: https://embracethered.com/blog/posts/2025/wrapping-up-month-of-ai-bugs/ Source: Embrace The Red Title: Wrap Up: The Month of AI Bugs Feedly Summary: That’s it. The Month of AI Bugs is done. There won’t be a post tomorrow, because I will be at PAX West. Overview of Posts ChatGPT: Exfiltrating Your Chat History and Memories With Prompt Injection | Video ChatGPT…
-
Simon Willison’s Weblog: The Summer of Johann: prompt injections as far as the eye can see
Source URL: https://simonwillison.net/2025/Aug/15/the-summer-of-johann/#atom-everything Source: Simon Willison’s Weblog Title: The Summer of Johann: prompt injections as far as the eye can see Feedly Summary: Independent AI researcher Johann Rehberger has had an absurdly busy August. Under the heading The Month of AI Bugs he has been publishing one report per day across an array of different…
-
Embrace The Red: Anthropic Filesystem MCP Server: Directory Access Bypass via Improper Path Validation
Source URL: https://embracethered.com/blog/posts/2025/anthropic-filesystem-mcp-server-bypass/ Source: Embrace The Red Title: Anthropic Filesystem MCP Server: Directory Access Bypass via Improper Path Validation Feedly Summary: A few months ago I was looking at the filesystem MCP server from Anthropic. The server allows to give an AI, like Claude Desktop, access to the local filesystem to read files or edit…
-
Bulletins: Vulnerability Summary for the Week of June 23, 2025
Source URL: https://www.cisa.gov/news-events/bulletins/sb25-181 Source: Bulletins Title: Vulnerability Summary for the Week of June 23, 2025 Feedly Summary: High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info 70mai–M300 A vulnerability was found in 70mai M300 up to 20250611 and classified as critical. Affected by this issue is some unknown functionality of the component Telnet…
-
Bulletins: Vulnerability Summary for the Week of May 5, 2025
Source URL: https://www.cisa.gov/news-events/bulletins/sb25-132 Source: Bulletins Title: Vulnerability Summary for the Week of May 5, 2025 Feedly Summary: High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info 1clickmigration–1 Click WordPress Migration Plugin 100% FREE for a limited time The 1 Click WordPress Migration Plugin – 100% FREE for a limited time plugin for WordPress…
-
Bulletins: Vulnerability Summary for the Week of April 21, 2025
Source URL: https://www.cisa.gov/news-events/bulletins/sb25-118 Source: Bulletins Title: Vulnerability Summary for the Week of April 21, 2025 Feedly Summary: High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info AdeptLanguage–Adept Adept is a language for general purpose programming. Prior to commit a1a41b7, the remoteBuild.yml workflow file uses actions/upload-artifact@v4 to upload the mac-standalone artifact. This artifact is…
-
Bulletins: Vulnerability Summary for the Week of January 27, 2025
Source URL: https://www.cisa.gov/news-events/bulletins/sb25-034 Source: Bulletins Title: Vulnerability Summary for the Week of January 27, 2025 Feedly Summary: High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info 0xPolygonZero–plonky2 Plonky2 is a SNARK implementation based on techniques from PLONK and FRI. Lookup tables, whose length is not divisible by 26 = floor(num_routed_wires / 3) always…
-
Bulletins: Vulnerability Summary for the Week of December 16, 2024
Source URL: https://www.cisa.gov/news-events/bulletins/sb24-358 Source: Bulletins Title: Vulnerability Summary for the Week of December 16, 2024 Feedly Summary: High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info 1000 Projects–Attendance Tracking Management System A vulnerability has been found in 1000 Projects Attendance Tracking Management System 1.0 and classified as critical. Affected by this vulnerability is…
-
Bulletins: Vulnerability Summary for the Week of January 20, 2025
Source URL: https://www.cisa.gov/news-events/bulletins/sb25-026 Source: Bulletins Title: Vulnerability Summary for the Week of January 20, 2025 Feedly Summary: High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info aEnrich Technology–a+HRD The a+HRD from aEnrich Technology has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database…
-
Bulletins: Vulnerability Summary for the Week of December 2, 2024
Source URL: https://www.cisa.gov/news-events/bulletins/sb24-344 Source: Bulletins Title: Vulnerability Summary for the Week of December 2, 2024 Feedly Summary: High Vulnerabilities PrimaryVendor — Product Description8 Published CVSS Score Source Info SailPoint Technologies–IdentityIQ IdentityIQ 8.4 and all 8.4 patch levels prior to 8.4p2, IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p5, IdentityIQ 8.2 and all 8.2…