A two high-severity vulnerabilities in Anthropic's Model Context Protocol (MCP) Filesystem Server that allow attackers to escape security sandboxes and execute arbitrary code on host systems.
The findings come as MCP gains rapid adoption as a framework enabling large language models like Claude Desktop...
A newly disclosed security vulnerability in Apache Seata, a distributed transaction solution, exposes applications to potential remote code execution through deserialization attacks.
The vulnerability affects a significant range of versions and represents a correction to a previously reported security issue that had an incorrectly...
Cisco Systems has disclosed a critical vulnerability in its Unified Communications Manager (Unified CM) platform that could allow unauthenticated remote attackers to gain root access to affected systems.
The security vulnerability, tracked as CVE-2025-20309 and assigned a maximum CVSS score of 10.0, represents one...
A critical zero-day vulnerability has been discovered in Wing FTP Server, a popular file transfer software used by over 10,000 customers worldwide, that allows attackers to gain complete control over affected systems without authentication.
The vulnerability , assigned CVE-2025-47812 with a maximum severity score...
In the ever-evolving landscape of cybersecurity, offensive security tools have increasingly turned to the .NET framework for their flexibility and integration with Windows environments.
Tools like Rubeus, SeatBelt, and SharpDPAPI are now household names among penetration testers and red teamers.
However, the popularity of...
A newly disclosed security vulnerability in ModSecurity, one of the most widely deployed web application firewalls, could allow attackers to crash protected web applications through carefully crafted XML requests containing empty tags.
The vulnerability, tracked as GHSA-gw9c-4wfm-vj3x, affects mod_security2 versions 2.9.8 and later when...