A two high-severity vulnerabilities in Anthropic's Model Context Protocol (MCP) Filesystem Server that allow attackers to escape security sandboxes and execute arbitrary code on host systems.
The findings come as MCP gains rapid adoption as a framework enabling large language models like Claude Desktop...
A newly disclosed security vulnerability in Apache Seata, a distributed transaction solution, exposes applications to potential remote code execution through deserialization attacks.
The vulnerability affects a significant range of versions and represents a correction to a previously reported security issue that had an incorrectly...
Cisco Systems has disclosed a critical vulnerability in its Unified Communications Manager (Unified CM) platform that could allow unauthenticated remote attackers to gain root access to affected systems.
The security vulnerability, tracked as CVE-2025-20309 and assigned a maximum CVSS score of 10.0, represents one...
A critical zero-day vulnerability has been discovered in Wing FTP Server, a popular file transfer software used by over 10,000 customers worldwide, that allows attackers to gain complete control over affected systems without authentication.
The vulnerability , assigned CVE-2025-47812 with a maximum severity score...
A newly disclosed security vulnerability in ModSecurity, one of the most widely deployed web application firewalls, could allow attackers to crash protected web applications through carefully crafted XML requests containing empty tags.
The vulnerability, tracked as GHSA-gw9c-4wfm-vj3x, affects mod_security2 versions 2.9.8 and later when...
A critical vulnerability in the Python-based data exfiltration utility employed by the notorious Cl0p ransomware group, revealing that the malware's own infrastructure can be exploited for remote code execution attacks.
The vulnerability, discovered in tools widely distributed during the group's destructive 2023-2024 MoveIt campaigns,...