#vulnerability

Cybersecurity researchers have discovered a critical security vulnerability in artificial intelligence (AI) company Anthropic's Model Context Protocol (MCP) Inspector project that could result in remote code execution (RCE) and allow an attacker to gain complete access to the hosts. The vulnerability, tracked as CVE-2025-49596, carries a CVSS score of 9.4 out of a maximum of 10.0. "This is one

### Summary Certs generated by v4 contain their private key. ## Details ### Background Recently, I encountered an API in Go that’s easy to misuse: sha512.Sum384 and sha512.New384().Sum look very similar and behave very differently. https://go.dev/play/p/kDCqqoYk84k demonstrates this. I want to discuss extending static analysis to detect this case with the go community, but before I do that, I want to make a best-effort pass at open-source projects to fix the existing bugs. I figured that if there were any vulnerabilities out there, they would be easy to find once that discussion begins, so it’s better to address them early. This work is a hobby project and has no affiliation with my employer, so I may be slow to respond due to existing commitments. ### PoC https://go.dev/play/p/vSW0U3Hq4qk ### Impact [This code](https://github.com/juju/utils/blob/0141ef0ee74a0cac603c5c9e4aff194008722f41/cert/cert.go#L120) (cert.NewLeaf) generates certs with the SubjectKeyId set to `sha512.Ne...

There is a heap buffer overflow when writing a sufficiently large (>64k encoded with default settings) image in the DDS format due to writing into a buffer without checking for available space. This only affects users who save untrusted data as a compressed DDS image. * Unclear how large the potential write could be. It is likely limited by process segfault, so it's not necessarily deterministic. It may be practically unbounded. * Unclear if there's a restriction on the bytes that could be emitted. It's likely that the only restriction is that the bytes would be emitted in chunks of 8 or 16. This was introduced in Pillow 11.2.0 when the feature was added.

**Why is this Chrome CVE included in the Security Update Guide?** The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. **How can I see the version of the browser?** 1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window 2. Click on **Help and Feedback** 3. Click on **About Microsoft Edge**

Google has released an urgent update for the Chrome browser to patch a vulnerability which has already been exploited.

Researchers have found a set of vulnerabilities in Bluetooth connected devices that could allow an attacker to spy on users.

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: FESTO Equipment: Hardware Controller, Hardware Servo Press Kit Vulnerabilities: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to execute unauthorized system commands with root privileges. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS FESTO reports the following products are affected: Festo Firmware installed on Festo Hardware Controller CECC-X-M1: Version 4.0.14 Festo Firmware installed on Festo Hardware Controller CECC-X-M1: Versions 3.8.14 and prior Festo Firmware installed on Festo Hardware Controller CECC-X-M1-MV: Versions 3.8.14 and prior Festo Firmware installed on Festo Hardware Controller CECC-X-M1-MV: Version 4.0.14 Festo Firmware installed on Festo Hardware Controller CECC-X-M1-MV-S1: Version 4.0.14 Festo Firmware installed on Festo Hardware...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: FESTO Equipment: CODESYS Vulnerabilities: Partial String Comparison, Uncontrolled Resource Consumption, Memory Allocation with Excessive Size Value 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to block legitimate user connections, crash the application, or authenticate without proper credentials. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS FESTO reports that the following products are affected: FESTO CODESYS Gateway Server V2: All versions FESTO CODESYS Gateway Server V2: prior to V2.3.9.38 3.2 VULNERABILITY OVERVIEW 3.2.1 PARTIAL STRING COMPARISON CWE-187 In CODESYS Gateway Server V2 for versions prior to V2.3.9.38 only part of the specified password is being compared to the real CODESYS Gateway password. An attacker may perform authentication by specifying a small password that matches the corresponding part of the longer real CODESYS ...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: Relion 670/650 and SAM600-IO Vulnerability: Allocation of Resources Without Limits or Throttling 2. RISK EVALUATION Successful exploitation of this vulnerability could allow attackers to cause a denial-of-service that disrupts critical functions in the device. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Hitachi Energy reports that the following products are affected: Hitachi Energy Relion 650: All versions from 2.2.4.0 to 2.2.4.4 Hitachi Energy Relion 650: All versions from 2.2.5.0 to 2.2.5.6 Hitachi Energy Relion 650: All versions from 2.2.6.0 to 2.2.6.2 Hitachi Energy Relion 670: 2.2.2.6 Hitachi Energy Relion 670: 2.2.3.7 Hitachi Energy Relion 670: All versions from 2.2.4.0 to 2.2.4.4 Hitachi Energy Relion 670: All versions from 2.2.5.0 to 2.2.5.6 Hitachi Energy Relion 670: All versions from 2.2.6.0 to 2.2.6.2 Hitachi Energy SAM600-IO: All versions from 2....

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Voltronic Power, PowerShield Equipment: Viewpower, NetGuard Vulnerabilities: Exposed Dangerous Method or Function, Forced Browsing 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an unauthenticated attacker remotely to make configuration changes, resulting in shutting down UPS connected devices or execution of arbitrary code. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Voltronic Power and PowerShield UPS monitoring software is affected, as well as other derivative products: Voltronic Power Viewpower: Version 1.04-24215 and prior Voltronic Power ViewPower Pro: Version 2.2165 and prior Powershield NetGuard: Version 1.04-22119 and prior 3.2 VULNERABILITY OVERVIEW 3.2.1 EXPOSED DANGEROUS METHOD OR FUNCTION CWE-749 The UPS management software normally allows a properly authenticated and authorized user using a web interface to configure the s...