Aggregator

CVE-2023-20903 | Cloud Foundry UAA IDP Token session expiration (EUVD-2023-25071)

Vuldb Updates
3 months 2 weeks ago
A vulnerability was found in Cloud Foundry UAA and classified as problematic. Affected by this vulnerability is an unknown functionality of the component IDP Token Handler. Such manipulation leads to session expiration. This vulnerability is uniquely identified as CVE-2023-20903. The attack can only be initiated within the local network. No exploit exists. Applying the suggested workaround is recommended.
vuldb.com

MCP Inspector 未授权访问致代码执行漏洞(CVE-2025-49596)

先知技术社区
3 months 2 weeks ago
漏洞描述MCP Inspector 服务端组件在 0.14.1 之前的版本中存在一个严重的安全漏洞。该漏洞允许未经身份验证的远程攻击者通过构造一个特制的网络请求,在运行 MCP Inspector 服务的服务器上执行任意操作系统命令。此漏洞源于一个调试接口在设计上完全缺少身份验证和权限控制机制影响范围影响版本: 0.14.1 之前的所有版本 环境搭建通过 NodeSource 安装 Node.j

OpenAI Codex编码工具发布重大更新 支持云端同步可以接续编码任务

不安全
3 months 2 weeks ago
OpenAI对Codex编码工具进行重大更新,新增Microsoft Visual Studio Code扩展程序、Web与终端间的同步支持,并允许ChatGPT Plus和Pro订阅用户直接使用账户配额进行编码。开发者可在本地环境与云端间无缝同步任务,并通过Seamless Local ↔ Cloud Handoff功能保持状态连续性。此外,Codex还支持自动审查GitHub PR并提供修复建议,UI和功能也得到优化升级。

TiDB Lightning 源码阅读

不安全
3 months 2 weeks ago
Lightning 是 TiDB 的高速数据导入工具,支持 TB 级数据快速迁移。其架构清晰模块化,核心功能包括表结构恢复、数据导入及多后端模式(Local 和 TiDB)。通过检查点机制实现断点续传,并采用多层次并发控制和内存管理优化性能。

CVE-2024-41057 | Linux Kernel up to 6.1.100/6.6.41/6.9.10 cachefiles_withdraw_cookie use after free (Nessus ID 210060 / WID-SEC-2024-1722)

Vuldb Updates
3 months 2 weeks ago
A vulnerability classified as critical was found in Linux Kernel up to 6.1.100/6.6.41/6.9.10. Affected is the function cachefiles_withdraw_cookie. Such manipulation leads to use after free. This vulnerability is listed as CVE-2024-41057. The attack must be carried out from within the local network. There is no available exploit. Upgrading the affected component is advised.
vuldb.com

Managed ad