Tag
A discussion about the lack of vetting for MCP servers before installation, highlighting a study that found 5.5% tool-poisoned and 14.4% with known bugs, plus a systemic RCE in the MCP SDK.
A researcher discovered a remote code execution vulnerability in AMD's AutoUpdate software due to insecure HTTP download links and lack of certificate validation. AMD initially dismissed it as out of scope but later agreed to issue a CVE and fix after public attention.
CVE-2026-52884 describes a zero-click remote code execution vulnerability in Notepad++ via path traversal, affecting users on Windows.
A researcher discovered a 1-click remote code execution vulnerability in PewDiePie's Odysseus Chat and is submitting a PR to fix it.
A security researcher discovered CVE-2026-46529, a 10-year-old remote code execution vulnerability in Linux PDF viewers XReader, Evince, and Atril, caused by insufficient argument quoting when spawning child processes to open remote document links.
XBOW disclosed CVE-2026-45185, a critical unauthenticated remote code execution vulnerability in Exim mail servers caused by a use-after-free error in TLS handling. The article details the technical exploit development and the role of AI models in the discovery process.
Critical security vulnerabilities in Ollama, including a memory leak exploit dubbed 'Bleeding Llama' and a Windows RCE flaw, have been disclosed, prompting urgent upgrades for users.