The jsPDF library for generating PDF documents in JavaScript applications is vulnerable to a critical vulnerability that ...

A critical CVSS 9.2 flaw in AdonisJS bodyparser lets attackers write arbitrary files via path traversal when uploads are ...

COMPANY NEWS: We found a path traversal vulnerability in Smithery.ai that compromised over 3,000 MCP servers and exposed thousands of API keys. Here's how a single Docker build bug nearly triggered ...

We discovered a vulnerability in a popular MCP server hosting service that compromised thousands of AI servers and their associated credentials. Here's what happened and why it matters: A simple ...

Microsoft's open source NLWeb framework for delivering AI-driven agentic web applications shipped with an easy to exploit path traversal vulnerability that revealed the context of sensitive system ...

A security bug that surfaced fifteen years ago in a public post on GitHub has survived developers' attempts on its life. From there, it took up residence in large language models (LLMs) trained on the ...

The Hacker News is the top cybersecurity news platform, delivering real-time updates, threat intelligence, data breach reports, expert analysis, and actionable insights for infosec professionals and ...

Attack Vector: This metric reflects the context by which vulnerability exploitation is possible. This metric value (and consequently the resulting severity) will be larger the more remote (logically, ...

Researchers released a proof-of-concept exploit for a path traversal flaw in the enterprise VoIP suite that, coupled with an arbitrary file read issue, can give attackers access to protected files, ...