Topic: path traversal
-
How MCP Server Flaws Escalate to Supply Chain Attacks
A path traversal vulnerability in Smithery.ai's MCP server platform exposed administrative credentials, compromising over 3,000 AI servers and risking a major supply chain incident. The flaw allowed attackers to access sensitive files and an overprivileged token, enabling potential code execution...
Read More » -
Fortinet Patches Actively Exploited FortiWeb Zero-Day
Fortinet has patched a critical zero-day vulnerability (CVE-2025-64446) in its FortiWeb firewall, which is being actively exploited to create unauthorized admin accounts via unauthenticated HTTP requests. The flaw affects FortiWeb versions 8.0.1 and earlier, with a fix available in version 8.0.2,...
Read More » -
CISA Mandates Urgent Patch for Actively Exploited Gogs Flaw
A critical remote code execution flaw (CVE-2025-8110) in Gogs is being actively exploited, allowing attackers to run arbitrary commands by manipulating Git configuration files. CISA has mandated all federal agencies to patch the vulnerability by February 2026, as over 1,400 public Gogs servers ar...
Read More » -
Critical jsPDF Flaw Exposes Secrets in Generated PDFs
A high-severity vulnerability (CVE-2025-68428) in the widely used jsPDF library allows attackers to steal local server files by exploiting a path traversal flaw in its Node.js version. The flaw affects several file-loading functions and was fixed in version 4.0.0, which uses Node.js's permission ...
Read More » -
Critical Flaws Found in Fluent Bit Logging Agent
Severe security vulnerabilities have been discovered in Fluent Bit, a widely used telemetry logging tool installed over 15 billion times, impacting core functions in banking, cloud, and SaaS environments. The flaws include input validation issues, tag manipulation, path traversal, buffer overflow...
Read More » -
Critical "Ni8mare" Bug Allows Hackers to Take Over n8n Servers
A critical, maximum-severity vulnerability (CVSS 10.0) in n8n allows unauthenticated remote attackers to take control of servers, posing a major risk due to the platform's widespread use and integration with sensitive enterprise systems. The flaw, named "Ni8mare," is a path traversal issue where ...
Read More »