DEV Community

# vulnerability

Discussions about specific security vulnerabilities and CVEs.

Posts

đź‘‹ Sign in for the ability to sort posts by relevant, latest, or top.
Python's `.pth` and `site-packages` Vulnerability: Unresolved Security Risk Since 2018
romdevin profile

Python's `.pth` and `site-packages` Vulnerability: Unresolved Security Risk Since 2018

#python #security #vulnerability #pth
Comments
12 min read
Trivy Vulnerability Scanner Compromised in Supply Chain Attack: Mitigation Steps and User Guidance
maricode profile

Trivy Vulnerability Scanner Compromised in Supply Chain Attack: Mitigation Steps and User Guidance

#cybersecurity #supplychain #opensource #vulnerability
1
Comments
8 min read
AI System's Internal Logic Exposed via Creative Querying: Enhanced Access Restrictions Proposed
natcher profile

AI System's Internal Logic Exposed via Creative Querying: Enhanced Access Restrictions Proposed

#ai #security #llm #vulnerability
Comments
13 min read
Claude Code CLI Vulnerability: Malicious Configs Bypass Trust Dialog, Enabling Unauthorized Permission Elevation
kserude profile

Claude Code CLI Vulnerability: Malicious Configs Bypass Trust Dialog, Enabling Unauthorized Permission Elevation

#security #vulnerability #cli #permissions
Comments
10 min read
Claude Code CLI Fixed: Configuration Loading Order Defect Resolved to Prevent Unauthorized Permission Elevation
olgabyte profile

Claude Code CLI Fixed: Configuration Loading Order Defect Resolved to Prevent Unauthorized Permission Elevation

#security #vulnerability #cli #ai
Comments
8 min read
Trivy Scanner Compromised Again: Malicious Code Found in v0.69.4 and GitHub Actions, Raising Security Concerns
maricode profile

Trivy Scanner Compromised Again: Malicious Code Found in v0.69.4 and GitHub Actions, Raising Security Concerns

#security #supplychain #opensource #vulnerability
Comments
8 min read
Eight Critical Bugs, One Day: Anatomy of an AI Agent Security Audit
oolongtea2026 profile

Eight Critical Bugs, One Day: Anatomy of an AI Agent Security Audit

#security #aiagents #opensource #vulnerability
Comments
3 min read
MediaTek Audio DSP Vulnerability: How a Nothing Phone Could Have Been Hacked (Except It Wasn't)
kunal_d6a8fea2309e1571ee7 profile

MediaTek Audio DSP Vulnerability: How a Nothing Phone Could Have Been Hacked (Except It Wasn't)

#cybersecurity #mediatek #androidsecurity #vulnerability
Comments
7 min read
Windows Vulnerability CVE-2025-59284: Incomplete Patch Enables NetNTLM Hash Phishing During Archive Extraction
kserude profile

Windows Vulnerability CVE-2025-59284: Incomplete Patch Enables NetNTLM Hash Phishing During Archive Extraction

#windows #vulnerability #netntlm #patching
Comments
14 min read
Glassworm Is Back: The Invisible Unicode Attack Hiding in Your Code
kunal_d6a8fea2309e1571ee7 profile

Glassworm Is Back: The Invisible Unicode Attack Hiding in Your Code

#cybersecurity #unicode #vulnerability #supplychainattack
Comments
7 min read
Five Chrome Zero-Days in Two Weeks: The Most Aggressive Browser Attack Wave of 2024
kunal_d6a8fea2309e1571ee7 profile

Five Chrome Zero-Days in Two Weeks: The Most Aggressive Browser Attack Wave of 2024

#cybersecurity #googlechrome #zeroday #vulnerability
1
Comments
6 min read
CVE-2026-20435: How a MediaTek Boot Chain Flaw Exposes Crypto Wallets on 25% of Android Phones
ohmygod profile

CVE-2026-20435: How a MediaTek Boot Chain Flaw Exposes Crypto Wallets on 25% of Android Phones

#security #android #crypto #vulnerability
1
Comments
5 min read
Zombie ZIP Vulnerability Enables Malware to Bypass 95% of Antivirus Software, Requiring Urgent Security Updates
olgabyte profile

Zombie ZIP Vulnerability Enables Malware to Bypass 95% of Antivirus Software, Requiring Urgent Security Updates

#cybersecurity #malware #vulnerability #antivirus
Comments
8 min read
EPSS Explained: Why Exploit Prediction Scoring Changes Everything for Vulnerability Prioritization
amartyajha profile

EPSS Explained: Why Exploit Prediction Scoring Changes Everything for Vulnerability Prioritization

#security #vulnerability #devsecops #programming
Comments
2 min read
Denial of Service in yauzl 3.2.0: One Zip File Crashes the Library Behind VS Code and Electron
amartyajha profile

Denial of Service in yauzl 3.2.0: One Zip File Crashes the Library Behind VS Code and Electron

#security #javascript #node #vulnerability
Comments
5 min read
đź‘‹ Sign in for the ability to sort posts by relevant, latest, or top.