Aggregator

It turns out we've all been using MCP wrong. Most agents today use MCP by exposing the "tools" directly to the LLM.

Cloudflare Radar now offers a Certificate Transparency dashboard for monitoring TLS certificate activity, and new regional traffic insights for a sub-national perspective on Internet trends.

FortiGuard Labs发现了一起伪装成乌克兰政府机构的钓鱼活动，通过恶意SVG文件传播Amatera Stealer和PureMiner等恶意软件。攻击者利用SVG文件诱导受害者下载并执行恶意代码，最终实现敏感信息窃取和资源 hijacking。

Cloudflare Workers通过预热技术减少冷启动时间，并引入一致性哈希环（Worker sharding）优化请求路由，降低冷启动率至0.01%，提升效率和性能。

Cloudflare Radar新增区域流量洞察和证书透明度数据功能，提供更细粒度的网络健康与安全洞察。前者展示地区级流量趋势，后者分析TLS证书 issuance、分布及特性。

文章介绍了如何通过将MCP工具转换为TypeScript API，并利用LLM编写代码来调用这些API，从而提升AI代理的能力和效率。这种方法减少了传统工具调用中的复杂性和延迟，并利用了LLM在代码生成方面的优势。

A vulnerability, which was classified as critical, has been found in itsourcecode Open Source Job Portal 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/user/controller.php?action=photos. The manipulation of the argument photo leads to unrestricted upload. This vulnerability is uniquely identified as CVE-2025-11078. The attack is possible to be carried out remotely. Moreover, an exploit is present.

Submit #661168 / VDB-326082

A vulnerability classified as critical was found in Campcodes Online Learning Management System 1.0. Affected is an unknown function of the file /admin/add_content.php. Executing manipulation of the argument Title can lead to sql injection. This vulnerability is handled as CVE-2025-11077. The attack can be executed remotely. Additionally, an exploit exists.

A vulnerability classified as critical has been found in Campcodes Online Learning Management System 1.0. This impacts an unknown function of the file /admin/edit_teacher.php. Performing manipulation of the argument department results in sql injection. This vulnerability is known as CVE-2025-11076. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

A vulnerability described as critical has been identified in Campcodes Online Learning Management System 1.0. This affects an unknown function of the file /admin/de_activate.php. Such manipulation of the argument ID leads to sql injection. This vulnerability is traded as CVE-2025-11075. The attack may be launched remotely. Furthermore, there is an exploit available.

Submit #661153 / VDB-326082

A vulnerability marked as critical has been reported in code-projects Project Monitoring System 1.0. The impacted element is an unknown function of the file /login.php. This manipulation of the argument username/password causes sql injection. This vulnerability appears as CVE-2025-11074. The attack may be initiated remotely. In addition, an exploit is available.

Submit #660919 / VDB-326118

A vulnerability labeled as critical has been found in Keyfactor RG-EW5100BE EW_3.0B11P280_EW5100BE-PRO_12183019. The affected element is an unknown function of the file /cgi-bin/luci/api/cmd of the component HTTP POST Request Handler. The manipulation of the argument url results in command injection. This vulnerability is reported as CVE-2025-11073. The attack can be launched remotely. Moreover, an exploit is present.

Submit #661155 / VDB-326117

Submit #660855 / VDB-326116

Submit #660854 / VDB-326115

Submit #659993 / VDB-326114

Submit #659933 / VDB-326113