Both issues are easy to exploit and easy to patch — a reminder that small bugs in dev tooling can have big consequences downstream.
Full roundup, detection commands, and mitigations:
🔗 buff.ly/wN1crc3
#Security #AppSec #DevSecOps #CVE #ApacheTomcat #Vercel #Checkmarx
🧵4/4

🤖 Vercel AI SDK — Index error (CVE-2025-48985) lets unsafe file types slip past validation, a potential path for #AI context poisoning.
Low impact on its own, but a good example of subtle data integrity flaws in #GenAI pipelines.
#Vercel #TypeScript #CVE #DevSecOps #Infosec
🧵3/4

🐱 Apache Tomcat — Multipart upload cleanup delay (CVE-2025-61795) can fill disks and trigger denial-of-service or spike cloud storage costs.
A simple bug in how temp files are handled turns into an operational risk.
#Tomcat #Java #CVE #Security #AppSec
🧵2/4

Even mature frameworks can harbor critical flaws. Keep dependencies current and audit ORM query logic regularly.
buff.ly/kfcbY7e
#SupplyChainSecurity #WebSecurity #SoftwareSecurity 🧵5/5

🎯 If you use Django in production, upgrade immediately to one of:
• 5.1.14
• 4.2.26
• 5.2.8
#DevSecOps #AppSec #Python 🧵4/5

This allows crafted input to alter SQL queries and access or modify database contents. The issue impacts multiple supported Django branches.
#Django #Vulnerability #OpenSourceSecurity 🧵3/5

Attackers can exploit SQL Injection by passing data that becomes represented as dictionaries through the _connector argument in QuerySet.filter(), .exclude(), .get(), or Q() calls.
#SoftwareSecurity #CVE 🧵2/5

Defenders need to recognize that #AIintegration expands attack surfaces.
AI APIs and assistants can become adversary infrastructure — another layer for detection and control.
Details: buff.ly/4ay9Kvz
#LLMsecurity #SupplyChainSecurity #CheckmarxZero #AIsafety 🧵3/3

#SesameOp targets #VSCode environments, using the same AI code assistants that developers rely on every day.
It’s a clever twist — attackers are now living inside the same productivity tools defenders trust.
#DevSecOps #AIAttackSurface #SoftwareSecurity 🧵2/3

Full write-up, commands, and mitigations here: 🔗 buff.ly/REjgAW4 #Security #Checkmarx #CVE #DevSecOps 🧵4/4

🐱 #ApacheTomcat RewriteValve — (CVE-2025-55752, CVSS 7.5) again mishandles URL normalization and decoding, allowing crafted requests to traverse sensitive paths or even trigger #RCE in rare PUT-enabled setups. #Tomcat #Java #Infosec 🧵3/4

🪄 #Jenkins SAML Plugin — (CVE-2025-64131) enables replay of #SAML assertions, letting attackers impersonate valid users if they capture traffic. Missing replay cache = broken trust. Fixed builds patch it; HTTPS mitigates risk. #AppSec #CVE #DevSecOps 🧵2/4

This is because our proactive, routine malware analysis process identified and reviewed the relevant packages ahead of the public reporting of these issues. 🧵2/2

That could look like blocking the relevant endpoints in server configurations or edge devices like #WAF or reverse-proxy systems, setting files read-only, etc.

#ApplicationSecurity #VulnerabilityManagement #DevSecOps #DevOps #Cybersecurity #ProductSecurity 🧵3/3

#DNN a leading #CMS within the #NuGet / #Microsoft ecosystem that's widely deployed in many types of organization. If you're a DNN user, you should take immediate action. If you can't upgrade to at least 10.1.1, you should take steps to disable file uploads. 🧵2/3

Stay current, patch early, and check configurations regularly. Full write-up with remediation and detection guidance 👇
buff.ly/slk16bD
#AppSec #SecurityAdvisory #SoftwareSecurity #Infosec #DevSecOps 🧵7/7