Blog Home
Chaos-Mesh Vulnerability__Th

Chaotic Deputy: Critical vulnerabilities in Chaos Mesh lead to Kubernetes cluster takeover
September 16, 2025

JFrog Security Research recently discovered and disclosed multiple CVEs in the highly popular Chaos engineering platform – Chaos-Mesh. The discovered CVEs, which we’ve named Chaotic Deputy are CVE-2025-59358, CVE-2025-59360, CVE-2025-59361 and CVE-2025-59359. The last three Chaotic Deputy CVEs are critical severity (CVSS 9.8) vulnerabilities which can be easily exploited by in-cluster attackers to run arbitrary …

Read More
Remote MPC - Blog_Thumbnail

Critical RCE Vulnerability in mcp-remote: CVE-2025-6514 Threatens LLM Clients
July 09, 2025

The JFrog Security Research team has recently discovered and disclosed CVE-2025-6514 – a critical (CVSS 9.6) security vulnerability in the mcp-remote project – a popular tool used by Model Context Protocol clients. The vulnerability allows attackers to trigger arbitrary OS command execution on the machine running mcp-remote when it initiates a connection to an untrusted …

Read More
MITRE CVE Program - Thumbnail

A Vulnerable Future: MITRE’s Close Call in CVE Management
April 23, 2025

Last week, one of the biggest concerns in the cybersecurity industry created a crisis that was avoided at the last minute. On April 16th, 2025, the MITRE Corporation announced:  “The current contracting pathway for MITRE to develop, operate, and modernize CVE and several other related programs, such as CWE, will expire.” Official letter from MITRE …

Read More
Junior Security Researcher

CVE-2025-29927 – Authorization Bypass Vulnerability in Next.js: All You Need to Know
March 24, 2025

On March 21st, 2025, the Next.js maintainers announced a new authorization bypass vulnerability – CVE-2025-29927. This vulnerability can be easily exploited to achieve authorization bypass. In some cases – exploitation of the vulnerability can also lead to cache poisoning and denial of service. Which versions of Next.js are affected? Next.js 15.x – from version 15.0.0 …

Read More
Best-Security-Research-2024-Blog_Thumbnail.png

Top JFrog Security Research Discoveries of 2024
January 30, 2025

In our previous round-up of security research for 2023,  we mentioned our surprise at the large volume of 29,000 vulnerabilities that were reported two years ago.  But that didn’t prepare us for the astounding 40% increase, reported by Cyber Press, resulting in over 40,000 CVEs that were published over the past year in 2024. That …

Read More
Top JFrog Security Blogs 2023

Top JFrog Security Research Blogs of the Year
January 12, 2024

With over 29,000 CVEs and 5.5 billion malware attacks recorded in the past year, it’s no wonder that software supply chain security is a top priority for enterprise developers on a global scale. That is also why JFrog Security Research has been instrumental in identifying and analyzing the biggest threats and devising methods to protect …

Read More
Safe-mode_Thumbnail

Is TensorFlow Keras “Safe Mode” Actually Safe? Bypassing safe_mode Mitigation to Achieve Arbitrary Code Execution
March 12, 2025

Update: This issue was discovered and disclosed independently to Keras by JFrog’s research team and Peng Zhou. Machine learning frameworks often rely on serialization and deserialization mechanisms to store and load models. However, improper code isolation and executable components in the models can lead to severe security risks. The structure of the Keras v3 ML Model …

Read More
Contextual Analysis for Python, Java, and JavaScript with JFrog Frogbot

Contextual Analysis for Python, Java, and JavaScript Projects with JFrog Frogbot
September 08, 2023

When scanning packages, CVE (Common Vulnerabilities and Exposures) scanners can find thousands of vulnerabilities. This leaves developers with the painstaking task of sifting through long lists of vulnerabilities to identify the relevance of each, only to find that many vulnerabilities don’t affect their artifacts at all. Vulnerability Contextual Analysis uses the artifact context to eliminate …

Read More

Xray: New Year, New Security Features
February 16, 2022

As part of our ongoing efforts to offer you the most comprehensive and advanced SDLC protection capabilities, JFrog continues to boost the capabilities of our JFrog Xray security and compliance product. In this blog, we offer an overview of recent Xray improvements, all aimed at helping you fortify your software, reduce risk, scale security, streamline …

Read More

Popular Tags