A deep dive into CVE-2025-14986, a masked namespace vulnerability in Temporal that enabled cross-tenant policy and schema confusion via bundled APIs.

A technical teardown of a 1-click RCE against OpenClaw (formerly Moltbot/ClawdBot), a viral open-source AI assistant trusted by 100,000+ developers with high-privilege access. See how a settings logic flaw and a WebSocket pivot turn a single webpage visit into token exfiltration, safety-control bypass, and arbitrary command execution.

An in-depth analysis of CVE-2025-64721, a critical Sandboxie sandbox escape caused by a 32-bit integer overflow in raw ALPC IPC. Learn how a missing bounds check enabled heap leaks, 4GB heap corruption, and SYSTEM-level code execution on Windows—and what this vulnerability teaches about real-world exploitation and low-level security design.

depthfirst is finding new security vulnerabilities in open-source software every week. And we believe that finding these vulnerabilities is only valuable if it leads to a safer internet. We created this policy to clarify how we handle these public discoveries: ensuring maintainers have the time they need to fix issues, while ensuring users aren't left vulnerable.

Depthfirst achieved a ~90% improvement on the CyberGym vulnerability-exploitation benchmark by redesigning the system around the model rather than relying on naïve prompting. By adding accurate situational context, real-time runtime instrumentation, and a modular multi-agent architecture, they raised success rates from the historical 20–28% range to 53%. The core takeaway: LLM capability is often bottlenecked by system design, and thoughtfully engineered agents can unlock far more performance than model upgrades alone.

We recently discovered a textbook example of this in Langfuse, a leading open-source LLM engineering platform with 16k stars on Github. A subtle flaw in its background job controls allowed any authenticated user to access highly sensitive administrative functions, creating a significant business risk

In 2022, a subtle XSS bug slipped into esbuild, one of the most widely used JavaScript bundlers on the planet. Despite billions of downloads, it remained unnoticed, hiding inside a function that appeared to safely escape HTML. But a missing quote escape created a surprising vector: a malicious folder name that could break out of an HTML attribute and execute arbitrary JavaScript inside the esbuild dev server. The bug lived quietly for years. The fix was one line. Here’s how depthfirst found it, exploited it, and patched it.

The best security alerts are the ones that come with a fix. Our platform recently discovered and automatically generated a patch for a critical RCE in Swetrix Web Analytics. This post dissects the vulnerability (a classic Path Traversal), the exploit, and the code for the automated patch.‍

Our agents discovered the vulnerability, provided a risk assessment, and generated a patch autonomously. I shared the results with the Netty maintainers who assigned CVE-2025-59419 and merged our fix.