1015 matches found
Zero-Day Exploit Against Windows BitLocker
It's nasty, but it requires physical access to the computer: The exploit, named YellowKey, was published earlier this week by a researcher who goes by the alias Nightmare-Eclipse. It reliably bypasses default Windows 11 deployments of BitLocker, the full-volume encryption protection Microsoft...
CVE-2026-42555
Valtimo is an open-source business process automation platform. com.ritense.valtimo:document from 12.0.0 to before 12.32.0, com.ritense.valtimo:case from 13.0.0 to before 13.23.0, and com.ritense.valtimo:contract from 13.4.0 to before 13.23.0 evaluate Spring Expression Language SpEL expressions...
unverified_exploits
Unverified Exploits - Rule-Based Exploit Generation & Testing...
Malicious code in noon-contracts (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5e2a4c1ac3896b7769b47ab6659bf7b0d49f229963c910d0c9b9be11c5291c12 The package noon-contracts was found to contain malicious code. Source: ossf-package-analysis...
MAL-2026-3420 Malicious code in noon-contracts (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5e2a4c1ac3896b7769b47ab6659bf7b0d49f229963c910d0c9b9be11c5291c12 The package noon-contracts was found to contain malicious code. Source: ossf-package-analysis...
Tailored Prompts, Targeted Protection: Vulnerability-Specific LLM Analysis for Smart Contracts
Smart contracts on blockchains are prone to diverse security vulnerabilities that can lead to significant financial losses due to their immutable nature. Existing detection approaches often lack flexibility across vulnerability types and rely heavily on manually crafted expert rules. In this pape...
Alignment Contracts for Agentic Security Systems
Agentic security systems increasingly combine LLM planners with tools that can discover, validate, and report vulnerabilities. This creates an asymmetric control problem: the system should retain strong offensive capability inside an authorized engagement, while the same capabilities must be deni...
codex-solidity
⛓️ Codex Solidity — Smart Contract & Protocol Audit Agent Imp...
GoAT-X: A Graph of Auditing Thoughts for Securing Token Transactions in Cross-Chain Contracts
Cross-chain bridges, the critical infrastructure of the multi-chain ecosystem, have become a primary target for attackers, resulting in over $2.8 billion in losses due to subtle implementation flaws. Existing defenses, such as bytecode-level static analysis, are ill-equipped to handle the semanti...
A Systematic Literature Review for Transformer-Based Software Vulnerability Detection
Context: Software vulnerabilities pose significant security threats to software systems, especially as software is increasingly used across many areas of daily life, including health, government, and finance. Recently, transformer-based models have demonstrated promising results in automatic...
secureflow
AI-Powered Smart Contract Security Scanner An automated block...
Nimiq 数字错误漏洞
Nimiq is an open-source implementation of the Albatross protocol in Rust. Versions of Nimiq prior to 1.3.0 contained a numerical error vulnerability. This vulnerability stems from the nimiq-account contract’s VestingContract::canchangebalance function, which returns AccountError::InsufficientFund...
EUVD-2026-24389
Vulnerability in the PeopleSoft Enterprise FIN Contracts product of Oracle PeopleSoft component: Contracts. The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise FIN Contracts...
CVE-2026-34300
Vulnerability in the PeopleSoft Enterprise FIN Contracts product of Oracle PeopleSoft component: Contracts. The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise FIN Contracts...
CVE-2026-34300
Vulnerability in the PeopleSoft Enterprise FIN Contracts product of Oracle PeopleSoft component: Contracts. The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise FIN Contracts...
Oracle PeopleSoft Enterprise FIN Contracts 安全漏洞
Oracle PeopleSoft Enterprise FIN Contracts is an enterprise contract financial management system developed by Oracle Corporation. Version 9.2 of Oracle PeopleSoft Enterprise FIN Contracts contains a security vulnerability. This vulnerability stems from issues with the Contracts component, which m...
PT-2026-34124
Vulnerability in the PeopleSoft Enterprise FIN Contracts product of Oracle PeopleSoft component: Contracts. The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise FIN Contracts...
Security Is Relative: Training-Free Vulnerability Detection Via Multi-Agent Behavioral Contract Synthesis
Deep learning for vulnerability detection has shown promising results on early benchmarks, but recent evaluations reveal catastrophic degradation: models achieving F1 0.68 on legacy datasets collapse to 0.031 under strict deduplication. We identify the root cause as the semantic ambiguity problem...
NFTDELTA: Detecting Permission Control Vulnerabilities in NFT Contracts through Multi-View Learning
Permission control vulnerabilities in Non-fungible token NFT contracts can result in significant financial losses, as attackers may exploit these weaknesses to gain unauthorized access or circumvent critical permission checks. In this paper, we propose NFTDELTA, a framework that leverages static...
V2E: Validating Smart Contract Vulnerabilities through Profit-Driven Exploit Generation and Execution
Smart contracts are a critical component of blockchain systems. Due to the large amount of digital assets carried by smart contracts, their security is of critical importance. Although numerous tools have been developed for detecting smart contract vulnerability, their effectiveness remains...