Backchaining Loss of Control Mitigations from Mission-Specific Benchmarks in National Security

Affordances and permissions are promising and timely safety levers for mitigating Loss of Control LoC threats in high-stakes deployment contexts, such as national security. Deployers in defense and intelligence could rely on several approaches to identify which affordances and permissions should ...

Highly Autonomous Cyber-Capable Agents: Anticipating Capabilities, Tactics, and Strategic Implications

This report introduces the concept of "Highly Autonomous Cyber-Capable Agents" HACCAs, AI systems capable of autonomously conducting multi-stage cyber campaigns at a level comparable to today's top criminal hacking groups or state-affiliated threat actors, and analyzes the security implications o...

CVE-2026-26742

PX4 Autopilot versions 1.12.x through 1.15.x contain a protection mechanism failure in the "Re-arm Grace Period" logic. The system incorrectly applies the in-air emergency re-arm logic to ground scenarios. If a pilot switches to Manual mode and re-arms within 5 seconds default configuration of an...

CVE-2025-27455

The web application is vulnerable to clickjacking attacks. The site can be embedded into another frame, allowing an attacker to trick a user into clicking on something different from what the user perceives, thus potentially revealing confidential information or allowing others to take control of...

CVE-2025-3580

CVE-2025-3580 (Grafana Open Source) : An access-control flaw in the DELETE /api/org/users/ endpoint allows an Organization administrator to permanently delete the Server administrator account. If the sole Server admin is deleted, the Grafana instance becomes unmanageable with no super-user permis...

CVE-2024-3493 Rockwell Automation ControlLogix and GaurdLogix Vulnerable to Major Nonrecoverable Fault Due to Invalid Header Value

A specific malformed fragmented packet type fragmented packets may be generated automatically by devices that send large amounts of data can cause a major nonrecoverable fault MNRF Rockwell Automation's ControlLogix 5580, Guard Logix 5580, CompactLogix 5380, and 1756-EN4TR. If exploited, the...

CVE-2024-3493

CVE-2024-3493 affects Rockwell Automation ControlLogix 5580, GuardLogix 5580, CompactLogix 5380, and 1756-EN4TR. The root cause is improper input validation triggering a major nonrecoverable fault (MNRF) when a specific malformed fragmented packet is processed; exploitation can render the device ...

CVE-2024-21914

A vulnerability exists in the affected product that allows a malicious user to restart the Rockwell Automation PanelView™ Plus 7 terminal remotely without security protections. If the vulnerability is exploited, it could lead to the loss of view or control of the PanelView™ product...

Reliance on unknown governorCheckProposalId is a potential backdoor and risks loss of critical function control

Lines of code Vulnerability details Impact The GuardCM contract is designed to restrict the actions of the Community Multisig CM. However, a potential backdoor could allow the CM to bypass these restrictions and gain unrestricted access. The issue arises from the reliance on a specific proposal I...

Autel Robotics EVO Nano Series Security Breach

Autel Robotics EVO Nano Series is a series of drones from Autel Robotics. The Autel Robotics EVO Nano Series suffers from a security vulnerability that stems from being susceptible to a denial of service DoS attack and losing control at the edge of a no-fly zone...

Any extra reward tokens that accumulate in the contract remain locked there permanently.

Lines of code Vulnerability details Impact Funds get locked in contract resulting to Loss of asset control, funds and increased costs to recover fund Proof of Concept Reviewing the list of external and public functions, there is no withdraw or reclaim function: 2. Scanning the contract code, ther...

PT-2023-3074 · 3S Smart Software Solutions · Codesys Control

Name of the Vulnerable Software and Affected Versions: CODESYS Control versions affected versions not specified Description: The issue is related to an improper restriction of operations within the bounds of a memory buffer, which can be exploited by a remote attacker with user privileges to gain...

EFB Tampering. Approach and Landing Performance Part 2

Approach and Landing Performance Part 2: Approach Speeds, Cold Weather Corrections, Sources of Data Click here for part 1 Target: Approach speed calculation The speed at which aircraft fly on approach depends on a variety of factors including: Aircraft weight Flap setting Wind direction/speed Fin...

CVE-2019-6832

A CWE-287: Authentication vulnerability exists in spaceLYnk all versions before 2.4.0 and Wiser for KNX all versions before 2.4.0 - formerly known as homeLYnk, which could cause loss of control when an attacker bypasses the authentication...

CVE-2019-6832

A CWE-287: Authentication vulnerability exists in spaceLYnk all versions before 2.4.0 and Wiser for KNX all versions before 2.4.0 - formerly known as homeLYnk, which could cause loss of control when an attacker bypasses the authentication...

ESC 8832 Data Controller Multiple Vulnerabilities

Exploit for hardware platform in category web applications =begin Exploit Title: ESC 8832 Data Controller multiple vulnerabilities Date: 2014-05-29 Platform: SCADA / Web Application Exploit Author: Balazs Makany Vendor Homepage: www.envirosys.com Version: ESC 8832 Data Controller Hardware Tested...

Boeing 787 Generator Control Unit Integer Overflow Vulnerability

The Boeing 787 is a new medium-sized, twin-engine, wide-body, medium- to long-range transport aircraft developed by Boeing, also known as the Dreamliner. The Boeing 787 airliner has an integer overflow vulnerability in the implementation of the Generator Control Unit GCU, where after 248 days of...