Vulnerability-Exploit-Correlation-Engine

Vulnerability-Exploit-Correlation-Engine Passive-analysis CLI...

PT-2026-39464

soundcloud-rpc is a SoundCloud Client with Discord Rich Presence, Dark Mode, Last.fm and AdBlock support. Prior to 0.1.8, a track title containing an HTML payload executed locally in the Electron app. This means attacker-controlled SoundCloud track metadata can lead to local command execution on...

FixV2W: Correcting Invalid CVE-CWE Mappings with Knowledge Graph Embeddings

Accurate mapping between Common Vulnerabilities and Exposures CVE and Common Weakness Enumeration CWE entries is critical for effective vulnerability management and risk assessment. However, public databases, such as the National Vulnerability Database NVD, suffer from inconsistent and incomplete...

Microsoft Excel Buffer Overflow Vulnerability (CNVD-2026-18600)

Microsoft Excel is a spreadsheet processing software in the Office suite from Microsoft USA. A security vulnerability exists in Microsoft Excel. An attacker could exploit the vulnerability to obtain sensitive information...

CVE-2026-4274

creationtimestamp| type| source ---|---|--- 2026-04-16 11:35:11+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3mjmcwqgahd2b...

SkillCyberPunk

Security Vulnerability Scanner A Claude Code plugin that auto...

Policy-Driven Vulnerability Risk Quantification Framework for Large-Scale Cloud Infrastructure Data Security

The exponential growth of Common Vulnerabilities and Exposures CVE disclosures poses significant challenges for enterprise security management, necessitating automated and quantitative risk assessment methodologies. Existing vulnerability analysis approaches suffer from three critical limitations...

CVE-2026-3116

creationtimestamp| type| source ---|---|--- 2026-03-27 03:00:09+00:00| seen| https://nvd.nist.gov/vuln/detail/CVE-2026-4274...

CVE-2026-3115

creationtimestamp| type| source ---|---|--- 2026-03-27 03:00:09+00:00| seen| https://nvd.nist.gov/vuln/detail/CVE-2026-4274...

CVE-2026-27656

creationtimestamp| type| source ---|---|--- 2026-03-26 03:00:14+00:00| seen| https://nvd.nist.gov/vuln/detail/CVE-2026-27656...

Exploit for Expression Language Injection in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

ExploitAtlas A full-stack Rust application for CVE intelligen...

Number withdrawal

“ring” is a library developed by Brian Smith as an individual contributor. This CVE number has been withdrawn...

Fedora: Security Advisory (FEDORA-2025-c7f4367479)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Real-VulLLM: An LLM Based Assessment Framework in the Wild

Artificial Intelligence AI and more specifically Large Language Models LLMs have demonstrated exceptional progress in multiple areas including software engineering, however, their capability for vulnerability detection in the wild scenario and its corresponding reasoning remains underexplored...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from not handling lrbp-cmd correctly, which could result in command timeouts and warning messages...

PatchSeeker: Mapping NVD Records to Their Vulnerability-Fixing Commits with LLM Generated Commits and Embeddings

Software vulnerabilities pose serious risks to modern software ecosystems. While the National Vulnerability Database NVD is the authoritative source for cataloging these vulnerabilities, it often lacks explicit links to the corresponding Vulnerability-Fixing Commits VFCs. VFCs encode precise code...

Google Android Information Disclosure Vulnerability (CNVD-2025-28666)

Google Android is a Linux-based open source operating system from Google. Google Android has an information disclosure vulnerability that can be exploited by attackers to obtain sensitive information...

AegisShield: Democratizing Cyber Threat Modeling with Generative AI

The increasing sophistication of technology systems makes traditional threat modeling hard to scale, especially for small organizations with limited resources. This paper develops and evaluates AegisShield, a generative AI enhanced threat modeling tool that implements STRIDE and MITRE ATT&CK to...

Kenwood DMX958XR Command Injection Vulnerability (CNVD-2025-20290)

The Kenwood DMX958XR is an in-car infotainment system from Kenwood. The Kenwood DMX958XR suffers from a command injection vulnerability that can be exploited by an attacker to execute code in a root context...

Microsoft Windows 安全漏洞

Microsoft Windows is a suite of operating systems for use on personal devices by Microsoft Corporation USA. A security vulnerability exists in Microsoft Windows Security App. An attacker exploits the vulnerability to perform spoofing attacks...