Timing Attack

Overview Affected versions of this package are vulnerable to Timing Attack through the sample and samplematrix functions in FrodoEngine.java. An attacker can recover information about the sampled noise values by observing how long Frodo key generation or encapsulation takes when it processes...

The Anatomy of HTML Attachment Phishing

The Anatomy of HTML Attachment Phishing: One Code, Many Variants By Niranjan Hegde and Sijo Jacob · June 14, 2023 This blog was also written by Mathanraj Thangaraju Introduction Phishing is the malevolent practise of pretending to be a reliable entity in electronic communication to steal sensitiv...

sql-injection-corpus

SQL Injection Corpus - User Guide Overview This corpus con...

📄 OpenEXR Integer Overflow

Proof of concept exploit for a potential integer overflow condition when processing specially crafted multi‑part DeepScanLine EXR files with OpenEXR. The program generates a malicious .exr file containing 86 parts, where each pixel is assigned 50,000,000 samples. When these values are summed...

CLSA-2026-1772622084 libtiff: Fix of CVE-2025-61144

CVE-2025-61144: add MAXSAMPLES bounds check in combineSeparateSamplesBytes to prevent stack-based buffer overflow when spp exceeds MAXSAMPLES in tiffcrop...

operator-poc

operator-poc // TODOuser: Add simple overview of use/purpose...

com.foxinmy:easemob4j (>=1.1.0 <=1.1.3), com.foxinmy:umeng4j (>=1.1.0 <=1.1.3) +13 more potentially affected by CVE-2026-24819 via com.foxinmy:weixin4j-base (>=1.0 <=1.9.1)

com.foxinmy:weixin4j-base MAVEN version =1.0, =1.1.0, =1.1.0, =1.9.0, =1.4, =1.0, =1.9.0, =1.4, =1.0, =1.8.0, =1.0.9-RELEASE, =0.0.2, =0.0.3 - org.oxerr:spring-security-wechat-samples-helloworld =0.0.1 Source cves: CVE-2026-24819 Source advisory: SNYK:JAVA-COMFOXINMY-15128702...

Burp Suite 2025.12.4 Extension Advanced ReDoS Detector

This Burp Suite Java extension integrates an advanced timing-based ReDoS detection engine into Burp's Active Scanner. It automatically tests HTTP parameters using crafted payloads to identify exponential regex backtracking vulnerabilities. The extension performs warm-up requests, collects baselin...

Medium: libtiff

Issue Overview: LibTIFF 4.4.0 has an out-of-bounds write in extractContigSamplesShifted24bits in tools/tiffcrop.c:3604, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit cfbb883b. CVE-2022-3598...

MiracleLinux 9 : speex-1.2.0-11.el9 (AXSA:2022-4570:01)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2022-4570:01 advisory. speex: divide by zero in readsamples via crafted WAV file CVE-2020-23903 Tenable has extracted the preceding description block directly from the MiracleLinux...

4 Outdated Habits Destroying Your SOC's MTTR in 2026

It's 2026, yet many SOCs are still operating the way they did years ago, using tools and processes designed for a very different threat landscape. Given the growth in volumes and complexity of cyber threats, outdated practices no longer fully support analysts' needs, staggering investigations and...

SUSE CVE-2023-54312

In the Linux kernel, the following vulnerability has been resolved: samples/bpf: Fix buffer overflow in tcpbasertt Using sizeofnv or strlennv+1 is correct...

EUVD-2023-60492

In the Linux kernel, the following vulnerability has been resolved: samples/bpf: Fix buffer overflow in tcpbasertt Using sizeofnv or strlennv+1 is correct...

CVE-2023-54312

In the Linux kernel, the following vulnerability has been resolved: samples/bpf: Fix buffer overflow in tcpbasertt Using sizeofnv or strlennv+1 is correct...

CVE-2023-54312

In the Linux kernel, the following vulnerability has been resolved: samples/bpf: Fix buffer overflow in tcpbasertt Using sizeofnv or strlennv+1 is correct...

CVE-2023-54312

CVE-2023-54312: Technical details (affected product/version, root cause, exploitation) are not provided in the connected documents. No public details available here; monitor vendor advisories for updates.

RAW-CVE

This repository contai...

Better Call Graphs: A New Dataset of Function Call Graphs for Malware Classification

Function call graphs FCGs have emerged as a powerful abstraction for malware detection, capturing the behavioral structure of applications beyond surface-level signatures. Their utility in traditional program analysis has been well established, enabling effective classification and analysis of...

CISA and Partners Release Update to Malware Analysis Report BRICKSTORM Backdoor

Today, the Cybersecurity and Infrastructure Security Agency CISA, National Security Agency, and Canadian Centre for Cyber Security released an update to the Malware Analysis Report BRICKSTORM Backdoor with indicators of compromise IOCs and detection signatures for additional BRICKSTORM samples...

📄 Samsung QuramDng Out-Of-Bounds Write

Samsung QuramDng has an invalid LossyJpeg component assumption that leads to an out-of-bounds write. BACKGROUND Samsung Android uses an internal DNG decoding library, QuramDng in libimagecodec.quram.so, to decode images in com.samsung.ipservice and com.samsung.gallery3d. Samsung Gallery will deco...