740 matches found
GHSA-HQJR-43R5-9Q58 MobSF has SQL Injection in its SQLite Database Viewer Utils
Description MobSF's readsqlite function in mobsf/MobSF/utils.py lines 542-566 uses Python string formatting % to construct SQL queries with table names read from a SQLite database's sqlitemaster table. When a security analyst uses MobSF to analyze a malicious mobile application containing a craft...
The Attack and Defense Landscape of Agentic AI: A Comprehensive Survey
AI agents that combine large language models with non-AI system components are rapidly emerging in real-world applications, offering unprecedented automation and flexibility. However, this unprecedented flexibility introduces complex security challenges fundamentally different from those in...
Post-Quantum Federated Learning: Secure and Scalable Threat Intelligence for Collaborative Cyber Defense
Collaborative threat intelligence via federated learning FL faces critical risks from quantum computing, which can compromise classical encryption methods. This study proposes a quantum-secure FL framework using post-quantum cryptography PQC to protect cross-organizational data sharing. We expose...
STARDIS: Strategic Scheduling and Deceptive Signaling for Satellite Intrusion Detection System Deployment
Satellite communication networks operate under stringent computational constraints and are susceptible to sophisticated cyberattacks. This paper introduces a novel defense framework that decouples security optimization into ground-based analysis and onboard real-time execution. In the long-term...
VulnCheck KEV: CVE-2021-39152
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream with a Java runtime version 14 to 8. ...
Apache Shiro 安全漏洞
Apache Shiro is a Java security framework developed by the Apache Foundation in the United States. It is used for authentication, authorization, encryption, and session management. Versions of Apache Shiro such as 1. and 2.0.7 had security vulnerabilities. These vulnerabilities were due to observ...
Co-RedTeam: Orchestrated Security Discovery and Exploitation with LLM Agents
Large language models LLMs have shown promise in assisting cybersecurity tasks, yet existing approaches struggle with automatic vulnerability discovery and exploitation due to limited interaction, weak execution grounding, and a lack of experience reuse. We propose Co-RedTeam, a security-aware...
PT-2026-4843
Name of the Vulnerable Software and Affected Versions MobSF versions prior to 4.4.5 Description MobSF is a mobile application security testing tool. A Stored Cross-site Scripting XSS vulnerability exists in MobSF’s Android manifest analysis. This allows an attacker to execute arbitrary JavaScript...
Mitigating the OWASP Top 10 for Large Language Models Applications Using Intelligent Agents
Large Language Models LLMs have emerged as a transformative and disruptive technology, enabling a wide range of applications in natural language processing, machine translation, and beyond. However, this widespread integration of LLMs also raised several security concerns highlighted by the Open...
Unified Framework for Qualifying Security Boundary of PUFs against Machine Learning Attacks
Physical Unclonable Functions PUFs serve as lightweight, hardware-intrinsic entropy sources widely deployed in IoT security applications. However, delay-based PUFs are vulnerable to Machine Learning Attacks MLAs, undermining their assumed unclonability. There are no valid metrics for evaluating P...
Multi-Turn Jailbreaking Attack in Multi-Modal Large Language Models
In recent years, the security vulnerabilities of Multi-modal Large Language Models MLLMs have become a serious concern in the Generative Artificial Intelligence GenAI research. These highly intelligent models, capable of performing multi-modal tasks with high accuracy, are also severely susceptib...
Multi-Agent Framework for Threat Mitigation and Resilience in AI-Based Systems
Machine learning ML underpins foundation models in finance, healthcare, and critical infrastructure, making them targets for data poisoning, model extraction, prompt injection, automated jailbreaking, and preference-guided black-box attacks that exploit model comparisons. Larger models can be mor...
Securing Agentic AI Systems -- a Multilayer Security Framework
Securing Agentic Artificial Intelligence AI systems requires addressing the complex cyber risks introduced by autonomous, decision-making, and adaptive behaviors. Agentic AI systems are increasingly deployed across industries, organizations, and critical sectors such as cybersecurity, finance, an...
The Impact of Robotic Process Automation (RPA) on Identity and Access Management
As enterprises refine their strategies for handling Non-Human Identities NHIs, Robotic Process Automation RPA has become a powerful tool for streamlining operations and enhancing security. However, since RPA bots have varying levels of access to sensitive information, enterprises must be prepared...
Exposing Vulnerabilities in Counterfeit Prevention Systems Utilizing Physically Unclonable Surface Features
Counterfeit products pose significant risks to public health and safety through infiltrating untrusted supply chains. Among numerous anti-counterfeiting techniques, leveraging inherent, unclonable microscopic irregularities of paper surfaces is an accurate and cost-effective solution. Prior work ...
LLM Causality Analysis Framework
A comprehensive framework for multi-level causality analysis in Large Language Models LLMs, enabling systematic investigation of safety mechanisms and misbehavior detection across token, neuron, layer, and representation levels. Includes the whitepaper 2512.04841.pdf titled SoK: A Comprehensive...
wp_exploitation_framework
🚀 WordPress PWN Framework v5.0 - AI-Powered Edition !Python...
BIT-ACTIVEMQ-2021-21348 XStream is vulnerable to an attack using Regular Expression for a Denial of Service (ReDos)
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to occupy a thread that consumes maximum CPU time and will never return. No user is affected, who followed the recommendation to setup...
BIT-ACTIVEMQ-2021-21347 XStream is vulnerable to an Arbitrary Code Execution attack
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who follow...
BIT-ACTIVEMQ-2021-21346 XStream is vulnerable to an Arbitrary Code Execution attack
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who follow...