The Emergence of Autonomous Penetration Capabilities in Large Language Model-Powered AI Systems

Nowadays, the autonomous execution of cyberattacks capable of causing substantial real-world harm is widely regarded as one of the critical red lines that frontier AI systems must not cross. Within this broader red-line scenario, autonomous penetration represents a core enabling capability and...

CVE-2026-45549

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, agentaction app/routes/smon/agentroutes.py:166-179 has decorators @bp.post'/agent/action/' and @jwtrequired only — no role check, no group ownership check on the serverip form...

STORED XSS in Journal-> Sections

Description Stored attacks are those where the injected script is permanently stored on the target servers, such as in a database, in a message forum, visitor log, comment field, etc. The victim then retrieves the malicious script from the server when it requests the stored information. Stored XS...

T-Reqs-HTTP-Fuzzer - A Grammar-Based HTTP Fuzzer

T-Reqs T wo Req uests is a grammar-based HTTP Fuzzer written as a part of the paper titled "T-Reqs: HTTP Request Smuggling with Differential Fuzzing" which was presented at ACM CCS 2021. BibTeX of the paper: @inproceedingsccs2021treqs, title=T-Reqs: HTTP Request Smuggling with Differential Fuzzin...

Microsoft .NET Core 安全漏洞

Microsoft.NET Core provides a fast, modular platform for creating server applications that run on Windows, Linux and macOS. A remote code execution vulnerability exists in Microsoft .NET Core. An attacker could exploit the vulnerability to execute code on the target server...

OpenDocMan 1.2.7.2 Cross Site Scripting

Exploit Title: Stored Cross Site Scripting Vulnerability leads to hijack the users session Date: 2 July 2014 Exploit Author: Madhu Akula Vendor Homepage: http://www.opendocman.com/ Version : 1.2.7.2 Severity: High Description : About Vulnerability : Stored attacks are those where the injected...