Fedora 41 : dotnet9.0 (2025-2edd9dc83b)

The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-2edd9dc83b advisory. This is the monthly update for .NET 9 for March 2025. Release Notes: - SDK: https://github.com/dotnet/core/blob/main/release-notes/9.0/9.0.3/9.0.104.md -...

OpDiffer: LLM-Assisted Opcode-Level Differential Testing of Ethereum Virtual Machine

As Ethereum continues to thrive, the Ethereum Virtual Machine EVM has become the cornerstone powering tens of millions of active smart contracts. Intuitively, security issues in EVMs could lead to inconsistent behaviors among smart contracts or even denial-of-service of the entire blockchain...

InjectLab: a Tactical Framework for Adversarial Threat Modeling against Large Language Models

Large Language Models LLMs are changing the way people interact with technology. Tools like ChatGPT and Claude AI are now common in business, research, and everyday life. But with that growth comes new risks, especially prompt-based attacks that exploit how these models process language. InjectLa...

ARCeR: an Agentic RAG for the Automated Definition of Cyber Ranges

The growing and evolving landscape of cybersecurity threats necessitates the development of supporting tools and platforms that allow for the creation of realistic IT environments operating within virtual, controlled settings as Cyber Ranges CRs. CRs can be exploited for analyzing vulnerabilities...

WalletProbe: a Testing Framework for Browser-Based Cryptocurrency Wallet Extensions

Serving as the first touch point for users to the cryptocurrency world, cryptocurrency wallets allow users to manage, receive, and transmit digital assets on blockchain networks and interact with emerging decentralized finance DeFi applications. Unfortunately, cryptocurrency wallets have always...

OpenPanel 0.3.4 - Incorrect Access Control

Exploit Title: OpenPanel 0.3.4 - Incorrect Access Control Date: Nov 25, 2024 Exploit Author: Korn Chaisuwan, Punthat Siriwan, Pongtorn Angsuchotmetee Vendor Homepage: https://openpanel.com/ Software Link: https://openpanel.com/ Version: 0.3.4 Tested on: macOS CVE : CVE-2024-53582 GET /files/../...

CBL Mariner 2.0 Security Update: libtiff (CVE-2023-6228)

The version of libtiff installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-6228 advisory. - An issue was found in the tiffcp utility distributed by the libtiff package where a crafted TIFF file on...

Exploit for Deserialization of Untrusted Data in Apache Tomcat

Apache Tomcat CVE-2025-24813 Proof of Concept PoC !License...

CVE-2025-32387 vulnerabilities

Vulnerabilities for packages: flux-source-controller, trivy, eksctl, kots, helm-docs, chart-testing, k8ssandra-client, cilium-cli, kubescape, teleport, rancher-helm, helm-push, flux, flux-helm-controller, zarf, k9s, cert-manager-cmctl, zot, chartmuseum, tw, pluto, cluster-api-helm-controller,...

GHSA-4HFP-H4CW-HJ8P vulnerabilities

Vulnerabilities for packages: flux-source-controller, trivy, eksctl, kots, helm-docs, chart-testing, k8ssandra-client, cilium-cli, kubescape, teleport, rancher-helm, helm-push, flux, flux-helm-controller, zarf, k9s, cert-manager-cmctl, zot, chartmuseum, tw, pluto, cluster-api-helm-controller,...

CVE-2025-32386 vulnerabilities

Vulnerabilities for packages: flux-source-controller, trivy, eksctl, kots, helm-docs, chart-testing, k8ssandra-client, cilium-cli, kubescape, teleport, rancher-helm, helm-push, flux, flux-helm-controller, zarf, k9s, cert-manager-cmctl, zot, chartmuseum, tw, pluto, cluster-api-helm-controller,...

GHSA-5XQW-8HWV-WG92 vulnerabilities

Vulnerabilities for packages: flux-source-controller, trivy, eksctl, kots, helm-docs, chart-testing, k8ssandra-client, cilium-cli, kubescape, teleport, rancher-helm, helm-push, flux, flux-helm-controller, zarf, k9s, cert-manager-cmctl, zot, chartmuseum, tw, pluto, cluster-api-helm-controller,...

GHSA-5XQW-8HWV-WG92 vulnerabilities

Vulnerabilities for packages: zarf, flux-source-controller-fips, helm-push, kots, cert-manager-cmctl, chartmuseum-fips, cluster-api-helm-controller, consul-k8s, flux-helm-controller-fips, cloudbeat-fips, zot, tw, flux-source-controller, k8ssandra-client, trivy-fips, consul-k8s-fips, eksctl,...

QuickResponseC2 - A Command & Control Server That Leverages QR Codes To Send Commands And Receive Results From Remote Systems

QuickResponseC2 is a stealthy Command and Control C2 framework that enables indirect and covert communication between the attacker and victim machines via an intermediate HTTP/S server. All network activity is limited to uploading and downloading images, making it an fully undetectable by IPS/IDS...

Exploit for CVE-2025-2825

It is an exploit module/toolkit targeting CrushedFTP. The tool,...

Microsoft Security Update Validation Report April 2025

Microsoft’s April 2025 security updates have passed Citrix testing the updates are listed below. The testing is not all-inclusive; all tests are executed against English only environments and issues may still be found upon implementation. Follow best practices for testing and installing software...

EulerOS 2.0 SP11 : wget (EulerOS-SA-2025-1381)

According to the versions of the wget package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Applications that use Wget to access a remote resource using shorthand URLs and pass arbitrary user credentials in the URL are vulnerable. In these...

PVS BIOS based target devices are slow to boot

PVS BIOS based target devices were slow to boot, with following observations: BIOS based target devices often taking tens of minutes to boot successfully, occasionally target devices may fail to boot. The network conditions in standard production network were non optimal for PVS boot performance...

CLSA-2025-1744301726 libgcrypt: Fix of CVE-2024-2236

Synced to upstream plus ASN.1 patch - Tested on AlmaLinux 9.5 - Fix CVE-2024-2236 RHEL-34579...

Juniper Junos OS Vulnerability (JSA96458)

The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA96458 advisory. - An Improper Input Validation vulnerability in the CVE-2025-30648 Note that Nessus has not tested for these issues but has instead relied only on the application's...