12864 matches found
rspwner
RSPWNER RSPWNER is a Rust-based AI-assisted CTF pwn assistant...
CVE-2026-52753
Ghidra before 12.0.3 contains an out-of-memory vulnerability in the rustdemangle function that allocates unbounded output buffers without size limits. Attackers can craft malicious Rust symbol names in binaries to trigger exponential memory allocation, causing process crashes during binary analys...
CVE-2026-49497
Ghidra before 12.1 contains a path traversal vulnerability in SameDirDebugInfoProvider that fails to validate filenames from ELF binary .gnudebuglink sections before constructing file paths. Attackers can craft malicious ELF binaries with traversal sequences to probe filesystem existence and leak...
CVE-2026-52753 Ghidra < 12.0.3 - Out-of-Memory in Rust Symbol Demangler via Malformed Symbol
Ghidra before 12.0.3 contains an out-of-memory vulnerability in the rustdemangle function that allocates unbounded output buffers without size limits. Attackers can craft malicious Rust symbol names in binaries to trigger exponential memory allocation, causing process crashes during binary analys...
CVE-2026-52753
Ghidra
EUVD-2026-36012
Ghidra before 12.0.3 contains an out-of-memory vulnerability in the rustdemangle function that allocates unbounded output buffers without size limits. Attackers can craft malicious Rust symbol names in binaries to trigger exponential memory allocation, causing process crashes during binary analys...
EUVD-2026-36006
Ghidra before 12.1 contains a path traversal vulnerability in SameDirDebugInfoProvider that fails to validate filenames from ELF binary .gnudebuglink sections before constructing file paths. Attackers can craft malicious ELF binaries with traversal sequences to probe filesystem existence and leak...
CVE-2026-49497 Ghidra < 12.1 - Path Traversal via .gnu_debuglink in DWARF External Debug File Resolution
Ghidra before 12.1 contains a path traversal vulnerability in SameDirDebugInfoProvider that fails to validate filenames from ELF binary .gnudebuglink sections before constructing file paths. Attackers can craft malicious ELF binaries with traversal sequences to probe filesystem existence and leak...
CVE-2026-49497
CVE-2026-49497 concerns Ghidra before 12.1, which contains a path traversal flaw in the SameDirDebugInfoProvider. The bug arises because filenames from ELF binary .gnu_debuglink sections are not validated before file paths are built, enabling a local attacker to craft malicious ELF binaries with ...
vehicle-subsystem-security-assessment
🚗 End-to-end security assessment of vehicle subsystems ! Me...
cve-research
CVE Research Personal repository for CVE analysis, proof-of-c...
PT-2026-48413
Ghidra before 12.0.3 contains an out-of-memory vulnerability in the rust demangle function that allocates unbounded output buffers without size limits. Attackers can craft malicious Rust symbol names in binaries to trigger exponential memory allocation, causing process crashes during binary...
PT-2026-48408
Ghidra before 12.1 contains a path traversal vulnerability in SameDirDebugInfoProvider that fails to validate filenames from ELF binary .gnu debuglink sections before constructing file paths. Attackers can craft malicious ELF binaries with traversal sequences to probe filesystem existence and lea...
CVE-2026-9741 Client side encryption fails to encrypt values in a $vectorSearch
A bug in query analysis processing of the $vectorSearch aggregation stage for Queryable Encryption QE or Client-Side Field Level Encryption CSFLE results in literal values for encrypted fields within the $vectorSearch stage filter expressions to be sent to the server as plaintext instead of...
Network Log Analysis: Why Collecting Logs is Not Enough
Network Log Analysis helps teams turn raw logs into useful alerts, timelines, audit records, and incident evidence instead of storing data without action...
Malicious code in @bancolonbia/menu-filter-widget-web (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 76511e7873dc4a76b8447f91807e48289877ee612cd0d94526206390bbda7f3e package.json declares scripts.postinstall: node./callback.js, which fires automatically on npm install. callback.js reads the installer's hostname an...
MAL-2026-5367 Malicious code in odoo-addon-spp-base (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis da9c7bdf0b4ac969bfa720be2b3f87caa4c82a6d3ac7eeda5e74946aa3c1a1de The OpenSSF Package Analysis project identified 'odoo-addon-spp-base' @ 99.0.0 pypi as malicious. It is considered malicious because: - The...
Malicious code in @listings/energy-labels (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 41caac3ab1f9c35a72841357174aeeec16c142c08cc28030a875b2dba85f04ba The package declares "preinstall": "node index.js || true" in package.json, so on every npm install the script executes automatically and silently...
MAL-2026-5327 Malicious code in @listings/energy-labels (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 41caac3ab1f9c35a72841357174aeeec16c142c08cc28030a875b2dba85f04ba The package declares "preinstall": "node index.js || true" in package.json, so on every npm install the script executes automatically and silently...
The Hardest Fork
Mythos is real. I know a big chunk of the industry thinks it's a marketing stunt, and I get why. I get it. But I've seen the findings, and they're bad. These aren't "whoops, this line right here is wrong, and that's RCE." They're novel combinations of a few dozen issues out of thousands of things...