12918 matches found
CVE-2026-4946
Ghidra versions prior to 12.0.3 improperly process annotation directives embedded in automatically extracted binary data, resulting in arbitrary command execution when an analyst interacts with the UI. Specifically, the @execute annotation which is intended for trusted, user-authored comments is...
CVE-2026-4946
Ghidra up to version 12.0.2 is affected by a flaw where annotation directives embedded in automatically extracted binary data (notably the @execute directive parsed from auto-analysis comments like CFStrings in Mach‑O) are executed when an analyst clicks benign-looking UI text. This yields arbitr...
Malicious code in f0-state-manager (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 989b5f62777b6b7fbd236eb28a54b0e42ba48548dc0a49919c5f311c1f1c7072 The package f0-state-manager was found to contain malicious code. Source: ossf-package-analysis...
Malicious code in dial-app-version (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9efdd5b481d49a0d9ac535aedde75dbf5638bd85e7efe9c536d2938c57142799 The package dial-app-version was found to contain malicious code. Source: ossf-package-analysis...
MAL-2026-2284 Malicious code in bizsignupnodeweb (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ceaf1cee13e367f987a97f8de4c8fb4985ab1eedd49be1912467793dce9f0ef9 The package bizsignupnodeweb was found to contain malicious code. Source: ossf-package-analysis...
penclaw
🦀 PenClaw AI-powered penetration testing CLI. One command...
Context-Aware Phishing Email Detection Using Machine Learning and NLP
Phishing attacks remain among the most prevalent cybersecurity threats, causing significant financial losses for individuals and organizations worldwide. This paper presents a machine learning-based phishing email detection system that analyzes email body content using natural language processing...
Finding Memory Leaks in C/C++ Programs Via Neuro-Symbolic Augmented Static Analysis
Memory leaks remain prevalent in real-world C/C++ software. Static analyzers such as CodeQL provide scalable program analysis but frequently miss such bugs because they cannot recognize project-specific custom memory-management functions and lack path-sensitive control-flow modeling. We present...
Quantum Bit Error Rate Analysis in BB84 Quantum Key Distribution: Measurement, Statistical Estimation, and Eavesdropping Detection
Quantum Key Distribution QKD provides information-theoretic security by exploiting the principles of quantum mechanics. Among QKD protocols, the BB84 scheme remains the most widely adopted for both theoretical research and practical implementation. A critical parameter determining the reliability...
Malicious code in monolith-twirp-codingagentintegrations-codingagentintegrations (RubyGems)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 24ecd94ab40a4a1b574b48137b92d60ad65d610301ee07661c928706bd54c81b The OpenSSF Package Analysis project identified 'monolith-twirp-codingagentintegrations-codingagentintegrations' @ 1.0.2 rubygems as malicious. ...
Malicious code in monolith-twirp-partitioning-pull_requests (RubyGems)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 4214957e3e8849b6df7eb3bbd1b2c6e547fe8aa2c590a8a3a644e7d6ea8d73ed The OpenSSF Package Analysis project identified 'monolith-twirp-partitioning-pullrequests' @ 1.0.2 rubygems as malicious. It is considered...
Malicious code in monolith-twirp-reposinsights-reposinsights (RubyGems)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 49ad89ab960db3d5775dcbda83df2d42c9b3ccb2e799c7ee83729e6451b94e02 The OpenSSF Package Analysis project identified 'monolith-twirp-reposinsights-reposinsights' @ 1.0.2 rubygems as malicious. It is considered...
Malicious code in monolith-twirp-scribe-scribe (RubyGems)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis b03619db6c705a6825d54849e5322d125ae380dbb1f7e404b46718868185faeb The OpenSSF Package Analysis project identified 'monolith-twirp-scribe-scribe' @ 1.0.6 rubygems as malicious. It is considered malicious because...
MAL-2026-2264 Malicious code in monolith-twirp-scribe-scribe (RubyGems)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis b03619db6c705a6825d54849e5322d125ae380dbb1f7e404b46718868185faeb The OpenSSF Package Analysis project identified 'monolith-twirp-scribe-scribe' @ 1.0.6 rubygems as malicious. It is considered malicious because...
Malicious code in current-context-urn (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4a89385538c4df75cf7f40207e1ccdf6501459d80e8c9a0580955e9422d7c3a4 The package current-context-urn was found to contain malicious code. Source: ossf-package-analysis...
Malicious code in xpna-context (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 678a96ef06b05d2ab867c1eea4dbed1cfc69f99cb4904e02c48736df0da7695e The package xpna-context was found to contain malicious code. Source: ossf-package-analysis...
Synopsys Coverity Connect 安全漏洞
Synopsys Coverity Connect is a web-based platform provided by Synopsys, Inc. It primarily consists of static code analysis tools and dynamic code analysis tools. Synopsys Coverity Connect has security vulnerabilities; one of these vulnerabilities stems from the identity verification logic in the...
MAL-2026-2243 Malicious code in browserstack-electron-forge-include-package-plugin (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e23283b4b946444b885ae39acf12ae0ca55ddd864863df70b0fcf84f5c5c57b3 The package browserstack-electron-forge-include-package-plugin was found to contain malicious code. Source: ossf-package-analysis...
MAL-2026-2238 Malicious code in spr-i18n-labels (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 59aab6cd08bb49192276e3b198d9caf42969db9f6793c54f4e1ca2b49c78fc04 The package spr-i18n-labels was found to contain malicious code. Source: ghsa-malware 01ee0be82b4212526afd2aaa40dc1ba0939646f6c94911550d3b648f8cd1d38...
CVE-2026-4516
A vulnerability was found in Foundation Agents MetaGPT up to 0.8.1. This vulnerability affects unknown code of the file metagpt/actions/di/writeanalysiscode.py of the component DataInterpreter. The manipulation results in injection. It is possible to launch the attack remotely. The exploit has be...