New Malware Uses Windows Character Map for Cryptomining

Darktrace reports new malware hijacking Windows Character Map for cryptomining, exposing risks of hidden attacks in everyday software…...

Linux Distros Unpatched Vulnerability : CVE-2014-0085

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - JBoss Fuse did not enable encrypted passwords by default in its usage of Apache Zookeeper. This permitted sensitive information disclosure via logging to local...

Huawei EulerOS: Security Advisory for emacs (EulerOS-SA-2025-1903)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

ESP-IDF web_server basic auth bypass using empty or incomplete Authorization header

Summary On the ESP-IDF platform, ESPHome's webserver authentication check can pass incorrectly when the client-supplied base64-encoded Authorization value is empty or is a substring of the correct value e.g., correct username with partial password. This allows access to webserver functionality...

Security Bulletin: IBM Data Product Hub is affected by several vulnerabilities

Summary IBM Data Product Hub has dependencies on IBM Semeru, IBM WebSphere Application Server Liberty, Requests Python HTTP library, and Node.js Dompurify, Brace-expansion, Xmldom, Undici, and Form-data runtime modules, which are vulnerable. This bulletin contains information regarding the...

Linux Distros Unpatched Vulnerability : CVE-2018-19871

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Qt before 5.11.3. There is QTgaFile Uncontrolled Resource Consumption. CVE-2018-19871 Note that Nessus relies on the presence of the...

Linux Distros Unpatched Vulnerability : CVE-2018-20725

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A cross-site scripting XSS vulnerability exists in graphtemplates.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Graph Vertic...

CISA: FY 2025 State and Local Cybersecurity Grant Program FAQs

Congress established the State and Local Cybersecurity Grant Program SLCGP to "award grants to eligible entities to address cybersecurity risks and cybersecurity threats to information systems owned or operated by, or on behalf of, state, local, or Tribal governments." Within the U.S. Department ...

Exploit for Relative Path Traversal in Articatech Artica_Proxy

LFI to RCE Exploit via Log Poisoning Python3 exploit for CVE...

Repairing Vulnerabilities without Invisible Hands. a Differentiated Replication Study on LLMs

Background: Automated Vulnerability Repair AVR is a fast-growing branch of program repair. Recent studies show that large language models LLMs outperform traditional techniques, extending their success beyond code generation and fault detection. Hypothesis: These gains may be driven by hidden...

The Complexity of the SupportMinors Modeling for the MinRank Problem

In this note, we provide proven estimates for the complexity of the SupportMinors Modeling, mostly confirming the heuristic complexity estimates contained in the original article...

Synchronic Web Digital Identity: Speculations on the Art of the Possible

As search, social media, and artificial intelligence continue to reshape collective knowledge, the preservation of trust on the public infosphere has become a defining challenge of our time. Given the breadth and versatility of adversarial threats, the best--and perhaps only--defense is an equall...

📄 Remote for Mac 2025.6 Remote Code Execution

Remote for Mac version 2025.6 allows an unauthenticated remote attacker to achieve remote code execution by sending a crafted sequence of UDP packets that simulate keyboard input. Exploit Title: Remote for Mac 2025.6 - Remote Code Execution RCE Date: 2025-05-27 Exploit Author: Chokri Hammedi Vend...

Exploit for Out-of-bounds Read in Microsoft

CVE-2024-49113-Checker Script to test whether your environment...

Vulnerability-Research

Vulnerability Research Repository Overview This repositor...

Exploit for Incorrect Default Permissions in Fidelissecurity Deception

Fidelis Network and Deception - CVE-2022-0997 - Insecure File...

Exploit for CVE-2018-8581

Exchange2domain !Python 2.7https://img.shields.io/badge/p...

Exploit for Improper Handling of Exceptional Conditions in Apache Struts

I extended Scott Campbell's script further, made it more complic...

Microsoft .NET Framework WinForms Buffer Overflow (CVE-2013-0002)

A buffer overflow vulnerability exists in Microsoft .NET Framework Windows Form. The vulnerability is due to a race condition when handling the size of an array of objects prior to copying them into a global memory buffer.An attacker can remotely exploit this vulnerability by enticing a user to...

Invision Power Board <= 3.3.4 "unserialize()" PHP Code Execution

No description provided by source. ?php / ---------------------------------------------------------------- Invision Power Board = 3.3.4 "unserialize" PHP Code Execution ---------------------------------------------------------------- author..............: Egidio Romano aka EgiX...