Adobe After Effects has a binary vulnerability

Adobe After Effects is a set of visual effects and motion graphics production software from the American company Audobee Adobe. The software is mainly used for 2D and 3D synthesis, animation and visual effects production. A binary vulnerability exists in Adobe After Effects 25.6 and earlier...

Ubuntu: Security Advisory (USN-8064-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Allocation of Resources Without Limits or Throttling

Overview @sveltejs/kit is a SvelteKit framework and CLI Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the deserializebinaryform function in the remote form handler. An attacker can exhaust application resources by sending crafted bina...

Reverse CAPTCHA: Evaluating LLM Susceptibility to Invisible Unicode Instruction Injection

We introduce Reverse CAPTCHA, an evaluation framework that tests whether large language models follow invisible Unicode-encoded instructions embedded in otherwise normal-looking text. Unlike traditional CAPTCHAs that distinguish humans from machines, our benchmark exploits a capability gap: model...

CVE-2026-27615 ADB-Explorer: UNC Path Support in ManualAdbPath Leads to Remote Code Execution (RCE)

ADB Explorer is a fluent UI for ADB on Windows. In versions prior to Beta 0.9.26022, ADB-Explorer allows the ManualAdbPath settings variable, which determines the path of the ADB binary to be executed, to be set to a Universal Naming Convention UNC path in the application's settings file. This...

APFuzz: Towards Automatic Greybox Protocol Fuzzing

Greybox protocol fuzzing is a random testing approach for stateful protocol implementations, where the input is protocol messages generated from mutations of seeds, and the search in the input space is driven by the feedback on coverage of both code and state. State model and message model are th...

pwn-claude-plugin

pwn-claude-plugin Claude Code plugin for binary exploitation...

CVE-2025-70328

TOTOLINK X6000R v9.4.0cu.1498B20250826 contains an OS command injection vulnerability in the NTPSyncWithHost handler of the /usr/sbin/shttpd executable. The hosttime parameter is retrieved via sub40C404 and passed to a date -s shell command through CsteSystem. While the first two tokens of the...

ADB Explorer 安全漏洞

ADB Explorer is a ADB user interface developed by Alex B as an individual developer. Versions of ADB Explorer prior to 0.9.26020 contain security vulnerabilities. These vulnerabilities stem from the lack of verification of the integrity or authenticity of the ADB binary path before execution, whi...

Important: golang

Issue Overview: A discrepancy between how Go and C/C++ comments were parsed allowed for code smuggling into the resulting cgo binary. CVE-2025-61732 Affected Packages: golang Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between...

Amazon Linux 2023 : golang, golang-bin, golang-misc (ALAS2023-2026-1438)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1438 advisory. A discrepancy between how Go and C/C++ comments were parsed allowed for code smuggling into the resulting cgo binary. CVE-2025-61732 Tenable has extracted the preceding description block directly from...

Important: golang

Issue Overview: A discrepancy between how Go and C/C++ comments were parsed allowed for code smuggling into the resulting cgo binary. CVE-2025-61732 Affected Packages: golang Issue Correction: Run dnf update golang --releasever 2023.10.20260216 or dnf update --advisory ALAS2023-2026-1438...

Mind the Gap: Evaluating LLMs for High-Level Malicious Package Detection Vs. Fine-Grained Indicator Identification

The prevalence of malicious packages in open-source repositories, such as PyPI, poses a critical threat to the software supply chain. While Large Language Models LLMs have emerged as a promising tool for automated security tasks, their effectiveness in detecting malicious packages and indicators...

cmd/cgo: Go cgo: Code smuggling due to comment parsing discrepancy

A flaw was found in Go's 'cgo tool'. This vulnerability arises from a discrepancy in how Go and C/C++ comments are parsed, which allows for malicious code to be hidden within comments and then "smuggled" into the compiled cgo binary. An attacker could exploit this to embed and execute arbitrary...

CVE-2025-70122

A heap buffer overflow vulnerability in the UPF component of free5GC v4.0.1 allows remote attackers to cause a denial of service via a crafted PFCP Session Modification Request. The issue occurs in the SDFFilterFields.UnmarshalBinary function sdf-filter.go when processing a declared length that...

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow via the SDFFilterFields.UnmarshalBinary function when processing a declared length that exceeds the actual buffer capacity. An attacker can cause a crash of the UPF component by sending a specially crafted PFC...

Exploit for CVE-2026-20841

Purpose The purpose of this work is to investigate the RCE vul...

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection via the command execution functionality. An attacker can execute a malicious binary through the application, which will run with the privileges of the service owner. Remediation There is no fixed version for...

CVE-2026-25880

SumatraPDF is a multi-format reader for Windows. In 3.5.2 and earlier, the PDF reader allows execution of a malicious binary explorer.exe located in the same directory as the opened PDF when the user clicks File → “Show in folder”. This behavior leads to arbitrary code execution on the victim’s...

CVE-2026-23719

The CVE covers a heap-based buffer overflow flaw in Simcenter Femap and Simcenter Nastran (all versions before 2512) when parsing specially crafted NDB files. This can allow code execution in the current process. Affected products are Simcenter Femap and Simcenter Nastran prior to 2512; the root ...