Allocation of Resources Without Limits or Throttling

Overview org.webjars.npm:socket.io-parser is a socket.io protocol parser Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the Decoder class, which accepts an unlimited number of binary attachments. An attacker can exploit this to exhaust...

Improper Privilege Management

github.com/lxc/incus is vulnerable to Improper Privilege Management. The vulnerability is due to improper handling of custom storage volumes with the security.shifted property, which allows an attacker with root access inside a container to create a setuid binary that can be executed on the host ...

Free real estate: GoPix, the banking Trojan living off your memory

Introduction GoPix is an advanced persistent threat targeting Brazilian financial institutions' customers and cryptocurrency users. It represents an evolved threat targeting internet banking users through memory-only implants and obfuscated PowerShell scripts. It evolved from the RAT and Automate...

A Binary Classifier-Based Wire Resistance Attack on the KLJN Secure Key Exchanger

The statistical fluctuations of the mean-square noise voltages measured at Alice's and Bob's ends in the KLJN scheme are used to implement a binary classifier for a new type of wire resistance-based attack. The data are plotted on a two-dimensional graph, where the x- and y- axes represent the...

EulerOS 2.0 SP10 : gdb (EulerOS-SA-2026-1333)

According to the versions of the gdb packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A vulnerability has been found in GNU Binutils 2.45. The affected element is the function elfswapshdr in the library bfd/elfcode.h of the component...

CVE-2016-20033 Wowza Streaming Engine 4.5.0 Local Privilege Escalation via nssm_x64.exe

Wowza Streaming Engine 4.5.0 contains a local privilege escalation vulnerability that allows authenticated users to escalate privileges by replacing executable files due to improper file permissions granting full access to the Everyone group. Attackers can replace the nssmx64.exe binary in the...

Malicious code in ariadne-federation (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 3eb5492b220fedd5fedb29045328e749d659aea6e38ed743f7aace2d623d07d2 During import, package decrypts and runs a malicious executable. The executable is hidden in an encoded and xored form in the JSON resource file. This is a...

OpenClaw: Node-host approvals could show misleading shell payloads instead of the executed argv

Summary In affected versions of openclaw, node-host system.run approvals could display only an extracted shell payload such as jq --version while execution still ran a different outer wrapper argv such as ./env sh -c 'jq --version'. Impact This is an approval-integrity bug. An attacker who could...

Microsoft Windows Service Binary Misconfiguration Tester

This document and included Metasploit module analyze the security risks associated with improper Windows service configurations, specifically focusing on writable service binary paths that may lead to privilege escalation. Note that this condition does not occur on a default Windows installation...

SentinelX

SentinelX SentinelX — статический анализатор безопасности...

Uncontrolled Search Path in HunposTagger Allows Untrusted Local Binary Selection in nltk/nltk

This report is not public...

binary-exploitation

binary-exploitation A collection of binary exploitation...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the parsing process of Mach-O binaries, specifically when reading size and count fields such as DataSize, DataOffset, Size, Count, and Length without proper validation. An...

CVE-2026-31961

Quill provides simple mac binary signing and notarization from any platform. Quill before version v0.7.1 contains an unbounded memory allocation vulnerability when parsing Mach-O binaries. Exploitation requires that Quill processes an attacker-supplied Mach-O binary, which is most likely in...

CVE-2026-31961

Quill provides simple mac binary signing and notarization from any platform. Quill before version v0.7.1 contains an unbounded memory allocation vulnerability when parsing Mach-O binaries. Exploitation requires that Quill processes an attacker-supplied Mach-O binary, which is most likely in...

CVE-2026-31961 Unbounded memory allocation in Quill via unvalidated size fields in Mach-O binary parsing

Quill provides simple mac binary signing and notarization from any platform. Quill before version v0.7.1 contains an unbounded memory allocation vulnerability when parsing Mach-O binaries. Exploitation requires that Quill processes an attacker-supplied Mach-O binary, which is most likely in...

CVE-2026-31959 SSRF in Quill via unvalidated URL from Apple notarization log retrieval

Quill provides simple mac binary signing and notarization from any platform. Quill before version v0.7.1 contains a Server-Side Request Forgery SSRF vulnerability when attempting to fetch the Apple notarization submission logs. Exploitation requires the ability to modify API responses from Apple'...

SUSE CVE-2025-69647

GNU Binutils thru 2.45.1 readelf contains a denial-of-service vulnerability when processing a crafted binary with malformed DWARF loclists data. A logic flaw in the DWARF parsing code can cause readelf to repeatedly print the same table output without making forward progress, resulting in an...

SUSE CVE-2025-69648

GNU Binutils thru 2.45.1 readelf contains a denial-of-service vulnerability when processing a crafted binary with malformed DWARF .debugrnglists data. A logic flaw in the DWARF parsing path causes readelf to repeatedly print the same warning message without making forward progress, resulting in a...

AutoPwn

/ \ | | | ...