PT-2026-41417

Claude Mythos Preview case studies also, read your transcripts! https://t.co/drNlAH5mLE "Mythos demonstrates its bug reproduction and exploitation capabilities on CVE-2024-051912, an in-the-wild exploited bug that has no public report nor a working PoC whatsoever in the public domain. This bug ha...

CVE-2024-42103

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix adding block group to a reclaim list and the unused list during reclaim There is a potential parallel list adding for retrying in btrfsreclaimbgswork and adding to the unused list. Since the block group is removed from...

RUSTSEC-2023-0047 impl `FromMdbValue` for bool is unsound

The implementation of FromMdbValue have several unsoundness issues. First of all, it allows to reinterpret arbitrary bytes as a bool and could make undefined behavior happen with safe function. Secondly, it allows transmuting pointer without taking memory layout into consideration. The details of...

Cross-site Scripting (XSS) - Stored in yourls/yourls

✍️ Description stored xss 🕵️‍♂️ Proof of Concept plz check this 1 minute video to reproduce the bug https://drive.google.com/file/d/1MHQSKVczRNwDC8S6xKuedjMNcQw8YOz5/view?usp=sharing 💥 Impact Stored xss allow to executed arbitary javascript code...

uafuzz

This is an offensive tool for Binary Analysis. The repository, cherrywb/uafuzz, is a directed fuzzer dedicated to Use-After-Free UAF bugs at the binary level. It aims to detect UAF bugs, which appear when a heap element is used after having been freed. The tool uses a combination of static...

UAFuzz - Binary-level Directed Fuzzing For Use-After-Free Vulnerabilities

Directed Greybox Fuzzing DGF like AFLGo aims to perform stress testing on pre-selected potentially vulnerable target locations, with applications to different security contexts: 1 bug reproduction, 2 patch testing or 3 static analysis report verification. There are recently more research work tha...

ffmpeg:ffmpeg_dem_OBU_fuzzer: Stack-buffer-overflow in get_bits

Project: https://git.ffmpeg.org/ffmpeg.git Detailed Report: https://oss-fuzz.com/testcase?key=5128116420476928 Project: ffmpeg Fuzzing Engine: honggfuzz Fuzz Target: ffmpegdemOBUfuzzer Job Type: honggfuzzasanffmpeg Platform Id: linux Crash Type: Stack-buffer-overflow READ 4 Crash Address:...

pcapplusplus:FuzzTarget: Heap-buffer-overflow in pcpp::tbp_my_own_strnlen

Project: https://github.com/seladb/PcapPlusPlus.git Detailed Report: https://oss-fuzz.com/testcase?key=5669109772845056 Project: pcapplusplus Fuzzing Engine: libFuzzer Fuzz Target: FuzzTarget Job Type: libfuzzerasanpcapplusplus Platform Id: linux Crash Type: Heap-buffer-overflow READ 1 Crash...

njs:njs_process_script_fuzzer: Use-of-uninitialized-value in njs_dprint

Project: http://hg.nginx.org/njs Detailed Report: https://oss-fuzz.com/testcase?key=5682261708242944 Project: njs Fuzzing Engine: libFuzzer Fuzz Target: njsprocessscriptfuzzer Job Type: libfuzzermsannjs Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address: Crash State: njsdprin...

binutils:fuzz_disassemble: Stack-buffer-overflow in get_indirect_operand

Detailed Report: https://oss-fuzz.com/testcase?key=5663912053178368 Project: binutils Fuzzing Engine: afl Fuzz Target: fuzzdisassemble Job Type: aflasanbinutils Platform Id: linux Crash Type: Stack-buffer-overflow WRITE 1 Crash Address: 0x7f4f3e03ae5a Crash State: getindirectoperand printtwoopera...

graphicsmagick:coder_TIFF_fuzzer: Use-of-uninitialized-value in TIFFYCbCrtoRGB

Project: http://hg.code.sf.net/p/graphicsmagick/code Detailed Report: https://oss-fuzz.com/testcase?key=5681613295321088 Project: graphicsmagick Fuzzing Engine: libFuzzer Fuzz Target: coderTIFFfuzzer Job Type: libfuzzermsangraphicsmagick Platform Id: linux Crash Type: Use-of-uninitialized-value...

readstat/fuzz_format_spss_commands: Stack-buffer-overflow in readstat_copy_quoted

Project: https://github.com/WizardMac/ReadStat.git Detailed report: https://oss-fuzz.com/testcase?key=5701415210582016 Project: readstat Fuzzer: libFuzzerreadstatfuzzformatspsscommands Fuzz target binary: fuzzformatspsscommands Job Type: libfuzzerasanreadstat Platform Id: linux Crash Type:...

Brave Software: Clickjacking or URL Masking

I am able to reproduce the bug in : Brave: 0.13.2 rev: 25b1199fb6154b089cbad37926483239495b9800 Muon: 2.0.19 libchromiumcontent: 54.0.2840.100 V8: 5.4.500.41 Node.js: 7.0.0 Update Channel: dev os.platform: win32 os.release: 6.1.7601 os.arch: x64 Steps to reproduce : 1. Open click.html 2. Then try...

Sucuri: Open Redirect in unmask.sucuri.net

You can reproduce this bug from the following URL: http://unmask.sucuri.net/%0a.example.com/ Could you confirm this bug? Thanks!...

Facebook Stands By Bug Disclosure Policy, Patches Wall Bug

A member of Facebook’s security team acknowledged over the weekend that the group could have taken further steps to verify a vulnerability initially brought to their attention by an independent security researcher last week but that the company largely adhered to its bug disclosure policy. That...

DJ Studio Pro 4.2 (.PLS file) Local Crash Exploit

No description provided by source. !/usr/bin/perl -w DJ Studio Pro 4.2 .PLS file Crash Vulnerability Exploit Founded and exploited by prodigy Contact: [email protected] Vendor: http://www.e-soft.co.uk/ Usage to reproduce the bug: when you created the malicious file, load the file and...