Beyond Code Reasoning: A Specification-Anchored Audit Framework for Expert-Augmented Security Verification

Security-critical software is routinely audited by tools that reason about vulnerabilities as repository-local code patterns. Yet specification-governed systems -- protocol stacks, consensus implementations, cryptographic libraries -- are constrained by invariants and correctness conditions defin...

UBUNTU-CVE-2026-2297

The import hook in CPython that handles legacy .pyc files SourcelessFileLoader is incorrectly handled in FileLoader a base class and so does not use io.opencode to read the .pyc files. sys.audit handlers for this audit event therefore do not fire...

EUVD-2006-0821

Malware in sbrugna...

EUVD-2000-0667

Malware in sbrugna...

EUVD-2005-2850

Malware in sbrugna...

EUVD-2022-4608

Malicious code in bioql PyPI...

A Bootiful Podcast: Marit van Dijk, Jetbrains Developer Advocate

Jetbrains Developer Advocate Marit van Dijk on reading code, IntelliJ IDEA, and more...

Make calculation using 1e18 but protocol allows tokens with different scale

Lines of code Vulnerability details Impact Make calculation using 1e18 but protocol allows tokens with different scale. Proof of Concept Method: Calculation: Factory: Here in factory user can add tokens with scale from 6 to 18. Tools Used Static analytics Code reading Recommended Mitigation Steps...

First depositor can break share minting

Lines of code Vulnerability details Impact Users will be unable to deposit their wished amount of tokens. Proof of Concept Similar to this ToB yearn audit, an attacker can mint a very small amount of shares and transfer a large amount of WETH to the contract, inflating the share price and making ...

GHSA-PV55-R6J3-WP94 Malicious Package in eslint-config-eslint

Version 5.0.2 of eslint-config-eslint was published without authorization and was found to contain malicious code. This code would read the users .npmrc file and send any found authentication tokens to a remote server. Recommendation The best course of action if you found this package installed i...

Design/Logic Flaw

The Jazz help system in IBM Rational Collaborative Lifecycle Management 4.0 through 5.0.2, Rational Quality Manager 4.0 through 4.0.7 and 5.0 through 5.0.2, Rational Team Concert 4.0 through 4.0.7 and 5.0 through 5.0.2, Rational Requirements Composer 4.0 through 4.0.7, Rational DOORS Next...

CVE-2010-1587

The Jetty ResourceHandler in Apache ActiveMQ 5.x before 5.3.2 and 5.4.x before 5.4.0 allows remote attackers to read JSP source code via a // slash slash initial substring in a URI for 1 admin/index.jsp, 2 admin/queues.jsp, or 3 admin/topics.jsp...

CVE-2002-0300

CVE-2002-0300 affects gnujsp 1.0.0 and 1.0.1. The vulnerability allows remote attackers to list directories, read the source code of certain scripts, and bypass access restrictions by directly requesting a target file from the gnujsp servlet; the issue stems from a limitation of JServ and the ser...

CVE-2002-0441

Directory traversal vulnerability in imlist.php for Php Imglist allows remote attackers to read arbitrary code via a .. dot dot in the cwd parameter...

CVE-2002-1451

Blazix before 1.2.2 allows remote attackers to read source code of JSP scripts or list restricted web directories via an HTTP request that ends in a 1 "+" or 2 "" backslash character...

CVE-2002-1025

JRun 3.0 through 4.0 allows remote attackers to read JSP source code via an encoded null byte in an HTTP GET request, which causes the server to send the .JSP file unparsed...

CVE-2001-0004

IIS 5.0 and 4.0 allows remote attackers to read the source code for executable web server programs by appending "%3F+.htr" to the requested URL, which causes the files to be parsed by the .HTR ISAPI extension, aka a variant of the "File Fragment Reading via .HTR" vulnerability...

CVE-2000-0396

The add.exe program in the Carello shopping cart software allows remote attackers to duplicate files on the server, which could allow the attacker to read source code for web scripts such as .ASP files...