React-Zero-Day-Exploit-Laboratory

🚨 React Zero-Day Exploit Laboratory Interactive Secur...

AZL-71513 CVE-2025-65637 affecting package containerized-data-importer for versions less than 1.62.0-1

A denial-of-service vulnerability exists in github.com/sirupsen/logrus when using Entry.Writer to log a single-line payload larger than 64KB without newline characters. Due to limitations in the internal bufio.Scanner, the read fails with "token too long" and the writer pipe is closed, leaving...

AZL-71566 CVE-2025-65637 affecting package containerized-data-importer for versions less than 1.55.0-27

A denial-of-service vulnerability exists in github.com/sirupsen/logrus when using Entry.Writer to log a single-line payload larger than 64KB without newline characters. Due to limitations in the internal bufio.Scanner, the read fails with "token too long" and the writer pipe is closed, leaving...

Wazuh 4.14.1

Wazuh is a free and open source security platform that unifies XDR and SIEM capabilities. It protects workloads across on-premises, virtualized, containerized, and cloud-based environments. This is the source code release...

Security update for cdi-apiserver-container, cdi-cloner-container, cdi-controller-container, cdi-importer-container, cdi-operator-container, cdi-uploadproxy-container, cdi-uploadserver-container, cont

This update for cdi-apiserver-container, cdi-cloner-container, cdi-controller-container, cdi-importer-container, cdi-operator-container, cdi-uploadproxy-container, cdi-uploadserver-container, containerized-data-importer fixes the following issues: Update to version 1.62.0: Release notes:...

AZL-69134 CVE-2025-58183 affecting package containerized-data-importer for versions less than 1.57.0-17

tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large number of sparse regions can cause a Reader to read an unbounded amount of data from the archive into memory. When reading from a...

AZL-69033 CVE-2025-58183 affecting package containerized-data-importer for versions less than 1.55.0-26

tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large number of sparse regions can cause a Reader to read an unbounded amount of data from the archive into memory. When reading from a...

CVE-2025-58058 affecting package containerized-data-importer for versions less than 1.57.0-16

CVE-2025-58058 affecting package containerized-data-importer for versions less than 1.57.0-16. A patched version of the package is available...

Wazuh 4.14.0

Wazuh is a free and open source security platform that unifies XDR and SIEM capabilities. It protects workloads across on-premises, virtualized, containerized, and cloud-based environments. This is the source code release...

CVE-2025-58058 affecting package containerized-data-importer for versions less than 1.55.0-25

CVE-2025-58058 affecting package containerized-data-importer for versions less than 1.55.0-25. A patched version of the package is available...

EUVD-2019-2203

Malware in sbrugna...

EUVD-2020-17356

Malware in sbrugna...

EUVD-2020-4198

Malware in sbrugna...

EUVD-2021-24598

Malware in sbrugna...

EUVD-2024-28328

Malicious code in bioql PyPI...

Automated Vulnerability Validation and Verification: A Large Language Model Approach

Software vulnerabilities remain a critical security challenge, providing entry points for attackers into enterprise networks. Despite advances in security practices, the lack of high-quality datasets capturing diverse exploit behavior limits effective vulnerability assessment and mitigation. This...

Wazuh 4.13.0

Wazuh is a free and open source security platform that unifies XDR and SIEM capabilities. It protects workloads across on-premises, virtualized, containerized, and cloud-based environments. This is the source code release...

VulnRepairEval: an Exploit-Based Evaluation Framework for Assessing Large Language Model Vulnerability Repair Capabilities

The adoption of Large Language Models LLMs for automated software vulnerability patching has shown promising outcomes on carefully curated evaluation sets. Nevertheless, existing datasets predominantly rely on superficial validation methods rather than exploit-based verification, leading to...

AZL-66720 CVE-2025-58058 affecting package containerized-data-importer for versions less than 1.55.0-25

xz is a pure golang package for reading and writing xz-compressed files. Prior to version 0.5.14, it is possible to put data in front of an LZMA-encoded byte stream without detecting the situation while reading the header. This can lead to increased memory consumption because the current...

A.S.E: a Repository-Level Benchmark for Evaluating Security in AI-Generated Code

The increasing adoption of large language models LLMs in software engineering necessitates rigorous security evaluation of their generated code. However, existing benchmarks are inadequate, as they focus on isolated code snippets, employ unstable evaluation methods that lack reproducibility, and...