ExploitBench: A Capability Ladder Benchmark for LLM Cybersecurity Agents

Exploitation is not a binary event. It is a ladder of acquiring progressive capabilities, from executing a single buggy line of code to taking full control of the target. However, existing LLM security benchmarks treat a crash as exploitation success. That single binary outcome collapses the hard...

denuOwO-hypervisor-vulnerabilities

DenuOwO SVM/VMX Hypervisor — 6 Vulnerabilities PoC + Analysis...

BinExploit-Bench

BinExploit-Bench: Binary Exploitation Capability Benchmark for...

CVE-2025-62410

In versions before 20.0.2, it was found that --disallow-code-generation-from-strings is not sufficient for isolating untrusted JavaScript in happy-dom. The untrusted script and the rest of the application still run in the same Isolate/process, so attackers can deploy prototype pollution payloads ...

EUVD-2018-11339

Malware in sbrugna...

EUVD-2017-2849

Malware in sbrugna...

EUVD-2018-10951

Malware in sbrugna...

EUVD-2017-7561

Malware in sbrugna...

EUVD-2020-17083

Malware in sbrugna...

EUVD-2018-10949

Malware in sbrugna...

EUVD-2021-33139

Malicious code in bioql PyPI...

EUVD-2023-47907

Malicious code in bioql PyPI...

EUVD-2023-42383

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2020-13991

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - vm/opcodes.c in JerryScript 2.2.0 allows attackers to hijack the flow of control by controlling a register. CVE-2020-13991 Note that Nessus relies on the presen...

CVE-2024-54809

Netgear Inc WNR854T 1.5.2 North America contains a stack-based buffer overflow vulnerability in the parsestheader function due to use of a request header parameter in a strncpy where size is determined based on the input specified. By sending a specially crafted packet, an attacker can take contr...

CVE-2024-54809

Netgear Inc WNR854T 1.5.2 North America contains a stack-based buffer overflow vulnerability in the parsestheader function due to use of a request header parameter in a strncpy where size is determined based on the input specified. By sending a specially crafted packet, an attacker can take contr...

Linux Distros Unpatched Vulnerability : CVE-2018-19655

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A stack-based buffer overflow in the findgreen function of dcraw through 9.28, as used in ufraw-batch and many other products, may allow a remote attacker to...

Stack overflow

In Weintek's cMT3000 HMI Web CGI device, the cgi-bin commandwb.cgi contains a stack-based buffer overflow, which could allow an anonymous attacker to hijack control flow and bypass login authentication...

PT-2023-26568 · Pjsip +2 · Pjsip +2

Name of the Vulnerable Software and Affected Versions: PJSIP affected versions not specified Description: The issue affects applications that have SRTP capability PJMEDIA HAS SRTP is set and use underlying media transport other than UDP. A higher level transport is not synchronized with its lower...

SUSE CVE-2018-19655

A stack-based buffer overflow in the findgreen function of dcraw through 9.28, as used in ufraw-batch and many other products, may allow a remote attacker to cause a control-flow hijack, denial-of-service, or unspecified other impact via a maliciously crafted raw photo file...