CTFusion: A CTF-Based Benchmark for LLM Agent Evaluation

Recent advances in Large Language Models LLMs have enabled agentic systems for complex, multi-step tasks; cybersecurity is emerging as a prominent application. To evaluate such agents, researchers widely adopt Capture The Flag CTF benchmarks. However, current CTF benchmarks reuse existing...

CVE-2026-30345

A zip slip vulnerability in the Admin import functionality of CTFd v3.8.1-18-gdb5a18c4 allows attackers to write arbitrary files outside the intended directories via supplying a crafted import...

CVE-2026-30345

A zip slip vulnerability in the Admin import functionality of CTFd v3.8.1-18-gdb5a18c4 allows attackers to write arbitrary files outside the intended directories via supplying a crafted import...

PT-2025-5593 · Unknown · Pwn.College

Name of the Vulnerable Software and Affected Versions: pwn.college affected versions not specified Description: The issue is related to incorrect symlink checks on user-specified dojos, allowing users to perform a Local File Inclusion LFI from the CTFd container without requiring admin privileges...

PT-2024-17206 · Ctfd · Ctfd

Name of the Vulnerable Software and Affected Versions: CTFd versions 3.7.0 through 3.7.4 Description: A flaw in logic implementation in CTFd allows an authenticated user to reset their team assignment and join another team while a competition is ongoing. This issue impacts releases from 3.7.0 up ...

CTFd 安全漏洞

CTFd is a Capture The Flag framework open-sourced by CTFd. A security vulnerability exists in CTFd versions 2.0.0 through 3.7.2, which stems from a lack of privilege modification that allows an authenticated user to retrieve a list of users who have resolved a challenge, regardless of account...