offsec-skills

offsec-exploit-research Elite adaptive whitebox exploit resea...

CVE-2026-33413

etcd is a distributed key-value store for the data of a distributed system. Prior to versions 3.4.42, 3.5.28, and 3.6.9, unauthorized users may bypass authentication or authorization checks and call certain etcd functions in clusters that expose the gRPC API to untrusted or partially trusted...

CVE-2025-33243

NVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution in distributed environments. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering...

CVE-2023-49247

Permission verification vulnerability in distributed scenarios. Successful exploitation of this vulnerability may affect service confidentiality...

CVE-2023-4566

Vulnerability of trust relationships being inaccurate in distributed scenarios. Successful exploitation of this vulnerability may affect service confidentiality...

EUVD-2025-20177

Malicious code in bioql PyPI...

EUVD-2025-6864

Malicious code in bioql PyPI...

Why Observability Tools Tend to Fail at Scale

Observability is no longer just about catching errors or checking if a server is up. In modern distributed systems, it’s about understanding behavior across dozens, if not thousands, of services, all running in different environments and generating massive amounts of data...

Microsoft Service Fabric 后置链接漏洞

Microsoft Service Fabric is a set of distributed systems platform from Microsoft USA. The platform is primarily used for packaging, deploying, and managing microservices and containers. Microsoft Service Fabric suffers from a backlink vulnerability. An attacker can exploit the vulnerability to...

LIFT: Automating Symbolic Execution Optimization with Large Language Models for AI Networks

Dynamic Symbolic Execution DSE is a key technique in program analysis, widely used in software testing, vulnerability discovery, and formal verification. In distributed AI systems, DSE plays a crucial role in identifying hard-to-detect bugs, especially those arising from complex network...

HexaMorphHash HMH - Homomorphic Hashing for Secure and Efficient Cryptographic Operations in Data Integrity Verification

In the realm of big data and cloud computing, distributed systems are tasked with proficiently managing, storing, and validating extensive datasets across numerous nodes, all while maintaining robust data integrity. Conventional hashing methods, though straightforward, encounter substan tial...

GHSA-X3M8-F7G5-QHM7 vLLM Allows Remote Code Execution via Mooncake Integration

Summary When vLLM is configured to use Mooncake, unsafe deserialization exposed directly over ZMQ/TCP will allow attackers to execute remote code on distributed hosts. Details 1. Pickle deserialization vulnerabilities are well documented. 2. The mooncake pipe is exposed over the network by design...

Taming API Sprawl: Best Practices for API Discovery and Management

APIs are the backbone of interconnected applications, enabling organizations to innovate, integrate, and scale rapidly. However, as enterprises continue to expand their digital ecosystems, they often encounter a common and complex challenge: API sprawl. Unchecked, API sprawl can lead to increased...

CVE-2023-52109

Vulnerability of trust relationships being inaccurate in distributed scenarios. Successful exploitation of this vulnerability may affect service confidentiality...

CVE-2023-52109

Vulnerability of trust relationships being inaccurate in distributed scenarios. Successful exploitation of this vulnerability may affect service confidentiality...

Apache Kafka’s Exactly-Once Semantics in Spring Cloud Stream Kafka Applications

Other parts in this blog series Part 1: Introduction to Transactions in Spring Cloud Stream Kafka Applications Part 2: Producer Initiated Transactions in Spring Cloud Stream Kafka Applications Part 3: Synchronizing with External Transaction Managers in Spring Cloud Stream Kafka Applications Part ...

Apache Hadoop code issue vulnerability

Apache Hadoop is an open source distributed systems infrastructure from the Apache Foundation. The product is capable of distributed processing of large amounts of data, and is highly reliable, scalable, and fault-tolerant.Apache Hadoop YARN has a security vulnerability that stems from the option...

Apache Hadoop Elevation of Privilege Vulnerability (CNVD-2022-51055)

Apache Hadoop is an open source distributed systems infrastructure from the Apache Foundation. The product is capable of distributed processing of large amounts of data and is highly reliable, scalable, and fault-tolerant. an elevation of privilege vulnerability exists in Apache Hadoop, which ste...

How to transform your revolutionary idea into a reality: $100K Nokia Bell Labs Prize

Revolutionary ideas in science, technology, engineering, and mathematics don't occur every day. But when those "eureka" moments happen, we need to provide a forum to explore those ideas, judge them on their merits, and distinguish the extraordinary from the merely good. Once a year, Nokia Bell La...

[SECURITY] Fedora 29 Update: nng-1.0.1-2.fc29

nng nanomsg next generation is a socket library that provides several common communication patterns. It aims to make the networking layer fast, scalable, and easy to use. Implemented in C, it works on a wide range of operating systems with no further dependencies. The communication patterns, also...