CVE-2024-6429

A content spoofing vulnerability exists in multiple WSO2 products due to improper error message handling. Under certain conditions, error messages are passed through URL parameters without validation, allowing malicious actors to inject arbitrary content into the UI. By exploiting this...

SoK: Potentials and Challenges of Large Language Models for Reverse Engineering

Reverse Engineering RE is central to software security, enabling tasks such as vulnerability discovery and malware analysis, but it remains labor-intensive and requires substantial expertise. Earlier advances in deep learning start to automate parts of RE, particularly for malware detection and...

CVE-2025-20334

A vulnerability in the HTTP API subsystem of Cisco IOS XE Software could allow a remote attacker to inject commands that will execute with root privileges into the underlying operating system. This vulnerability is due to insufficient input validation. An attacker with administrative privileges...

CVE-2025-20334

A vulnerability in the HTTP API subsystem of Cisco IOS XE Software could allow a remote attacker to inject commands that will execute with root privileges into the underlying operating system. This vulnerability is due to insufficient input validation. An attacker with administrative privileges...

CVE-2025-20334

Cisco IOS XE Software HTTP API Command Injection vulnerability (CVE-2025-20334) in the HTTP API subsystem allows an attacker to execute commands with root privileges due to insufficient input validation. A remote attacker with administrative privileges can exploit via an API call with crafted inp...

Cisco IOS XE Software HTTP API Command Injection Vulnerability

A vulnerability in the HTTP API subsystem of Cisco IOS XE Software could allow a remote attacker to inject commands that will execute with root privileges into the underlying operating system. This vulnerability is due to insufficient input validation. An attacker with administrative privileges...

PT-2025-39305

Name of the Vulnerable Software and Affected Versions Cisco IOS XE Software affected versions not specified Description A flaw exists in the HTTP API subsystem of Cisco IOS XE Software that may allow a remote attacker to inject commands that will execute with root privileges on the underlying...

CVE-2024-6429

A content spoofing vulnerability exists in multiple WSO2 products due to improper error message handling. Under certain conditions, error messages are passed through URL parameters without validation, allowing malicious actors to inject arbitrary content into the UI. By exploiting this...

CVE-2024-6429

A content spoofing vulnerability exists in multiple WSO2 products due to improper error message handling. Under certain conditions, error messages are passed through URL parameters without validation, allowing malicious actors to inject arbitrary content into the UI. By exploiting this...

CVE-2024-6429 Content Spoofing in Multiple WSO2 Products via Error Message Injection

A content spoofing vulnerability exists in multiple WSO2 products due to improper error message handling. Under certain conditions, error messages are passed through URL parameters without validation, allowing malicious actors to inject arbitrary content into the UI. By exploiting this...

CVE-2024-6429

The CVE-2024-6429 entry describes a content spoofing vulnerability in WSO2 products caused by improper handling/validation of error messages passed through URL parameters, enabling attackers to inject arbitrary UI content and facilitate social-engineering attacks. Affected components include WSO2...

CVE-2024-6429 Content Spoofing in Multiple WSO2 Products via Error Message Injection

A content spoofing vulnerability exists in multiple WSO2 products due to improper error message handling. Under certain conditions, error messages are passed through URL parameters without validation, allowing malicious actors to inject arbitrary content into the UI. By exploiting this...

PT-2025-39178

Name of the Vulnerable Software and Affected Versions WSO2 products affected versions not specified Description A content spoofing issue arises from improper error message handling. Error messages are passed through URL parameters without validation, potentially allowing attackers to inject...

WSO2 Identity Server 安全漏洞

WSO2 Identity Server IS is an identity server from WSO2, Inc. A security vulnerability exists in WSO2 Identity Server IS that stems from improper handling of error messages and could lead to malicious content injection and social engineering attacks...

Semantic-Aware Fuzzing: an Empirical Framework for LLM-Guided, Reasoning-Driven Input Mutation

Security vulnerabilities in Internet-of-Things devices, mobile platforms, and autonomous systems remain critical. Traditional mutation-based fuzzers -- while effectively explore code paths -- primarily perform byte- or bit-level edits without semantic reasoning. Coverage-guided tools such as AFL+...

Beware of Zelle transfer scams

As we have said many times before, falling for a scam can happen to the best of us. And it can ruin lives. In our podcast How a scam hunter got scammed, scam hunter Julie-Anne Kearns talked about how she had been duped by people pretending to be from HMRC, which is the UK’s version of the US...

ChatGPT solves CAPTCHAs if you tell it they’re fake

If you’re seeing fewer or different CAPTCHA puzzles in the near future, that’s not because website owners have agreed that they’re annoying, but it might be because they no longer prove that the visitor is human. For those that forgot what CAPTCHA stands for: Completely Automated Public Turing te...

CVE-2025-5962

A flaw was found in the Lightspeed history service. Insufficient access controls allow a local, unprivileged user to access and manipulate the chat history of another user on the same system. By abusing inter-process communication calls to the history service, an attacker can view, delete, or...

nightmare

This repository is an introduction to binary exploitation and reverse engineering course based on CTF challenges, called "Nightmare". It contains a large amount of content, with over 90 challenges, laid out in a linear fashion, and well-documented write-ups explaining how to go from being handed...

PT-2025-38699

Name of the Vulnerable Software and Affected Versions Lightspeed affected versions not specified Description A flaw exists in the Lightspeed history service due to insufficient access controls. A local, unprivileged user can access and manipulate the chat history of another user on the same syste...