FuzzingBrain V2: A Multi-Agent LLM System for Automated Vulnerability Discovery and Reproduction

Software vulnerabilities pose critical security threats, with nearly 50,000 CVEs reported in 2025. While Large Language Models LLMs show promise for automated vulnerability detection, three key challenges remain. First, LLM-generated vulnerability reports suffer from high false positive rates and...

A Reality Check on SBOM-Based Vulnerability Management: An Empirical Study and a Path Forward

The Software Bill of Materials SBOM is a critical tool for securing the software supply chain SSC, but its practical utility is undermined by inaccuracies in both its generation and its application in vulnerability scanning. This paper presents a large-scale empirical study on 2,414 open-source...

EUVD-2020-20297

Malware in sbrugna...

EUVD-2023-33231

Malicious code in bioql PyPI...

Malicious code in func-analysis (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 183bee92d103b0ab1b31800264af1d8c52406e47e7474caee592609e736c1f1e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

OSV-2025-68 UNKNOWN READ in std::__1::__function::__func<cv::PngDecoder::compose_frame

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=392318892 Crash type: UNKNOWN READ Crash state: std::1::function::funccv::PngDecoder::composeframe cv::ParallelLoopBodyWrapper::operator cv::ThreadPool::run...

JapsPer pointer undefined vulnerability analysis-vulnerability warning-the black bar safety net

0×01: introduction JapsPer project is an open source project, it provides a method based on the jpeg-2000 part of the standard. This project was originally developed by Image Power and University of British Columbia collaboration. Currently, the ongoing JapsPer software maintenance and developmen...

Linux heap overflow of Fastbin Attack examples detailed explanation-vulnerability warning-the black bar safety net

1. Summary In recent years the large CTF game, see a lot of times pwn the category title appears in the fastbin attack of the case, such as this year's defcon, the RCTF, the fat Hubble Cup, 0CTF final, etc., fastbin attack is a heap exploits are common, easy-to-use and effective attack, in the...

FineCMS controllers\ApiController.php function downAction arbitrary File Download

Vulnerability file in D:\wamp\www\controllers\ApiController. in php downAction function / Download the file / public function downAction $data = fnauthcodebase64decode$this-get'file', 'DECODE'; $file = isset$data'finecms' && $data'finecms' ? $data'finecms' : "; if empty$file...

A simple analysis of an upload function upload vulnerability break-vulnerability warning-the black bar safety net

Function fnUploadImgByVal upFile As HttpPostedFile, ByVal uploadPath As String As String Dim result As String = "" Dim intImgSize As Int32 intImgSize = upFile. ContentLength If intImgSize 0 Then If intImgSize 5 0 0 0 0 0 Then result = "images too large" Return result Exit Function End If Dim...

超级巡警 &lt;= v4 Build0316 ASTDriver.sys 本地特权提升漏洞

该漏洞是我2010年4月6日晚上，通过自己的IoControl Fuzz工具挖掘的。漏洞存在于超级巡警ASTDriver.sys这个驱动中，影响超级巡警v4 Build0316和以前的版本。利用该漏洞能够实现本地特权提升，进Ring0。 PAGEFAULTINNONPAGEDAREA 50 Invalid system memory was referenced. This cannot be protected by try-except, it must be protected by a Probe. Typically the address is just plain bad ...