Lucene search
K

1517 matches found

Packet Storm News
Packet Storm News
added 2026/02/10 12:0 a.m.2 views

OpenSSL 3.x Malicious AES‑GCM ASN.1 Parameter Injection

This C code is a security research proof of concept targeting OpenSSL's CMS Cryptographic Message Syntax handling. It programmatically creates a syntactically valid CMS AuthEnvelopedData object using AES-256-GCM, then injects a custom-crafted ASN.1 AESGCMPARAMETERS sequence with an abnormally lar...

9.8CVSS5.6AI score0.47621EPSS
Exploits7
Packet Storm News
Packet Storm News
added 2026/02/10 12:0 a.m.8 views

Following Dragons: Code Review-Guided Fuzzing

Modern fuzzers scale to large, real-world software but often fail to exercise the program states developers consider most fragile or security-critical. Such states are typically deep in the execution space, gated by preconditions, or overshadowed by lower-value paths that consume limited fuzzing...

6AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/02/10 12:0 a.m.2 views

SAFuzz: Semantic-Guided Adaptive Fuzzing for LLM-Generated Code

While AI-coding assistants accelerate software development, current testing frameworks struggle to keep pace with the resulting volume of AI-generated code. Traditional fuzzing techniques often allocate resources uniformly and lack semantic awareness of algorithmic vulnerability patterns, leading...

5.6AI score
Exploits0
OSV
OSV
added 2026/02/09 12:15 a.m.6 views

OSV-2026-212 UNKNOWN READ in gpsd_poll

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=482617785 Crash type: UNKNOWN READ Crash state: gpsdpoll FuzzDriversStructured.c...

5.4AI score
Exploits0References1
Packet Storm News
Packet Storm News
added 2026/02/09 12:0 a.m.4 views

DyMA-Fuzz: Dynamic Direct Memory Access Abstraction for Re-Hosted Monolithic Firmware Fuzzing

The rise of smart devices in critical domains--including automotive, medical, industrial--demands robust firmware testing. Fuzzing firmware in re-hosted environments is a promising method for automated testing at scale, but remains difficult due to the tight coupling of code with a...

6AI score
Exploits0
GithubExploit
GithubExploit
added 2026/02/07 9:8 p.m.152 views

fuzzing-portfolio-project

Fuzzing Portfolio Project: Heap Overflow Discovery Author:...

6.1AI score
Exploits0
OSV
OSV
added 2026/02/07 12:3 a.m.4 views

OSV-2026-205 UNKNOWN READ in gpsd_poll

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=481932457 Crash type: UNKNOWN READ Crash state: gpsdpoll FuzzDrivers.c...

5.3AI score
Exploits0References1
OSV
OSV
added 2026/02/06 12:6 a.m.6 views

OSV-2026-196 Null-dereference READ in ubsan_GetStackTrace

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=481752521 Crash type: Null-dereference READ Crash state: ubsanGetStackTrace...

5.9AI score
Exploits0References1
OSV
OSV
added 2026/02/04 12:5 a.m.3 views

OSV-2026-189 Global-buffer-overflow in gpsd_poll

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=480975802 Crash type: Global-buffer-overflow READ 1 Crash state: gpsdpoll FuzzDriversStructured.c...

5.3AI score
Exploits0References1
OSV
OSV
added 2026/02/02 12:20 a.m.5 views

OSV-2026-177 Security exception in org.apache.poi.util.IOUtils.safelyAllocate

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=479908886 Crash type: Security exception Crash state: org.apache.poi.util.IOUtils.safelyAllocate org.apache.poi.hssf.record.RecordInputStream.readRemainder org.apache.poi.hssf.record.UnknownRecord...

5.4AI score
Exploits0References1
Packet Storm News
Packet Storm News
added 2026/02/02 12:0 a.m.17 views

SysFuSS: System-Level Firmware Fuzzing with Selective Symbolic Execution

Firmware serves as the critical interface between hardware and software in computing systems, making any bugs or vulnerabilities particularly dangerous as they can cause catastrophic system failures. While fuzzing is a promising approach for identifying design flaws and security vulnerabilities,...

5.9AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/01/31 9:12 a.m.11 views

CVE-2025-1395

Generation of Error Message Containing Sensitive Information vulnerability in Codriapp Innovation and Software Technologies Inc. HeyGarson allows Fuzzing for application mapping.This issue affects HeyGarson: through 30012026. NOTE: The vendor was contacted several times to verifying fixing proces...

8.2CVSS5.9AI score0.00299EPSS
Exploits0References1
OSV
OSV
added 2026/01/31 12:10 a.m.3 views

OSV-2026-166 Use-of-uninitialized-value in ntrip_parse_url

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=479908873 Crash type: Use-of-uninitialized-value Crash state: ntripparseurl FuzzClient.c...

5.3AI score
Exploits0References1
NVD
NVD
added 2026/01/30 9:15 a.m.7 views

CVE-2025-1395

Generation of Error Message Containing Sensitive Information vulnerability in Codriapp Innovation and Software Technologies Inc. HeyGarson allows Fuzzing for application mapping. This issue affects HeyGarson: through 30012026. NOTE: The vendor was contacted several times to verifying fixing proce...

8.2CVSS0.00299EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/01/30 8:31 a.m.3 views

CVE-2025-1395

Generation of Error Message Containing Sensitive Information vulnerability in Codriapp Innovation and Software Technologies Inc. HeyGarson allows Fuzzing for application mapping. This issue affects HeyGarson: through 30012026. NOTE: The vendor was contacted several times to verifying fixing proce...

8.2CVSS5.4AI score0.00299EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/01/30 8:31 a.m.30 views

CVE-2025-1395 Sensitive Data Exposure in CoDeriApp's HeyGarson

Generation of Error Message Containing Sensitive Information vulnerability in Codriapp Innovation and Software Technologies Inc. HeyGarson allows Fuzzing for application mapping. This issue affects HeyGarson: through 30012026. NOTE: The vendor was contacted several times to verifying fixing proce...

8.2CVSS0.00299EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/01/30 8:31 a.m.5 views

CVE-2025-1395 Sensitive Data Exposure in CoDeriApp's HeyGarson

Generation of Error Message Containing Sensitive Information vulnerability in Codriapp Innovation and Software Technologies Inc. HeyGarson allows Fuzzing for application mapping. This issue affects HeyGarson: through 30012026. NOTE: The vendor was contacted several times to verifying fixing proce...

8.2CVSS5.4AI score0.00299EPSS
Exploits0References2
CVE
CVE
added 2026/01/30 8:31 a.m.16 views

CVE-2025-1395

The CVE-2025-1395 entry describes a vulnerability in Codriapp Innovation and Software Technologies Inc.’s HeyGarson where error messages may expose sensitive information. The issue is triggered by fuzzing for application mapping and affects HeyGarson up to 30012026. The available connected docume...

8.2CVSS5.4AI score0.00299EPSS
Exploits0References2
EUVD
EUVD
added 2026/01/30 8:31 a.m.6 views

EUVD-2025-206579

Generation of Error Message Containing Sensitive Information vulnerability in Codriapp Innovation and Software Technologies Inc. HeyGarson allows Fuzzing for application mapping.This issue affects HeyGarson: through 30012026. NOTE: The vendor was contacted several times to verifying fixing proces...

8.2CVSS5.9AI score0.00299EPSS
Exploits0References1
Packet Storm News
Packet Storm News
added 2026/01/30 12:0 a.m.4 views

Rust and Go Directed Fuzzing with LibAFL-DiFuzz

In modern SSDLC, program analysis and automated testing are essential for minimizing vulnerabilities before software release, with fuzzing being a fast and widely used dynamic testing method. However, traditional coverage-guided fuzzing may be less effective in specific tasks like verifying stati...

5.5AI score
Exploits0
Rows per page
Query Builder