Lucene search
K

1517 matches found

Packet Storm News
Packet Storm News
added 2026/04/01 12:0 a.m.2 views

Enhancing REST API Fuzzing with Access Policy Violation Checks and Injection Attacks

Due to their widespread use in industry, several techniques have been proposed in the literature to fuzz REST APIs. Existing fuzzers for REST APIs have been focusing on detecting crashes e.g., 500 HTTP server error status code. However, security vulnerabilities can have major drastic consequences...

6AI score
Exploits0
GithubExploit
GithubExploit
added 2026/03/28 3:54 p.m.233 views

penclaw

🦀 PenClaw AI-powered penetration testing CLI. One command...

6AI score
Exploits0
OSV
OSV
added 2026/03/25 12:20 a.m.7 views

OSV-2026-455 UNKNOWN READ in mkv::matroska_segment_c::TrackInit

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=495498906 Crash type: UNKNOWN READ Crash state: mkv::matroskasegmentc::TrackInit mkv::matroskasegmentc::TrackInit mkv::matroskasegmentc::ParseTrackEntry...

5.8AI score
Exploits0References1
Packet Storm News
Packet Storm News
added 2026/03/25 12:0 a.m.6 views

XSStrike 3.1.6

XSStrike is a cross site scripting detection suite equipped with four hand written parsers, an intelligent payload generator, a powerful fuzzing engine and an incredibly fast crawler. Instead of injecting payloads and checking it works like all the other tools do, XSStrike analyses the response...

5.2AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/03/24 12:0 a.m.4 views

Not All Tokens Are Created Equal: Query-Efficient Jailbreak Fuzzing for LLMs

Large Language ModelsLLMs are widely deployed, yet are vulnerable to jailbreak prompts that elicit policy-violating outputs. Although prior studies have uncovered these risks, they typically treat all tokens as equally important during prompt mutation, overlooking the varying contributions of...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/03/23 12:0 a.m.13 views

Auditing MCP Servers for Over-Privileged Tool Capabilities

The Model Context Protocol MCP has emerged as a standard for connecting Large Language Models LLMs to external tools and data. However, MCP servers often expose privileged capabilities, such as file system access, network requests, and command execution that can be exploited if not properly...

6AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/03/19 12:0 a.m.3 views

Weaver: Fuzzing JavaScript Engines at the JavaScript-WebAssembly Boundary

The security of modern JavaScript JS engines is critical since they provide the primary defense mechanism for executing untrusted code on the web. The recent integration of WebAssembly Wasm has transformed these engines into complex polyglot environments, creating a novel attack surface at the...

6AI score
Exploits0
UbuntuCve
UbuntuCve
added 2026/03/18 6:16 p.m.5 views

CVE-2026-23265

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on node footer in read,writeendio ----------- cut here ------------ kernel BUG at fs/f2fs/data.c:358! Call Trace: blkupdaterequest+0x5eb/0xe70 block/blk-mq.c:987 blkmqendrequest+0x3e/0x70...

5.5CVSS5.7AI score0.00112EPSS
Exploits0References5
Packet Storm News
Packet Storm News
added 2026/03/16 12:0 a.m.1 views

Hunting CUDA Bugs at Scale with cuFuzz

GPUs play an increasingly important role in modern software. However, the heterogeneous host-device execution model and expanding software stacks make GPU programs prone to memory-safety and concurrency bugs that evade static analysis. While fuzz-testing, combined with dynamic error checking tool...

6AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/03/13 12:0 a.m.3 views

American Fuzzy Lop plus plus 4.40c

Google's American Fuzzy Lop is a brute-force fuzzer coupled with an exceedingly simple but rock-solid instrumentation-guided genetic algorithm. afl++ is a superior fork to Google's afl. It has more speed, more and better mutations, more and better instrumentation, custom module support, etc...

5.8AI score
Exploits0
OSV
OSV
added 2026/03/12 12:17 a.m.6 views

OSV-2026-386 Use-of-uninitialized-value in pcpp::byteArrayToHexString

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=491288647 Crash type: Use-of-uninitialized-value Crash state: pcpp::byteArrayToHexString pcpp::PacketTrailerLayer::toString FuzzTarget.cpp...

5.4AI score
Exploits0References1
Packet Storm News
Packet Storm News
added 2026/03/12 12:0 a.m.10 views

ChainFuzzer: Greybox Fuzzing for Workflow-Level Multi-Tool Vulnerabilities in LLM Agents

Tool-augmented LLM agents increasingly rely on multi-step, multi-tool workflows to complete real tasks. This design expands the attack surface, because data produced by one tool can be persisted and later reused as input to another tool, enabling exploitable source-to-sink dataflows that only...

5.9AI score
Exploits0
OSV
OSV
added 2026/03/09 12:0 p.m.4 views

RUSTSEC-2026-0037 Denial of service in Quinn endpoints

Receiving QUIC transport parameters containing invalid values could lead to a panic. Unfortunately the maintainers did not properly assess usage of unwrap calls in the transport parameters parsing code, and we did not have sufficient fuzzing coverage to find this issue. We have since added a...

8.7CVSS5.8AI score0.005EPSS
Exploits0References3
RustSec
RustSec
added 2026/03/09 12:0 p.m.9 views

Denial of service in Quinn endpoints

Receiving QUIC transport parameters containing invalid values could lead to a panic. Unfortunately the maintainers did not properly assess usage of unwrap calls in the transport parameters parsing code, and we did not have sufficient fuzzing coverage to find this issue. We have since added a...

8.7CVSS5.8AI score0.005EPSS
Exploits0Affected Software1
Packet Storm News
Packet Storm News
added 2026/03/09 12:0 a.m.7 views

Coverage-Guided Multi-Agent Harness Generation for Java Library Fuzzing

Coverage-guided fuzzing has proven effective for software testing, but targeting library code requires specialized fuzz harnesses that translate fuzzer-generated inputs into valid API invocations. Manual harness creation is time-consuming and requires deep understanding of API semantics,...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/03/09 12:0 a.m.3 views

OSS-CRS: Liberating AIxCC Cyber Reasoning Systems for Real-World Open-Source Security

DARPA's AI Cyber Challenge AIxCC showed that cyber reasoning systems CRSs can go beyond vulnerability discovery to autonomously confirm and patch bugs: seven teams built such systems and open-sourced them after the competition. Yet all seven open-sourced CRSs remain largely unusable outside their...

5.8AI score
Exploits0
GithubExploit
GithubExploit
added 2026/03/08 2:31 a.m.201 views

Plasma

Plasma !Pythonhttps://img.shields.io/badge/python-3.10%2B-...

6.3AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/03/06 12:0 a.m.4 views

SemFuzz: A Semantics-Aware Fuzzing Framework for Network Protocol Implementations

Network protocols are the foundation of modern communication, yet their implementations often contain semantic vulnerabilities stemming from inadequate understanding of specification semantics. Existing gray-box and black-box testing approaches lack semantic modeling of protocols, making it...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/03/05 12:0 a.m.4 views

Adobe SDK 1.7.1 2410 Overflow Analysis / Fuzzing Model

This Python script implements a comprehensive framework to model, detect, and analyze integer overflows in 32-bit arithmetic, particularly in the context of image memory allocation. The framework combines formal methods, stepwise arithmetic, symbolic execution, SMT-style constraint solving,...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/03/05 12:0 a.m.3 views

Challenges and Design Considerations for Finding CUDA Bugs through GPU-Native Fuzzing

Modern computing is shifting from homogeneous CPU-centric systems to heterogeneous systems with closely integrated CPUs and GPUs. While the CPU software stack has benefited from decades of memory safety hardening, the GPU software stack remains dangerously immature. This discrepancy presents a...

5.8AI score
Exploits0
Rows per page
Query Builder