Arbitrary File Deletion

github.com/ollama/ollama is vulnerable to arbitrary file deletion. The vulnerability is due to improper validation of crafted packets sent to the /api/pull endpoint, which allows an attacker to delete arbitrary files...

MAL-2025-41514 Malicious code in @twork-data-services/proxy-prime-api-v1-account-counters (npm)

--- -= Per source details. Do not edit below this line.=-...

Ubuntu: Security Advisory (USN-7718-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.15.57 bug fix and security update

Red Hat OpenShift Container Platform release 4.15.57 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.15. Red Hat Product Security has rated this update as having a...

Linux Distros Unpatched Vulnerability : CVE-2018-16548

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in ZZIPlib through 0.13.69. There is a memory leak triggered in the function zzipparserootdirectory in zip.c, which will lead to a denia...

Linux Distros Unpatched Vulnerability : CVE-2023-39949

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.9.1 and 2.6.5, improper...

Passive Hack-Back Strategies for Cyber Attribution: Covert Vectors in Denied Environment

Attributing cyberattacks remains a central challenge in modern cybersecurity, particularly within denied environments where defenders have limited visibility into attacker infrastructure and are restricted by legal or operational rules of engagement. This perspective examines the strategic value ...

CISA: FY 2025 State and Local Cybersecurity Grant Program FAQs

Congress established the State and Local Cybersecurity Grant Program SLCGP to "award grants to eligible entities to address cybersecurity risks and cybersecurity threats to information systems owned or operated by, or on behalf of, state, local, or Tribal governments." Within the U.S. Department ...

Exploit for Incorrect Authorization in Qualcomm Aqt1000_Firmware

Please read the following before running anything in this repo...

Huawei EulerOS: Security Advisory for openjpeg2 (EulerOS-SA-2025-1731)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Exploit for Inclusion of Functionality from Untrusted Control Sphere in Sudo_Project Sudo

🚨 PoC: CVE-2025-32463 – Sudo chroot Escape Vulnerability A...

Exploit for Relative Path Traversal in Articatech Artica_Proxy

LFI to RCE Exploit via Log Poisoning Python3 exploit for CVE...

Think Broad, Act Narrow: CWE Identification with Multi-Agent Large Language Models

Machine learning and Large language models LLMs for vulnerability detection has received significant attention in recent years. Unfortunately, state-of-the-art techniques show that LLMs are unsuccessful in even distinguishing the vulnerable function from its benign counterpart, due to three main...

SHoM: a Mental-Synthesis Trust Management Model for Mitigating Botnet-Driven DDoS Attacks in the Internet of Things

The advantages of IoT in strengthening commercial, industrial, and social ecosystems have led to its widespread expansion. Nevertheless, because endpoint devices have limited computation, storage, and communication capabilities, the IoT infrastructure is vulnerable to several cyber threats. As a...

An Open-Source Implementation and Security Analysis of Triad'S TEE Trusted Time Protocol

The logic of many protocols relies on time measurements. However, in Trusted Execution Environments TEEs like Intel SGX, the time source is outside the Trusted Computing Base: a malicious system hosting the TEE can manipulate that TEE's notion of time, e.g., jumping in time or affecting the...

Exploit for Type Confusion in Microsoft

🚨 CVE-2025-30397 – Critical JScript RCE Vulnerability Exploi...

OpenBlow Missing Headers

Multiple public deployments of the OpenBlow whistleblowing software lack critical HTTP security headers. These configurations expose users to client-side vulnerabilities including cross site scripting, clickjacking, API misuse, and referer leakage. Given the extreme sensitivity of users...

cve

...

CVE-2025-33053 Exploit via Malicious .URL File and WebDAV

This module exploits CVE-2025-33053 by generating a malicious .URL file pointing to a trusted LOLBAS binary with parameters designed to trigger unintended behavior. Optionally, a payload is generated and hosted on a specified WebDAV directory. When the victim opens the shortcut, it will attempt t...

Robust Anomaly Detection in Network Traffic: Evaluating Machine Learning Models on CICIDS2017

Identifying suitable machine learning paradigms for intrusion detection remains critical for building effective and generalizable security solutions. In this study, we present a controlled comparison of four representative models - Multi-Layer Perceptron MLP, 1D Convolutional Neural Network CNN,...