MalwarePT: A Binary-Level Foundation Model for Malware Analysis

Automated malware analysis increasingly relies on machine learning, yet most existing methods remain task-specific and depend on handcrafted features or narrowly scoped models. Recent developments in binary-level foundation models suggest a path toward reusable program representations, but their...

PT-2026-3893

Name of the Vulnerable Software and Affected Versions sm-crypto versions prior to 0.3.14 Description sm-crypto, a JavaScript library providing implementations of Chinese cryptographic algorithms SM2, SM3, and SM4, contains a flaw in the SM2 decryption logic. An attacker can recover the private ke...

CVE-2025-10569

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.3 before 18.5.5, 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed an authenticated user to create a denial of service condition by providing crafted responses to external API calls...

CVE-2025-41090

microCLAUDIA in v3.2.0 and prior has an improper access control vulnerability. This flaw allows an authenticated user to perform unauthorized actions on other organizations' systems by sending direct API requests. To do so, the attacker can use organization identifiers obtained through a...

CVE-2025-11957

Improper authorization in the temporary access workflow of Devolutions Server 2025.2.12.0 and earlier allows an authenticated basic user to self-approve or approve the temporary access requests of other users and gain unauthorized access to vaults and entries via crafted API requests...

F5 BIG-IP 安全漏洞

F5 BIG-IP is an application delivery platform that integrates network traffic management, application security management, and load balancing from F5 USA. A security vulnerability exists in F5 BIG-IP that stems from repeated undisclosed API calls that could cause the Traffic Management Microkerne...

EUVD-2022-43035

Malicious code in bioql PyPI...

CVE-2025-9321

The WPCasa plugin for WordPress is vulnerable to Code Injection in all versions up to, and including, 1.4.1. This is due to insufficient input validation and restriction on the 'apirequests' function. This makes it possible for unauthenticated attackers to call arbitrary functions and execute cod...

On Automating Security Policies with Contemporary LLMs

The complexity of modern computing environments and the growing sophistication of cyber threats necessitate a more robust, adaptive, and automated approach to security enforcement. In this paper, we present a framework leveraging large language models LLMs for automating attack mitigation policy...

CVE-2022-41589

The DFX unwind stack module of the ArkCompiler has a vulnerability in interface calling.Successful exploitation of this vulnerability affects system services and device availability...

CVE-2022-3676

In Eclipse Openj9 before version 0.35.0, interface calls can be inlined without a runtime type check. Malicious bytecode could make use of this inlining to access or modify memory via an incompatible type...

Qualcomm Chipsets 安全漏洞

Qualcomm Chipsets are a series of chipsets from Qualcomm, Inc. A security vulnerability exists in Qualcomm Chipsets that stems from a possible memory corruption when processing NPU API calls with invalid inputs if the inputs are not validated...

Huawei HarmonyOS 安全漏洞

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A security vulnerability exists in Huawei HarmonyOS, which stems from a vulnerability in which interface calls are not verified. It affects device...

CVE-2022-45636

An issue discovered in MEGAFEIS, BOFEI DBD+ Application for IOS & Android v1.4.4 allows attacker to unlock models without authorization via arbitrary API requests...

SUSE CVE-2014-8640

The mozilla::dom::AudioParamTimeline::AudioNodeInputValue function in the Web Audio API implementation in Mozilla Firefox before 35.0 and SeaMonkey before 2.32 does not properly restrict timeline operations, which allows remote attackers to cause a denial of service uninitialized-memory read and...

SUSE CVE-2022-3676

In Eclipse Openj9 before version 0.35.0, interface calls can be inlined without a runtime type check. Malicious bytecode could make use of this inlining to access or modify memory via an incompatible type...

CVE-2022-3676

In Eclipse Openj9 before version 0.35.0, interface calls can be inlined without a runtime type check. Malicious bytecode could make use of this inlining to access or modify memory via an incompatible type...

PT-2022-23611 · Eclipse +1 · Eclipse Openj9 +1

Name of the Vulnerable Software and Affected Versions: Eclipse Openj9 versions prior to 0.35.0 Description: The issue allows malicious bytecode to potentially access or modify memory via an incompatible type due to the inlining of interface calls without a runtime type check. Recommendations: For...

Huawei HarmonyOS Denial of Service Vulnerability

Huawei HarmonyOS is an operating system from Huawei, China. It provides a microkernel-based distributed operating system. A denial-of-service vulnerability exists in the Huawei HarmonyOS DFX Deployment Stack module interface calls, which can be exploited by attackers to launch denial-of-service...

CVE-2020-14126

Information leakage vulnerability exists in the Mi Sound APP. This vulnerability is caused by illegal calls of some sensitive JS interfaces, which can be exploited by attackers to leak sensitive information...