Linux Distros Unpatched Vulnerability : CVE-2021-41041

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Eclipse Openj9 before version 0.32.0, Java 8 & 11 fail to throw the exception captured during bytecode verification when verification is triggered by a...

Linux Distros Unpatched Vulnerability : CVE-2019-16943

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled either globally or for a specific...

PT-2025-34107 · Undefined · Undefined

Spreecommerce versions prior to 0.50.x contain a remote command execution vulnerability in the API's search functionality. Improper input sanitation allows attackers to inject arbitrary shell commands via the searchinstance eval parameter, which is dynamically invoked using Ruby’s send method. Th...

Linux Distros Unpatched Vulnerability : CVE-2019-16942

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled either globally or for a specific...

Apache CXF < 3.6.8 / 4.x < 4.0.9 / 4.1.x < 4.1.3 RCE (CVE-2025-48913)

The version of Apache CXF installed on the remote host is affected by remote code execution vulnerability. If untrusted users are allowed to configure JMS for Apache CXF, previously they could use RMI or LDAP URLs, potentially leading to code execution capabilities. This interface is now restrict...

CVE-2025-48913

A flaw was found in org.apache.cxf/cxf, where untrusted users can configure JMS to allow the specification of RMI or LDAP URLs, possibly leading to code execution. This vulnerability allows an attacker to provide malicious protocol URLs during JMS configuration. Mitigation To reduce risk,...

Apache CXF: Untrusted JMS configuration can lead to RCE

If untrusted users are allowed to configure JMS for Apache CXF, previously they could use RMI or LDAP URLs, potentially leading to code execution capabilities. This interface is now restricted to reject those protocols, removing this possibility. Users are recommended to upgrade to versions 3.6.8...

PT-2025-32329

Name of the Vulnerable Software and Affected Versions Apache CXF versions 3.6.8, 4.0.9, and 4.1.3 Description The software allows untrusted users to configure JMS, which previously permitted the use of RMI or LDAP URLs. This could potentially lead to code execution. The interface is now restricte...

ROS-20250806-05

A vulnerability in the Job Invocation component of tfm-rubygem-foremanansible is related to data manipulation. Exploitation of the vulnerability could allow an attacker acting remotely to view the job invocation, searching for passwords and other sensitive data...

JavaDeserH2HC

This repository contains sample codes for the Hackers to Hackers Conference magazine 2017 H2HC. The codes are designed to demonstrate various exploitation techniques, specifically focusing on Java deserialization vulnerabilities. The primary vulnerability class/vector targeted is Java...

CVE-2025-38186

In the Linux kernel, the following vulnerability has been resolved: bnxten: Fix double invocation of bnxtulpstop/bnxtulpstart Before the commit under the Fixes tag below, bnxtulpstop and bnxtulpstart were always invoked in pairs. After that commit, the new bnxtulprestart can be invoked after...

SUSE CVE-2025-38186

In the Linux kernel, the following vulnerability has been resolved: bnxten: Fix double invocation of bnxtulpstop/bnxtulpstart Before the commit under the Fixes tag below, bnxtulpstop and bnxtulpstart were always invoked in pairs. After that commit, the new bnxtulprestart can be invoked after...

DEBIAN-CVE-2025-38186

In the Linux kernel, the following vulnerability has been resolved: bnxten: Fix double invocation of bnxtulpstop/bnxtulpstart Before the commit under the Fixes tag below, bnxtulpstop and bnxtulpstart were always invoked in pairs. After that commit, the new bnxtulprestart can be invoked after...

CVE-2025-38186 bnxt_en: Fix double invocation of bnxt_ulp_stop()/bnxt_ulp_start()

In the Linux kernel, the following vulnerability has been resolved: bnxten: Fix double invocation of bnxtulpstop/bnxtulpstart Before the commit under the Fixes tag below, bnxtulpstop and bnxtulpstart were always invoked in pairs. After that commit, the new bnxtulprestart can be invoked after...

CVE-2025-38186 bnxt_en: Fix double invocation of bnxt_ulp_stop()/bnxt_ulp_start()

In the Linux kernel, the following vulnerability has been resolved: bnxten: Fix double invocation of bnxtulpstop/bnxtulpstart Before the commit under the Fixes tag below, bnxtulpstop and bnxtulpstart were always invoked in pairs. After that commit, the new bnxtulprestart can be invoked after...

CVE-2025-1701

CVE-2025-1701 affects MIM Admin Service prior to 7.2.13, 7.3.8, or 7.4.3. The issue allows a local attacker with access to the RMI interface (bound to 127.0.0.1) to send a specially crafted request and execute arbitrary code with the privileges of the MIM Admin service. The RMI surface is locally...

MIM Admin Service 安全漏洞

MIM Admin Service is a service component for centralized management of identity and access rights from MIM USA. A security vulnerability exists in MIM Admin Service versions prior to 7.2.13, prior to 7.3.8, and prior to 7.4.3, which stems from improper handling of the RMI interface and could lead...

CVE-2025-21485

Memory corruption while processing INIT and multimode invoke IOCTL calls on FastRPC...

Improving LLM Agents with Reinforcement Learning on Cryptographic CTF Challenges

Large Language Models LLMs still struggle with the structured reasoning and tool-assisted computation needed for problem solving in cybersecurity applications. In this work, we introduce "random-crypto", a cryptographic Capture-the-Flag CTF challenge generator framework that we use to fine-tune a...

CVE-2023-26455

RMI was not requiring authentication when calling ChronosRMIService:setEventOrganizer. Attackers with local or adjacent network access could abuse the RMI service to modify calendar items using RMI. RMI access is restricted to localhost by default. The interface has been updated to require...