MalCVE: Malware Detection and CVE Association Using Large Language Models

Malicious software attacks are having an increasingly significant economic impact. Commercial malware detection software can be costly, and tools that attribute malware to the specific software vulnerabilities it exploits are largely lacking. Understanding the connection between malware and the...

CVE-2025-32985

NETSCOUT nGeniusONE before 6.4.0 b2350 has Hardcoded Credentials that can be obtained from JAR files...

Rekor 安全漏洞

Rekor is open source software that provides an immutable, tamper-proof ledger for metadata generated in the supply chain of software projects. A security vulnerability exists in versions of Rekor prior to 1.1.1, which stems from reading archived metadata files into memory without first checking t...

Out-of-Band Detection for Log4Shell

Log4j is the de facto logging library for all Java applications, as Log4j is used in most Java-based applications. The challenge is that Java applications that use the log4j-vulnerable library can be coded, packaged, and deployed using different methods – this introduces a challenge for detection...

FireEye - Wormable Remote Code Execution in MIP JAR Analysis

FireEye - Wormable Remote Code Execution in MIP JAR Analysis Source: https://code.google.com/p/google-security-research/issues/detail?id=666 The FireEye MPS Malware Protection System is vulnerable to a remote code execution vulnerability, simply from monitoring hostile traffic. FireEye is designe...

FireEye - Wormable Remote Code Execution in MIP JAR Analysis

Exploit for java platform in category remote exploits Source: https://code.google.com/p/google-security-research/issues/detail?id=666 The FireEye MPS Malware Protection System is vulnerable to a remote code execution vulnerability, simply from monitoring hostile traffic. FireEye is designed to...

FireEye - Wormable Remote Code Execution in MIP JAR Analysis

Source: https://code.google.com/p/google-security-research/issues/detail?id=666 The FireEye MPS Malware Protection System is vulnerable to a remote code execution vulnerability, simply from monitoring hostile traffic. FireEye is designed to operate as a passive network tap, so that it can see all...

OpenJDK: jar directory traversal issues (Tools, 8064601)

A directory traversal flaw was found in the way the jar tool extracted JAR archive files. A specially crafted JAR archive could cause jar to overwrite arbitrary files writable by the user running jar when the archive was extracted...

OpenJDK: jar directory traversal issues (Tools, 8064601)

A directory traversal flaw was found in the way the jar tool extracted JAR archive files. A specially crafted JAR archive could cause jar to overwrite arbitrary files writable by the user running jar when the archive was extracted...

OpenJDK: jarsigner does not detect unsigned bytecode injected into signed jars

jarsigner in OpenJDK and Oracle Java SE before 7u51 allows remote attackers to bypass a code-signing protection mechanism and inject unsigned bytecode into a signed JAR file by leveraging improper file validation...

OpenJDK Pack200 Buffer overflow vulnerability (6792554)

Integer overflow in unpack200 in Java SE Development Kit JDK and Java Runtime Environment JRE 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via a JAR file with crafted Pack200 headers...

Mozilla -moz-binding property bypasses security checks on codebase principals

Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to bypass the protection mechanism for codebase principals and execute arbitrary script via the -moz-binding CSS property in a signed JAR file...