GHSA-J48Q-4C78-RHF9 openssl-encrypt: Dynamic .so loading for Whirlpool uses broad glob pattern without integrity verification

Severity: HIGH Summary The Whirlpool hash implementation in opensslencrypt/modules/registry/hashregistry.py at lines 570-589 uses glob patterns to find .so modules in site-packages and loads the first match via importlib without verifying module integrity. Affected Code python for sitepkg in...

The Bug Report - January 2026 Edition

The Bug Report – January 2026 Edition By Jonathan Omakun · February 12, 2026 Why am I here? Welcome back to The Bug Report, the post-holiday edition, where we realize that while our resolutions to "go to the gym" have already failed, hackers’ resolutions to "break everything" are going strong. Fo...

📄 Keras 2.15 Insecure Deserialization

Keras version 2.15 insecure deserialization proof of concept exploit. A security issue in certain versions of Keras allows attackers to craft a malicious model file typically a .keras or HDF5-based model containing unsafe serialization primitives. When such a model is loaded, the deserialization...

EUVD-2017-0357

Malware in sbrugna...

CVE-2020-11127

u'Integer overflow can cause a buffer overflow due to lack of table length check in the extensible boot Loader during the validation of security metadata while processing objects to be loaded' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon...

USN-6945-1: wpa_supplicant and hostapd vulnerability

Rory McNamara discovered that wpasupplicant could be made to load arbitrary shared objects by unprivileged users that have access to the control interface. An attacker could use this to escalate privileges to root...

SUSE CVE-2012-1973

Use-after-free vulnerability in the nsObjectLoadingContent::LoadObject function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denia...

CVE-2017-1000248

Redis-store =v1.3.0 allows unsafe objects to be loaded from redis...

CVE-2017-1000248

Redis-store =v1.3.0 allows unsafe objects to be loaded from redis...

CVE-2017-1000248

Redis-store =v1.3.0 allows unsafe objects to be loaded from redis...

CVE-2017-1000248

Redis-store =v1.3.0 allows unsafe objects to be loaded from redis...

WinDBG and JavaScript Analysis

This blog was authored by Paul Rascagneres.IntroductionJavaScript is frequently used by malware authors to execute malicious code on Windows systems because it is powerful, natively available and rarely disabled. Our previous article on .NET analysis generated much interest relating to how to use...

Mozilla: Multiple Use-after-free issues (MFSA 2012-58)

Use-after-free vulnerability in the nsObjectLoadingContent::LoadObject function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denia...

Firefox 8.0 Null Pointer Dereference PoC

No description provided by source. Firefox = 8.0 null pointer dereference PoC exploit Author: 0in Maksymilian Motyl Tested on Firefox 8.0/4.0 on windows and Firefox 7.1 on Linux Lets see in code: $ cat ./mozilla-release/content/base/src/nsObjectLoadingContent.cpp NSIMETHODIMP...

Mozilla Firefox 8.0 Null Pointer Dereference

Firefox GetStatus&status; // Code execution is here. // --------------------------------------------------------------------------------- DUMP: 014E7A28 8B7D 08 MOV EDI,DWORD PTR SS:EBP+8 014E7A2B 8B07 MOV EAX,DWORD PTR DS:EDI ; access violation when reading 0x00000000 014E7A2D 8D4D FC LEA...