CVE-2026-24037

Horilla is a free and open source Human Resource Management System HRMS. In version 1.4.0, the hasxss function attempts to block XSS by matching input against a set of regex patterns. However, the regexes are incomplete and context-agnostic, making them easy to bypass. Attackers are able to...

Seroval security vulnerabilities

Seroval is a formatted Java library developed by Alexis H. Munsayac. Versions of Seroval 1.4.0 and earlier contain security vulnerabilities. These vulnerabilities arise from the possibility of exhausting memory or causing denial-of-service attacks when custom RegEx patterns are deserialized...

An Empirical Study on Remote Code Execution in Machine Learning Model Hosting Ecosystems

Model-sharing platforms, such as Hugging Face, ModelScope, and OpenCSG, have become central to modern machine learning development, enabling developers to share, load, and fine-tune pre-trained models with minimal effort. However, the flexibility of these ecosystems introduces a critical security...

libxml2 security vulnerability

Libxml2 is an open-source library from GNOME that is used for parsing XML documents. It is written in C language and can be called by various languages, such as C, C++, and XSH. Libxml2 has a security vulnerability; this vulnerability stems from the RelaxNG parser’s failure to limit the depth of...

Improper Validation

github.com/elastic/beats are vulnerable to Improper Validation. The vulnerability is due to insufficient validation of indexes, positions, or offsets in input handling, which allows an attacker to trigger a buffer overflow by sending a malformed Syslog message or a malicious Dissect tokenizer...

YARA-X 1.11.0

YARA-X is a re-incarnation of YARA, a pattern matching tool designed with malware researchers in mind. This new incarnation intends to be faster, safer and more user-friendly than its predecessor. The ultimate goal of YARA-X is replacing YARA as the default pattern matching tool for malware...

CVE-2026-22041

Logging Redactor is a Python library designed to redact sensitive data in logs based on regex patterns and / or dictionary keys. Prior to version 0.0.6, non-string types are converted into string types, leading to type errors in %d conversions. The problem has been patched in version 0.0.6. No...

PT-2026-1337

Name of the Vulnerable Software and Affected Versions Anthropic's MCP TypeScript SDK versions up to and including 1.25.1 Description The software contains a regular expression denial of service ReDoS issue within the UriTemplate class when handling RFC 6570 exploded array patterns. The dynamicall...

PT-2026-28675

Name of the Vulnerable Software and Affected Versions path-to-regexp versions prior to 8.4.0 Description A flawed regular expression is created when multiple sequential optional groups using curly brace syntax are present, such as abc:z. The resulting regular expression expands exponentially with...

VIPSQLi

🔥 VIP SQLi Scanner - Professional Triage Tool REAL SQLi PEH...

Friday Squid Blogging: Squid Camouflage

New research: Abstract: Coleoid cephalopods have the most elaborate camouflage system in the animal kingdom. This enables them to hide from or deceive both predators and prey. Most studies have focused on benthic species of octopus and cuttlefish, while studies on squid focused mainly on the...

Filebeat Beats has Buffer Overflow via Malformed Syslog Message or Malicious Tokenizer Pattern in Dissect Configuration

Improper Validation of Specified Index, Position, or Offset in Input CWE-1285 in Filebeat Syslog parser and the Libbeat Dissect processor can allow a user to trigger a Buffer Overflow CAPEC-100 and cause a denial of service panic/crash of the Filebeat process via either a malformed Syslog message...

curl: Denial of Service (DoS) vulnerability in dedotdotify() URL path normalization

Summary A Denial of Service DoS vulnerability exists in the dedotdotify function in lib/urlapi.c that can cause excessive CPU consumption due to On² time complexity when processing URLs with malicious path patterns containing many ../ sequences. Affected Component - Component: libcurl URL API -...

📄 Cloudbleed Scanner

Cloudbleed Scanner is a comprehensive security tool designed to detect memory leak patterns similar to the 2017 Cloudbleed incident, where Cloudflare's reverse proxies leaked uninitialized memory containing sensitive data...

📄 Cloudflare Memory Leak

A Python-based scanner imitates CloudBleed-style leakage detection by fetching raw HTTP response data from a target website, converting it to hexadecimal, and searching for sensitive memory patterns such as sessions, passwords, tokens, cookies, AWS keys, and stack traces. It does not exploit the...

A Novel Trust-Based DDoS Cyberattack Detection Model for Smart Business Environments

As the frequency and complexity of Distributed Denial-of-Service DDoS attacks continue to increase, the level of threats posed to Smart Internet of Things SIoT business environments have also increased. These environments generally have several interconnected SIoT systems and devices that are...

Architecture Patterns That Enable Cycode alternatives at Scale

Guide to scale ready code security with event driven scans unified data and API first design for large teams seeking strong growth aligned control...

Beyond the Hype: A Large-Scale Empirical Analysis of On-Chain Transactions in NFT Scams

Non-fungible tokens NFTs serve as a representative form of digital asset ownership and have attracted numerous investors, creators, and tech enthusiasts in recent years. However, related fraud activities, especially phishing scams, have caused significant property losses. There are many graph...

CLSA-2025-1764324770 Fix CVE(s): CVE-2022-30688

SECURITY UPDATE: insecure regex patterns for interpreter detection - debian/patches/CVE-2022-30688.patch: prevent local privilege escalation by anchoring interpreter regex patterns - CVE-2022-30688...

Next-Generation MIMO Transceivers for Integrated Sensing and Communications: Unique Security Vulnerabilities and Solutions

Integrated sensing and communications ISAC, which is recognized as a key enabler for sixth generation 6G, has brought new opportunities for intelligent, sustainable, and connected wireless networks. Multiple-input multiple-output MIMO transceiver technology lies at the core of this paradigm,...