Lucene search
K

5 matches found

Github Security Blog
Github Security Blog
added 2026/06/19 2:20 p.m.11 views

undici vulnerable to cross-origin request routing via SOCKS5 proxy pool reuse

Impact When using Socks5ProxyAgent, undici reuses a single connection pool across different origins without verifying that the pool's origin matches the requested origin. All requests are dispatched through the pool connected to the first origin, regardless of the intended destination. This cause...

8.8CVSS6.4AI score0.00358EPSS
Exploits0References5Affected Software1
Packet Storm News
Packet Storm News
added 2026/05/12 12:0 a.m.88 views

CTFusion: A CTF-Based Benchmark for LLM Agent Evaluation

Recent advances in Large Language Models LLMs have enabled agentic systems for complex, multi-step tasks; cybersecurity is emerging as a prominent application. To evaluate such agents, researchers widely adopt Capture The Flag CTF benchmarks. However, current CTF benchmarks reuse existing...

5.8AI score
Exploits0
Github Security Blog
Github Security Blog
added 2026/03/03 11:5 p.m.15 views

OpenClaw's tools.exec.safeBins generic fallback allowed interpreter-style inline payload execution in allowlist mode

Summary When tools.exec.safeBins contained a binary without an explicit safe-bin profile, OpenClaw used a permissive generic fallback profile. In allowlist mode, that could let interpreter-style binaries for example python3, node, ruby execute inline payloads via flags like -c. This requires...

6AI score
Exploits0References3Affected Software1
OSV
OSV
added 2026/03/03 11:5 p.m.3 views

GHSA-8MF7-VV8W-HJR2 OpenClaw's tools.exec.safeBins generic fallback allowed interpreter-style inline payload execution in allowlist mode

Summary When tools.exec.safeBins contained a binary without an explicit safe-bin profile, OpenClaw used a permissive generic fallback profile. In allowlist mode, that could let interpreter-style binaries for example python3, node, ruby execute inline payloads via flags like -c. This requires...

2.3CVSS6AI score
Exploits0References3
Packet Storm News
Packet Storm News
added 2025/11/23 12:0 a.m.31 views

LLMs As Firmware Experts: A Runtime-Grown Tree-Of-Agents Framework

Large Language Models LLMs and their agent systems have recently demonstrated strong potential in automating code reasoning and vulnerability detection. However, when applied to large-scale firmware, their performance degrades due to the binary nature of firmware, complex dependency structures, a...

7.1AI score
Exploits0
Rows per page
Query Builder