EUVD-2026-15693

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ProgressionStudios Vayvo vayvo-progression allows Reflected XSS.This issue affects Vayvo: from n/a through 6.8...

PT-2026-27926

Name of the Vulnerable Software and Affected Versions ProgressionStudios Vayvo versions prior to 6.8 Description The software contains a flaw due to improper neutralization of input during web page generation, leading to a Reflected Cross-Site Scripting XSS condition. This allows an attacker to...

Learning the APT Kill Chain: Temporal Reasoning over Provenance Data for Attack Stage Estimation

Advanced Persistent Threats APTs evolve through multiple stages, each exhibiting distinct temporal and structural behaviors. Accurate stage estimation is critical for enabling adaptive cyber defense. This paper presents StageFinder, a temporal graph learning framework for multi-stage attack...

Can AI Lower the Barrier to Cybersecurity? A Human-Centered Mixed-Methods Study of Novice CTF Learning

Capture-the-Flag CTF competitions serve as gateways into offensive cybersecurity, yet they often present steep barriers for novices due to complex toolchains and opaque workflows. Recently, agentic AI frameworks for cybersecurity promise to lower these barriers by automating and coordinating...

Regular Expression Denial of Service (ReDoS) Detector

This Metasploit auxiliary module implements a scientific approach to detecting and validating ReDoS vulnerabilities in HTTP-based applications. It leverages context-aware payload generation, length progression testing, and statistical analysis to identify inefficient regular expressions that may...

binary-exploitation-labs

Binary Exploitation Labs This repository is my long-term pu...

AZL-78401 CVE-2025-68223 affecting package kernel 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: drm/radeon: delete radeonfenceprocess in issignaled, no deadlock Delete the attempt to progress the queue when checking if fence is signaled. This avoids deadlock. dma-fenceops::signaled can be called with the fence lock in unkno...

CVE-2025-68223 drm/radeon: delete radeon_fence_process in is_signaled, no deadlock

In the Linux kernel, the following vulnerability has been resolved: drm/radeon: delete radeonfenceprocess in issignaled, no deadlock Delete the attempt to progress the queue when checking if fence is signaled. This avoids deadlock. dma-fenceops::signaled can be called with the fence lock in unkno...

veraPDF CLI has potential XXE (XML External Entity Injection) vulnerability

Impact Executing policy checks using custom schematron files via the CLI invokes an XSL transformation that may theoretically lead to a remote code execution RCE vulnerability. Patches We are currently working on a patch that will be released when ready. Workarounds This doesn't affect the standa...

WordPress Guild Raid Progression for WoW and Raider IO Plugin < 1.0.3 is vulnerable to Cross Site Scripting (XSS)

Software Guild Raid Progression for WoW and Raider IO Type Plugin Vulnerable versions 1.0.3 Fixed in 1.0.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 44f4e0b3ae81 Credits Rafie...

PT-2023-8721 · Linux +4 · Linux Kernel +4

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The Linux kernel has a vulnerability related to the handling of non-PAGE SIZE-end multi-iovec user SDMA requests in the hfi1 driver. This vulnerability can cause data corruption for us...

Why Should CISOs Care About XDR?

We have been collectively saying in our industry for the last 15-20 years that a layered approach to your security stack is a “best practice,” but as with all best practices, these are ideals rather than reality for so many charged with protecting their organizations. The vast majority of CISOs a...

[jSQL Injection v0.5] Java tool for automatic database injection

jSQL Injection is a lightweight application used to find database information from a distant server. jSQL is free, open source and cross-platform Windows, Linux, Mac OS X, Solaris. jSQL Injection change log - version 0.5 0.5 SQL shell Uploader 0.4 Admin page checker and preview Brute forcer md5...

[jSQL Injection v0.4] Java tool for automatic database injection

jSQL Injection is a lightweight application used to find database information from a distant server. jSQL is free, open source and cross-platform Windows, Linux, Mac OS X, Solaris. Version 0.4 features: GET, POST, header, cookie methods Normal, error based, blind, time based algorithms Automatic...