Exploit for Code Injection in Xwiki

CVE-2025-24893 PoC | XWiki Platform 15.10.10 - Remote Code...

ASTRA: Autonomous Spatial-Temporal Red-Teaming for AI Software Assistants

AI coding assistants like GitHub Copilot are rapidly transforming software development, but their safety remains deeply uncertain-especially in high-stakes domains like cybersecurity. Current red-teaming tools often rely on fixed benchmarks or unrealistic prompts, missing many real-world...

Git Multiple Vulnerabilities (Aug 2025) - Windows

Git is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:git:git"; ifdescription...

Exploit for Command Injection in Fit2Cloud 1Panel

CVE-2025-54424 CVE-2025-54424: 1Panel client vulnerability in...

Exploit for Code Injection in Xwiki

CVE-2025-24893 Remote Code Execution exploit for XWikihttp...

Exploit for Code Injection in Xwiki

CVE-2025-24893 - XWiki Remote Code Execution RCE An updated...

Exploit for Relative Path Traversal in Articatech Artica_Proxy

LFI to RCE Exploit via Log Poisoning Python3 exploit for CVE...

Think Broad, Act Narrow: CWE Identification with Multi-Agent Large Language Models

Machine learning and Large language models LLMs for vulnerability detection has received significant attention in recent years. Unfortunately, state-of-the-art techniques show that LLMs are unsuccessful in even distinguishing the vulnerable function from its benign counterpart, due to three main...

SHoM: a Mental-Synthesis Trust Management Model for Mitigating Botnet-Driven DDoS Attacks in the Internet of Things

The advantages of IoT in strengthening commercial, industrial, and social ecosystems have led to its widespread expansion. Nevertheless, because endpoint devices have limited computation, storage, and communication capabilities, the IoT infrastructure is vulnerable to several cyber threats. As a...

How to Copy-Protect Malleable-Puncturable Cryptographic Functionalities under Arbitrary Challenge Distributions

A quantum copy-protection scheme Aaronson, CCC 2009 encodes a functionality into a quantum state such that given this state, no efficient adversary can create two possibly entangled quantum states that are both capable of running the functionality. There has been a recent line of works on...

Assessment of Quantitative Cyber-Physical Reliability of SCADA Systems in Autonomous Vehicle to Grid (V2G) Capable Smart Grids

The integration of electric vehicles EVs into power grids via Vehicle-to-Grid V2G system technology is increasing day by day, but these phenomena present both advantages and disadvantages. V2G can increase grid reliability by providing distributed energy storage and ancillary services. However, o...

Exploit for Type Confusion in Microsoft

🚨 CVE-2025-30397 – Critical JScript RCE Vulnerability Exploi...

Exploit for CVE-2025-2598

CVE-2023-2598 what's iouring? ​ iouring is a system c...

Revisiting Pre-Trained Language Models for Vulnerability Detection

The rapid advancement of pre-trained language models PLMs has demonstrated promising results for various code-related tasks. However, their effectiveness in detecting real-world vulnerabilities remains a critical challenge. % for the security community. While existing empirical studies evaluate...

Security update for the Linux Kernel (Live Patch 36 for SLE 15 SP4)

This update for the Linux Kernel 5.14.21-15040024150 fixes several issues. The following security issues were fixed: CVE-2022-49465: blk-throttle: Set BIOTHROTTLED when bio has been throttled bsc1238920. CVE-2025-21772: partitions: mac: fix handling of bogus partition table bsc1238912...

Dippyis Insecure Direct Object Reference / Brute Force

Dippyis a popular website to chat with millions of proactive AI characters. The Dippy chat suffers from an insecure direct object reference vulnerability. Conversation histories for all users are stored on the server. However, Dippy's server does not distinguish the ownership or sharing status of...

Windows AArch64 Command Execution

Executes an arbitrary command on a Windows on ARM AArch64 target. This payload is a foundational example of position-independent shellcode for the AArch64 architecture. It dynamically resolves the address of the WinExec function from kernel32.dll by parsing the Process Environment Block PEB and t...

An Architecture for Privacy-Preserving Telemetry Scheme

Whitepaper called An Architecture For Privacy-Preserving Telemetry Scheme...

nuclei-templates-2025hw

Nuclei Templates for HW 2025 Repository Overview This rep...

Enabling Security on the Edge: a CHERI Compartmentalized Network Stack

The widespread deployment of embedded systems in critical infrastructures, interconnected edge devices like autonomous drones, and smart industrial systems requires robust security measures. Compromised systems increase the risks of operational failures, data breaches, and -- in safety-critical...