11 matches found
mythos-preview
🜲 Mythos Preview Multi-agent vulnerability discovery harn...
LangChain vulnerable to unsafe deserialization of attacker-controlled objects through overly broad `load()` allowlists
LangChain contains older runtime code paths that deserialize run inputs, run outputs, or other application-controlled payloads using overly broad object allowlists. These paths may call load with allowedobjects="all". This does not enable arbitrary Python object deserialization, but it does allow...
SOCpilot: Verifying Policy Compliance for LLM-Assisted Incident Response
Security operations centers SOCs are beginning to use large language models LLMs as copilots to draft incident-response plans. These plans may include actions that are valid per the catalog but still violate mandatory steps, required ordering, or approval gates before analyst review. SOCpilot mak...
POC---Aikido-Security-BV
POC---Aikido-Security-B...
A Survey of Web Application Security Tutorials
Developers rely on online tutorials to learn web application security, but tutorial quality varies. We reviewed 132 free security tutorials to examine topic coverage, authorship, and technical depth. Our analysis shows that most tutorials come from vendors and emphasize high-level explanations ov...
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerabilities have been resolved: schedext: Fixed an issue where picktaskscx picks non-queued tasks when it is called without balance being performed first. a6250aa251ea “schedext”: Added a workaround for cases where picktaskscx is called without preceding...
SUSE CVE-2025-21897
In the Linux kernel, the following vulnerability has been resolved: schedext: Fix picktaskscx picking non-queued tasks when it's called without balance a6250aa251ea "schedext: Handle cases where picktaskscx is called without preceding balancescx" added a workaround to handle the cases where...
UBUNTU-CVE-2025-21897
In the Linux kernel, the following vulnerability has been resolved: schedext: Fix picktaskscx picking non-queued tasks when it's called without balance a6250aa251ea "schedext: Handle cases where picktaskscx is called without preceding balancescx" added a workaround to handle the cases where...
CVE-2021-47572 net: nexthop: fix null pointer dereference when IPv6 is not enabled
In the Linux kernel, the following vulnerability has been resolved: net: nexthop: fix null pointer dereference when IPv6 is not enabled When we try to add an IPv6 nexthop and IPv6 is not enabled !CONFIGIPV6 we'll hit a NULL pointer dereference1 in the error path of nhcreateipv6 due to calling...
WS-Attacker v1.8 - Modular Framework For Web Services Penetration Testing
WS-Attacker is a modular framework for web services penetration testing. It is developed by the Chair of Network and Data Security, Ruhr University Bochum http://nds.rub.de/ and the Hackmanit GmbH http://hackmanit.de/ . The basic idea behind WS-Attacker is to provide a functionality to load WSDL...
Web Services Penetration Testing: WS-Attacker
WS-Attacker is a modular framework for web services penetration testing. It is developed by the Chair of Network and Data Security, Ruhr University Bochum http://nds.rub.de/ and the Hackmanit GmbH http://hackmanit.de/ . The basic idea behind WS-Attacker is to provide a functionality to load WSDL...