Exploit for CVE-2026-46300

⚠️ Security Research & Legal Disclaimer 📌 Purpose of This...

Hack the AI agent: Build agentic AI security skills with the GitHub Secure Code Game

I was scrolling through my feed one evening when I came across OpenClaw, an open source personal AI assistant that people were calling everything from "Jarvis" to "a portal to a new reality." The idea is beautiful: an AI that lives on your machine or in the cloud, talks to you over WhatsApp or...

Leveraging Large Language Models for Trustworthiness Assessment of Web Applications

The widespread adoption of web applications has made their security a critical concern and has increased the need for systematic ways to assess whether they can be considered trustworthy. However, "trust" assessment remains an open problem as existing techniques primarily focus on detecting known...

Security-By-Design for LLM-Based Code Generation: Leveraging Internal Representations for Concept-Driven Steering Mechanisms

Large Language Models LLMs show remarkable capabilities in understanding natural language and generating complex code. However, as practitioners adopt CodeLLMs for increasingly critical development tasks, research reveals that these models frequently generate functionally correct yet insecure cod...

openclaw-security-quiz

🔒 Security & Best Practices Quiz A mobile-friendly quiz app w...

EUVD-2020-0492

Malware in sbrugna...

EUVD-2018-14828

Malware in sbrugna...

EUVD-2021-12315

Malware in sbrugna...

EUVD-2024-34217

Malicious code in bioql PyPI...

EUVD-2025-3845

Malicious code in bioql PyPI...

EUVD-2025-18489

Malicious code in bioql PyPI...

SQLInjectionWiki

This is a SQL injection wiki repository. It is a collection of resources and information on SQL injection techniques, including detection, exploitation, and mitigation. The repository is maintained by NetSPI and is available in both English and Chinese versions. The wiki covers various topics...

Webinar: How to Stop Python Supply Chain Attacks—and the Expert Tools You Need

Python is everywhere in modern software. From machine learning models to production microservices, chances are your code—and your business—depends on Python packages you didn't write. But in 2025, that trust comes with a serious risk. Every few weeks, we're seeing fresh headlines about malicious...

Secure Coding for Web Applications: Frameworks, Challenges, and the Role of LLMs

Secure coding is a critical yet often overlooked practice in software development. Despite extensive awareness efforts, real-world adoption remains inconsistent due to organizational, educational, and technical barriers. This paper provides a comprehensive review of secure coding practices across...

SCGAgent: Recreating the Benefits of Reasoning Models for Secure Code Generation with Agentic Workflows

Large language models LLMs have seen widespread success in code generation tasks for different scenarios, both everyday and professional. However current LLMs, despite producing functional code, do not prioritize security and may generate code with exploitable vulnerabilities. In this work, we...

CVE-2025-5481 Sante DICOM Viewer Pro DCM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

Sante DICOM Viewer Pro DCM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante DICOM Viewer Pro. User interaction is required to exploit this vulnerability in that the target...

ABB M2M Gateway Abitrary Code Execution in embedded Git (CVE-2023-25652)

Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, by feeding specially crafted input to git apply --reject, a path outside the working tree can be overwritten with partially controlled contents...

CVE-2019-13066

Sahi Pro 8.0.0 has a script manager arena located at s/dyn/pro/DBReports with many different areas that are vulnerable to reflected XSS, by updating a script's Script Name, Suite Name, Base URL, Android, iOS, Scripts Run, Origin Machine, or Comment field. The sql parameter can be used to trigger...

GHSA-7C85-87CP-MR6G LlamaIndex Vulnerable to Denial of Service (DoS)

A Denial of Service DoS vulnerability has been identified in the KnowledgeBaseWebReader class of the run-llama/llamaindex project, affecting version latestv0.12.15. The vulnerability arises due to inappropriate secure coding measures, specifically the lack of proper implementation of the maxdepth...

Guardians of the Web: the Evolution and Future of Website Information Security

Website information security has become a critical concern in the digital age. This article explores the evolution of website information security, examining its historical development, current practices, and future directions. The early beginnings from the 1960s to the 1980s laid the groundwork...