CVE-2025-58143 Mutiple vulnerabilities in the Viridian interface

This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. There are multiple issues related to the handling and accessing of guest memory pages in the viridian code: 1. A NULL pointer dereference in the updating of the reference...

A Cyber-Twin Based Honeypot for Gathering Threat Intelligence

Critical Infrastructure CI is prone to cyberattacks. Several techniques have been developed to protect CI against such attacks. In this work, we describe a honeypot based on a cyber twin for a water treatment plant. The honeypot is intended to serve as a realistic replica of a water treatment pla...

Efficient QKD in Non-Ideal Scenarios with User-Defined Output Length Requirements

Quantum Key Distribution QKD enables two parties to securely share encryption keys by leveraging the principles of quantum mechanics, offering protection against eavesdropping. In practical implementations, QKD systems often rely on a layered architecture where a key manager stores secret key...

PUB-A-394583415

In SimUpdatePbEntry::encode of simdata.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

Integrated Simulation Framework for Adversarial Attacks on Autonomous Vehicles

Autonomous vehicles AVs rely on complex perception and communication systems, making them vulnerable to adversarial attacks that can compromise safety. While simulation offers a scalable and safe environment for robustness testing, existing frameworks typically lack comprehensive supportfor...

Microarchitecture Design and Benchmarking of Custom SHA-3 Instruction for RISC-V

Integrating cryptographic accelerators into modern CPU architectures presents unique microarchitectural challenges, particularly when extending instruction sets with complex and multistage operations. Hardware-assisted cryptographic instructions, such as Intel's AES-NI and ARM's custom instructio...

A Comprehensive Review of Denial of Wallet Attacks in Serverless Architectures

The Denial of Wallet DoW attack poses a unique and growing threat to serverless architectures that rely on Function-as-a-Service FaaS models, exploiting the cost structure of pay-as-you-go billing to financially burden application owners. Unlike traditional Denial of Service DoS attacks, which ai...

Exploit for Improper Input Validation in Tvt Td-2108Ts-Cl_Firmware

CVE-2025-34036 - TVT DVR Simulation This repository contains...

CVE-2025-38512 wifi: prevent A-MSDU attacks in mesh networks

In the Linux kernel, the following vulnerability has been resolved: wifi: prevent A-MSDU attacks in mesh networks This patch is a mitigation to prevent the A-MSDU spoofing vulnerability for mesh networks. The initial update to the IEEE 802.11 standard, in response to the FragAttacks, missed this...

Searching for Privacy Risks in LLM Agents Via Simulation

The widespread deployment of LLM-based agents is likely to introduce a critical privacy threat: malicious agents that proactively engage others in multi-turn interactions to extract sensitive information. These dynamic dialogues enable adaptive attack strategies that can cause severe privacy...

Rockwell Automation Arena Simulation DOE File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Rockwell Automation Arena Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists with...

Rockwell Automation Arena Simulation DOE File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Rockwell Automation Arena Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists with...

Chimera: Harnessing Multi-Agent LLMs for Automatic Insider Threat Simulation

Insider threats, which can lead to severe losses, remain a major security concern. While machine learning-based insider threat detection ITD methods have shown promising results, their progress is hindered by the scarcity of high-quality data. Enterprise data is sensitive and rarely accessible,...

Exploit for Path Traversal in Rarlab Winrar

CVE-2025-8088 Python tool for safe archive handling, path trav...

Linux Distros Unpatched Vulnerability : CVE-2023-52995

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: riscv/kprobe: Fix instruction simulation of JALR Set kprobe at 'jalr 1140ra' of vfswrite...

Linux Distros Unpatched Vulnerability : CVE-2021-47554

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: vdpasim: avoid putting an uninitialized iovadomain The system will crash if we put an...

Simulation in Cybersecurity: Understanding Techniques, Applications, and Goals

Modeling and simulation are widely used in cybersecurity research to assess cyber threats, evaluate defense mechanisms, and analyze vulnerabilities. However, the diversity of application areas, the variety of cyberattacks scenarios, and the differing objectives of these simulations makes it...

CVE-2025-7033

A memory abuse issue exists in the Rockwell Automation Arena® Simulation. A custom file can force Arena Simulation to read and write past the end of memory space. Successful use requires user action, such as opening a bad file or webpage. If used, a threat actor could execute code or disclose...

CVE-2025-7025

A memory abuse issue exists in the Rockwell Automation Arena® Simulation. A custom file can force Arena Simulation to read and write past the end of memory space. Successful use requires user action, such as opening a bad file or webpage. If used, a threat actor could execute code or disclose...

CVE-2025-7032

A memory abuse issue exists in the Rockwell Automation Arena® Simulation. A custom file can force Arena Simulation to read and write past the end of memory space. Successful use requires user action, such as opening a bad file or webpage. If used, a threat actor could execute code or disclose...