CVE-2019-13519

A maliciously crafted program file opened by an unsuspecting user of Rockwell Automation Arena Simulation Software version 16.00.00 and earlier may result in the limited exposure of information related to the targeted workstation. Rockwell Automation has released version 16.00.01 of Arena...

AutoRAN: Weak-To-Strong Jailbreaking of Large Reasoning Models

This paper presents AutoRAN, the first automated, weak-to-strong jailbreak attack framework targeting large reasoning models LRMs. At its core, AutoRAN leverages a weak, less-aligned reasoning model to simulate the target model's high-level reasoning structures, generates narrative prompts, and...

Unveiling the Black Box: a Multi-Layer Framework for Explaining Reinforcement Learning-Based Cyber Agents

Reinforcement Learning RL agents are increasingly used to simulate sophisticated cyberattacks, but their decision-making processes remain opaque, hindering trust, debugging, and defensive preparedness. In high-stakes cybersecurity contexts, explainability is essential for understanding how...

CVE-2025-32454

A vulnerability has been identified in Teamcenter Visualization V14.3 All versions V14.3.0.14, Teamcenter Visualization V2312 All versions V2312.0010, Teamcenter Visualization V2406 All versions V2406.0008, Teamcenter Visualization V2412 All versions V2412.0004, Tecnomatix Plant Simulation V2404...

SUSE CVE-2025-37814

In the Linux kernel, the following vulnerability has been resolved: tty: Require CAPSYSADMIN for all usages of TIOCLSELMOUSEREPORT This requirement was overeagerly loosened in commit 2f83e38a095f "tty: Permit some TIOCLSETSEL modes without CAPSYSADMIN", but as it turns out, 1 the logic I...

Offensive Security for AI Systems: Concepts, Practices, and Applications

As artificial intelligence AI systems become increasingly adopted across sectors, the need for robust, proactive security strategies is paramount. Traditional defensive measures often fall short against the unique and evolving threats facing AI-driven technologies, making offensive security an...

PT-2025-20343

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A vulnerability in the Linux kernel has been resolved, requiring CAP SYS ADMIN for all usages of TIOCL SELMOUSEREPORT. The previous patch had inconsistent logic, and TIOCL SELMOUSEREPORT...

CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents

🐫 CAMEL is an open-source community dedicated to finding the scaling laws of agents. We believe that studying these agents on a large scale offers valuable insights into their behaviors, capabilities, and potential risks. To facilitate research in this field, we implement and support various type...

The vulnerability of software for discrete event simulation and automation in Rockwell Automation Arena arises from reading data beyond the acceptable range in memory. This allows attackers to exploit the protected information and execute arbitrary code.

The vulnerability of software for discrete event simulation and automation in Rockwell Automation Arena relates to reading data beyond the allowable range in memory. Exploiting this vulnerability can allow an attacker to disclose sensitive information and execute arbitrary code, provided that the...

Exploit for CVE-2025-20029

🔐 Replayable Attack Simulation – CVE-2025-20029 !Dockerhtt...

Exploit for Improper Authentication in Wpdeveloper Essential_Addons_For_Elementor

🔐 CVE-2023-32243 – Detection and Mitigation in WordPress 📘...

CISA: Roadmap to Innovation in the Dams Sector

The Roadmap to Innovation in the Dams Sector outlines Research and Development Focus Areas for the next 3-5 years to enhance the security and resilience of the sector and ensure that dams and related infrastructure can withstand current and emerging risks. The R+D Focus Areas identified in this...

The vulnerability of software for discrete event simulation and automation in Rockwell Automation Arena lies in the ability to write code beyond the buffer boundaries in memory, allowing an attacker to execute arbitrary code.

The vulnerability of software for discrete event simulation and automation in Rockwell Automation Arena lies in the writing beyond buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to execute arbitrary code using a specially created DOE file...

The vulnerability of software for discrete event simulation and automation in Rockwell Automation Arena, related to errors during initialization of variables, allows a perpetrator to execute arbitrary code.

The vulnerability of the software for discrete event simulation and automation in Rockwell Automation Arena is related to errors during initialization of variables. Exploiting this vulnerability can allow an attacker to execute arbitrary code using a specially created DOE file...

Apache Parquet 2.9.0 Remote Code Execution

Apache Parquet versions 2.9.0 and below educational simulation of CVE-2025-30065, a critical remote code execution vulnerability in Apache Parquet files. The tool demonstrates how attackers exploit this flaw to gain full system control, while providing mitigation guidance...

Exploit for Deserialization of Untrusted Data in Apache Parquet_Java

TRAI-001 CVE-2025-30065: Apache Parquet Remote Code Execution...

Exploit for Deserialization of Untrusted Data in Apache Parquet_Java

TRAI-001 CVE-2025-30065: Apache Parquet Remote Code Execution...

Rockwell Automation Arena Local Code Execution Vulnerability (CNVD-2025-21434)

Rockwell Automation Arena is a discrete-event simulation and automation software from Rockwell Automation USA. A local code execution vulnerability exists in Rockwell Automation Arena due to improper validation of user-supplied data. An attacker could exploit the vulnerability to disclose...

Adversary-Augmented Simulation for Fairness Evaluation and Defense in Hyperledger Fabric

This paper presents an adversary model and a simulation framework specifically tailored for analyzing attacks on distributed systems composed of multiple distributed protocols, with a focus on assessing the security of blockchain networks. Our model classifies and constrains adversarial actions...

InjectLab: a Tactical Framework for Adversarial Threat Modeling against Large Language Models

Large Language Models LLMs are changing the way people interact with technology. Tools like ChatGPT and Claude AI are now common in business, research, and everyday life. But with that growth comes new risks, especially prompt-based attacks that exploit how these models process language. InjectLa...