826 matches found
Mopri - an Analysis Framework for Unveiling Privacy Violations in Mobile Apps
Everyday services of society increasingly rely on mobile applications, resulting in a conflicting situation between the possibility of participation on the one side and user privacy and digital freedom on the other. In order to protect users' rights to informational self-determination, regulatory...
I Can't Believe It's Not a Valid Exploit
Recently Large Language Models LLMs have been used in security vulnerability detection tasks including generating proof-of-concept PoC exploits. A PoC exploit is a program used to demonstrate how a vulnerability can be exploited. Several approaches suggest that supporting LLMs with additional...
Toxic_Flow_Analysis_Framework_For_Agentic_AI
Toxic Flow Analysis TFA Framework A Secure-by-Design framew...
SUSE CVE-2026-23026
In the Linux kernel, the following vulnerability has been resolved: dmaengine: qcom: gpi: Fix memory leak in gpiperipheralconfig Fix a memory leak in gpiperipheralconfig where the original memory pointed to by gchan-config could be lost if krealloc fails. The issue occurs when: 1. gchan-config...
Sifting the Noise: A Comparative Study of LLM Agents in Vulnerability False Positive Filtering
Static Application Security Testing SAST tools are essential for identifying software vulnerabilities, but they often produce a high volume of false positives FPs, imposing a substantial manual triage burden on developers. Recent advances in Large Language Model LLM agents offer a promising...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: media: rainshadow-cec: fixed a race condition caused by TOCTOU in raininterrupt In the interrupt handler raininterrupt, the check for buffer fullness on rain-buflen is performed before acquiring rain-buflock. This creates a...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: usb: chipidea: cihdrcimx: fix usbmisc handling usbmisc is an optional device property; therefore, it is completely valid for the corresponding data-usbmiscdata to have a NULL value. This check was performed before dereferencing t...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: Media: MediTech; vcodec: Fixed the VP8 stateless decoder’s “smatch” warning. A “smatch” static checker warning was fixed in vdecvp8reqif.c. This issue causes the kernel to crash when fb is NULL...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: aspeed: A NULL pointer check was added in astvhubinitdev. The variable d-name, returned by devmkasprintf, could potentially be NULL. A pointer check was added to prevent potential NULL pointer dereferencing. This is...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: mfd: ene-kb3930: Fixed a potential NULL pointer dereferencing issue. The “offgpios” variable could potentially be NULL. A missing check was added in the “kb3930probe” function. This is similar to the issue fixed in commit...
Cross-site Scripting (XSS)
Overview mobsf is a Mobile Security Framework MobSF is an automated, all-in-one mobile application Android/iOS/Windows pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. Affected versions of this package are vulnerable to Cross-site...
AgenticSCR: An Autonomous Agentic Secure Code Review for Immature Vulnerabilities Detection
Secure code review is critical at the pre-commit stage, where vulnerabilities must be caught early under tight latency and limited-context constraints. Existing SAST-based checks are noisy and often miss immature, context-dependent vulnerabilities, while standalone Large Language Models LLMs are...
Azure Linux 3.0 Security Update: kernel (CVE-2025-37755)
The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-37755 advisory. - In the Linux kernel, the following vulnerability has been resolved: net: libwx: handle pagepooldevallocpages...
Azure Linux 3.0 Security Update: kernel (CVE-2025-21736)
The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-21736 advisory. - In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix possible int overflows in...
Detection Bypass
fickling is vulnerable to detection bypass. The vulnerability is due to improper handling and analysis of Python builtins during pickle decompilation, which allows an attacker to bypass detection mechanisms and evade static analysis of malicious pickle payloads...
An Empirical Study on Remote Code Execution in Machine Learning Model Hosting Ecosystems
Model-sharing platforms, such as Hugging Face, ModelScope, and OpenCSG, have become central to modern machine learning development, enabling developers to share, load, and fine-tune pre-trained models with minimal effort. However, the flexibility of these ecosystems introduces a critical security...
Static Detection of Core Structures in Tigress Virtualization-Based Obfuscation Using an LLVM Pass
Malware often uses obfuscation to hinder security analysis. Among these techniques, virtualization-based obfuscation is particularly strong because it protects programs by translating original instructions into attacker-defined virtual machine VM bytecode, producing long and complex code that is...
Enhancing Fuzz Testing Efficiency through Automated Fuzz Target Generation
Fuzzing continues to be the most effective method for identifying security vulnerabilities in software. In the context of fuzz testing, the fuzzer supplies varied inputs to fuzz targets, which are designed to comprehensively exercise critical sections of the client code. Various studies have...
Multi-Agent Taint Specification Extraction for Vulnerability Detection
Static Application Security Testing SAST tools using taint analysis are widely viewed as providing higher-quality vulnerability detection results compared to traditional pattern-based approaches. However, performing static taint analysis for JavaScript poses two major challenges. First,...
CVE-2025-68820
In the Linux kernel, the following vulnerability has been resolved: ext4: xattr: fix null pointer deref in ext4rawinode If ext4getinodeloc fails e.g. if it returns -EFSCORRUPTED, iloc.bh will remain set to NULL. Since ext4xattrinodedecrefall lacks error checking, this will lead to a null pointer...