How an image could compromise your Mac: understanding an ExifTool vulnerability (CVE-2026-3102)

Introduction ExifTool is a widely adopted utility for reading and writing metadata in image, PDF, audio, and video files. It is available both as a standalone command-line application and as a library that can be embedded in other software. In this article, we break down CVE-2026-3102, an ExifToo...

strix-advanced

⚡ Strix-Advanced AI-Powered Security Testing Platform An...

Demystifying and Detecting Agentic Workflow Injection Vulnerabilities in GitHub Actions

GitHub Actions is increasingly used to deploy LLM-based agents for repository-centric tasks such as issue triage, pull-request review, code modification, and release assistance. These agentic workflows extend traditional CI/CD automation with agentic capabilities but also create a new injection...

DrvEye

drivertool A static-analysis & exploitation-triage toolkit...

vlnr

vlnr: Autonomous Vulnerability Discovery Pipeline !Python 3...

OPENSUSE-SU-2026:20579-1 Security update for gosec

This update for gosec fixes the following issues: Changes in gosec: - Update to version 2.25.0: choredeps: bump google.golang.org/grpc from 1.75.0 to 1.79.3 1617 fix: allow barry action to access secrets on fork PRs 1616 fix: reduce G117 false positives for custom marshalers and transformed value...

Aether Smart Contract Security Analysis Framework 5.0.2

Aether is a Python-based framework for analyzing Solidity smart contracts, generating vulnerability findings, producing Foundry-based proof-of-concept PoC tests, and validating exploits on mainnet forks. It combines Solidity AST parsing, taint analysis, control flow graph analysis, cross-contract...

Aether Smart Contract Security Analysis Framework 6.0

Aether is a Python-based framework for analyzing Solidity smart contracts, generating vulnerability findings, producing Foundry-based proof-of-concept PoC tests, and validating exploits on mainnet forks. It combines Solidity AST parsing, taint analysis, control flow graph analysis, cross-contract...

Exploit for Path Traversal in Publiccms

amihit Am I Hit? -- CVE Impact Analyzer !Gohttps://i...

SentinelX

SentinelX SentinelX — статический анализатор безопасности...

Exploit for Off-by-one Error in Sudo_Project Sudo

ExploitForge - AI-Powered Automatic Exploit Generation !Pyt...

One Signature, Multiple Payments: Demystifying and Detecting Signature Replay Vulnerabilities in Smart Contracts

Smart contracts have significantly advanced blockchain technology, and digital signatures are crucial for reliable verification of contract authority. Through signature verification, smart contracts can ensure that signers possess the required permissions, thus enhancing security and scalability...

PinTools

This repository is an example and proof-of-concept PoC for dynamic binary analysis using the Pin tool. The code is designed to detect the classical use-after-free vulnerability. The Pin tool is a dynamic binary instrumentation framework that allows developers to analyze and modify the behavior of...

TraceLens: Question-Driven Debugging for Taint Flow Understanding

Taint analysis is a security analysis technique used to track the flow of potentially dangerous data through an application and its dependent libraries. Investigating why certain unexpected flows appear and why expected flows are missing is an important sensemaking process during end-user taint...

Ioctlance - A Tool That Is Used To Hunt Vulnerabilities In X64 WDM Drivers

Description Presented at CODE BLUE 2023, this project titled Enhanced Vulnerability Hunting in WDM Drivers with Symbolic Execution and Taint Analysis introduces IOCTLance, a tool that enhances its capacity to detect various vulnerability types in Windows Driver Model WDM drivers. In a comprehensi...

Argus - A Framework for Staged Static Taint Analysis of GitHub Workflows and Actions

This repo contains the code for our USENIX Security '23 paper "ARGUS: A Framework for Staged Static Taint Analysis of GitHub Workflows and Actions". Argus is a comprehensive security analysis tool specifically designed for GitHub Actions. Built with an aim to enhance the security of CI/CD...

Exploit for Out-of-bounds Write in Hutool

json.org CVE-2022-45688 false positive The project contains...

Exploit for Out-of-bounds Write in Hutool

json.org CVE-2022-45688 false positive The project contains...

Caracal - Static Analyzer For Starknet Smart Contracts

Caracal is a static analyzer tool over the SIERRA representation for Starknet smart contracts. Features Detectors to detect vulnerable Cairo code Printers to report information Taint analysis Data flow analysis framework Easy to run in Scarb projects Installation Precompiled binaries Precompiled...

Heap_Detective - The Simple Way To Detect Heap Memory Pitfalls In C++ And C

This tool uses the taint analysis technique for static analysis and aims to identify points of heap memory usage vulnerabilities in C and C++ languages. The tool uses a common approach in the first phase of static analysis, using tokenization to collect information. The second phase has a differe...