Needles at Scale: LLM-Assisted Target Selection for Windows Vulnerability Research

The attack surface of a modern operating system is a haystack: thousands of signed binaries and millions of functions, almost none relevant to any given vulnerability. A human analyst or an LLM agent must pick the function worth reading before analyzing it. At whole-OS scope, this target selectio...

PT-2026-42473

Name of the Vulnerable Software and Affected Versions gdk-pixbuf-loader-libheif versions prior to 1.22.2-1.1 Description An integer underflow leads to an out-of-bounds OOB memory access. This issue was discovered using AI-assisted fuzzing, a technique that uses artificial intelligence to...

SUSE SLES15 Security Update : kernel (SUSE-SU-2026:0617-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0617-1 advisory. The SUSE Linux Enterprise 15 SP4 kernel was updated to fix various security issues The following security issues were fixed: -...

Unbreakable Enterprise kernel security update

5.4.17-2136.344.4.3 - Add Zen34 clients Borislav Petkov AMD Orabug: 38129026 CVE-2024-36350 CVE-2024-36357 - x86/process: Move the buffer clearing before MONITOR Kim Phillips Orabug: 38129026 CVE-2024-36350 CVE-2024-36357 - KVM: SVM: Advertize TSA CPUID bits to guests Borislav Petkov AMD Orabug:...

Security update for xen

This update for xen fixes the following issues: Security fixes: CVE-2024-28956: Fixed Intel CPU: Indirect Target Selection ITS XSA-469 bsc1243117 Other fixes: Upstream bug fixes bsc1027519 Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: T...

SUSE-SU-2025:02030-1 Security update for xen

This update for xen fixes the following issues: Security fixes: - CVE-2024-28956: Fixed Intel CPU: Indirect Target Selection ITS XSA-469 bsc1243117 Other fixes: - Upstream bug fixes bsc1027519...

Security update for xen

This update for xen fixes the following issues: CVE-2024-28956: Fixed Intel CPU: Indirect Target Selection ITS XSA-469 bsc1243117 CVE-2024-53241: Fixed Xen hypercall page unsafe against speculative attacks XSA-466 bsc1234282 CVE-2025-1713: Fixed deadlock potential with VT-d and legacy PCI device...

Security update for xen

This update for xen fixes the following issues: CVE-2024-28956: Fixed Intel CPU: Indirect Target Selection ITS XSA-469 bsc1243117 CVE-2024-53241: Fixed Xen hypercall page unsafe against speculative attacks XSA-466 bsc1234282 CVE-2025-1713: Fixed deadlock potential with VT-d and legacy PCI device...

Oracle Linux 9 : Unbreakable Enterprise kernel (ELSA-2025-20368)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-20368 advisory. - selftest/x86/bugs: Add selftests for ITS Pawan Gupta Orabug: 37945459 CVE-2024-28956 - x86/its: Align RETs in BHB clear sequence to avoid thunking Pawan Gupt...

[SECURITY] [DSA 5924-1] intel-microcode security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5924-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 23, 2025 https://www.debian.org/security/faq -...

Debian dsa-5924 : intel-microcode - security update

The remote Debian 12 host has a package installed that is affected by multiple vulnerabilities as referenced in the dsa-5924 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5924-1 [email protected] https://www.debian.org/securit...

Missing Linux Kernel mitigations for 'Indirect Target Selection (ITS)' hardware vulnerability (INTEL-SA-01153)

The remote host is missing one or more known mitigations on Linux Kernel side for the referenced SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-onl...

CVE-2024-28956

Exposure of Sensitive Information in Shared Microarchitectural Structures during Transient Execution for some IntelR Processors may allow an authenticated user to potentially enable information disclosure via local access...

Oracle Linux 9 : Unbreakable Enterprise kernel (ELSA-2025-20318)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-20318 advisory. - selftest/x86/bugs: Add selftests for ITS Pawan Gupta Orabug: 37863725 CVE-2024-28956 - x86/its: Align RETs in BHB clear sequence to avoid thunking Pawan Gupt...

x86: Indirect Target Selection

ISSUE DESCRIPTION Researchers at VU Amsterdam have released Training Solo, detailing several speculative attacks which bypass current protections. One issue, which Intel have named Indirect Target Selection, is a bug in the hardware support for prediction-domain isolation. The mitigation for this...

Unbreakable Enterprise kernel security update

5.15.0-308.179.6.2 - x86/bhi: Do not set BHIDISS in 32-bit mode Pawan Gupta Orabug: 37920681 - x86/bpf: Add IBHF call at end of classic BPF Daniel Sneddon Orabug: 37920681 - x86/bpf: Call branch history clearing sequence on exit Daniel Sneddon Orabug: 37920681 - selftest/x86/bugs: Add selftests f...

A Door Isn’t a Door When It’s Ajar- Part 1

A Door Isn’t a Door When It’s Ajar - Part 1 By Trellix · August 11, 2022 This story was also written by Steve Povolny and Sam Quinn Contents Executive Summary Target Selection What is it? Reconnaissance & Standard Operations Recon Standard Operations Hardware Hacking Hardware Hacking Shopping Lis...

Codiad 2.8.4 - Remote Code Execution (Authenticated) Exploit

Exploit Title: Codiad 2.8.4 - Remote Code Execution Authenticated 2 Exploit Author: Ron Jost Hacker5preme Credits to: https://herolab.usd.de/security-advisories/usd-2019-0049/ Tobias Neitzel Vendor Homepage: http://codiad.com/ Software Link: https://github.com/Codiad/Codiad/releases/tag/v.2.8.4...

Nray - Distributed Port Scanner

Nray is a free, platform and architecture independent port and application layer scanner. Apart from regular targets list of hosts/networks, it supports dynamic target selection, based on source like transparency logs"...

Ubuntu 14.04/15.10 - User Namespace Overlayfs Xattr Setgid Privilege Escalation Vulnerability

Exploit for linux platform in category local exploits Source: http://www.halfdog.net/Security/2016/UserNamespaceOverlayfsXattrSetgidPrivilegeEscalation/ Introduction Problem description: Linux user namespace allows to mount file systems as normal user, including the overlayfs. As many of those...