PACEbench: A Framework for Evaluating Practical AI Cyber-Exploitation Capabilities

The increasing autonomy of Large Language Models LLMs necessitates a rigorous evaluation of their potential to aid in cyber offense. Existing benchmarks often lack real-world complexity and are thus unable to accurately assess LLMs' cybersecurity capabilities. To address this gap, we introduce...

offensive-toolkit

Offensive Security Toolkit A comprehensive, modular Python fr...

Exploit for Improper Authorization in Vercel Next.Js

CVEs — Exploits/CVE Identifiers Repository A collection of pr...

PT-2025-46639

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.15.0-rc4-syzkaller-00098-g615dca38c2ea Description The Linux kernel contains an issue where smp processor id is used in preemptible code, leading to warnings reported by Syzbot. Specifically, the issue occurs...

Happy DOM: VM Context Escape can lead to Remote Code Execution

Escape of VM Context gives access to process level functionality Summary Happy DOM v19 and lower contains a security vulnerability that puts the owner system at the risk of RCE Remote Code Execution attacks. A Node.js VM Context is not an isolated environment, and if the user runs untrusted...

SUSE-SU-2025:03524-1 Security update for go1.25-openssl

This update for go1.25-openssl fixes the following issues: Update to version 1.25.1, released 2025-09-03 bsc1244485. Security issues fixed: - CVE-2025-47910: net/http: CrossOriginProtection insecure bypass patterns not limited to exact matches bsc1249141. Other issues fixed: - go74822 cmd/go: 'ge...

Exploiting Web Search Tools of AI Agents for Data Exfiltration

Large language models LLMs are now routinely used to autonomously execute complex tasks, from natural language processing to dynamic workflows like web searches. The usage of tool-calling and Retrieval Augmented Generation RAG allows LLMs to process and retrieve sensitive corporate data, amplifyi...

POCs

Proof of Concepts This repository contains Proof of Concept...

SUSE CVE-2025-39956

In the Linux kernel, the following vulnerability has been resolved: igc: don't fail igcprobe on LED setup error When igcledsetup fails, igcprobe fails and triggers kernel panic in freenetdev since unregisternetdev is not called. 1 This behavior can be tested using fault-injection framework,...

EUVD-2025-33327

In the Linux kernel, the following vulnerability has been resolved: igc: don't fail igcprobe on LED setup error When igcledsetup fails, igcprobe fails and triggers kernel panic in freenetdev since unregisternetdev is not called. 1 This behavior can be tested using fault-injection framework,...

CVE-2025-39956 igc: don't fail igc_probe() on LED setup error

In the Linux kernel, the following vulnerability has been resolved: igc: don't fail igcprobe on LED setup error When igcledsetup fails, igcprobe fails and triggers kernel panic in freenetdev since unregisternetdev is not called. 1 This behavior can be tested using fault-injection framework,...

CVE-2025-39956

Mode C: The CVE-2025-39956 entry concerns the Linux kernel igc driver: if igc_led_setup() fails during igc_probe(), the probe previously failed and could trigger a kernel panic in free_netdev() due to unregister_netdev() not being called. The published fixes treat LED setup failures as non-fatal,...

PT-2025-41367

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.17.0-rc4-enjuk-tnguy-00865-gc4940196ab02 Description The Linux kernel contains an issue where a failure in the igc led setup function during the probe process can lead to a kernel panic. This occurs because the...

SUSE CVE-2023-53639

In the Linux kernel, the following vulnerability has been resolved: wifi: ath6kl: reduce WARN to devdbg in callback The warn is triggered on a known race condition, documented in the code above the test, that is correctly handled. Using WARN hinders automated testing. Reducing severity...

No Time to Waste: Embedding AI to Cut Noise and Reduce Risk

Artificial intelligence is reshaping cybersecurity on both sides of the battlefield. Cybercriminals are using AI-powered tools to accelerate and automate attacks at a scale defenders have never faced before. Security teams are overwhelmed by an explosion of vulnerability data, tool outputs, and...

EUVD-2025-32983

Malicious code in rails-dom-testing npm...

Malicious Package

Overview rails-dom-testing is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious code in rails-dom-testing (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c71a0792e9dc0f14b43ce18d9e3c77d91946237916717b87a53222fb8fec287a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-48039 Malicious code in rails-dom-testing (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c71a0792e9dc0f14b43ce18d9e3c77d91946237916717b87a53222fb8fec287a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Linux Distros Unpatched Vulnerability : CVE-2023-53639

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - wifi: ath6kl: reduce WARN to devdbg in callback The warn is triggered on a known race condition, documented in the code above the test, that is correctly handle...