11 matches found
Structured Extraction of Vulnerabilities in OpenVAS and Tenable WAS Reports Using LLMs
This paper proposes an automated LLM-based method to extract and structure vulnerabilities from OpenVAS and Tenable WAS scanner reports, converting unstructured data into a standardized format for risk management. In an evaluation using a report with 34 vulnerabilities, GPT-4.1 and DeepSeek...
EUVD-2020-28195
Malware in sbrugna...
EUVD-2022-52458
Malicious code in bioql PyPI...
EUVD-2023-0147
Malicious code in bioql PyPI...
FORGE: an LLM-Driven Framework for Large-Scale Smart Contract Vulnerability Dataset Construction
High-quality smart contract vulnerability datasets are critical for evaluating security tools and advancing smart contract security research. Two major limitations of current manual dataset construction are 1 labor-intensive and error-prone annotation processes limiting the scale, quality, and...
PT-2025-23610
Name of the Vulnerable Software and Affected Versions The product name cannot be determined. Description The issue concerns the behavior of TarFile when extracting with a filter and TarFile.errorlevel = 0. The documented behavior is that any filtered members should be skipped and not extracted...
CVE-2025-48387 tar-fs has issue where extract can write outside the specified dir with a specific tarball
tar-fs provides filesystem bindings for tar-stream. Versions prior to 3.0.9, 2.1.3, and 1.16.5 have an issue where an extract can write outside the specified dir with a specific tarball. This has been patched in versions 3.0.9, 2.1.3, and 1.16.5. As a workaround, use the ignore option to ignore n...
Security update for ark (important)
openSUSE Security Update: Security update for ark Announcement ID: openSUSE-SU-2025:0090-1 Rating: important References: 1236737 Cross-References: CVE-2024-57966 CVSS scores: CVE-2024-57966 SUSE: 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N Affected Products: openSUSE...
BIT-RUBY-MIN-2024-27282
An issue was discovered in Ruby 3.x through 3.3.0. If attacker-supplied data is provided to the Ruby regex compiler, it is possible to extract arbitrary heap data relative to the start of the text, including pointers and sensitive strings. The fixed versions are 3.0.7, 3.1.5, 3.2.4, and 3.3.1...
PT-2024-10268
Name of the Vulnerable Software and Affected Versions 7-Zip versions prior to 24.09 Description This vulnerability allows remote attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of 7-Zip. User interaction is required to exploit this vulnerability, as the targ...
[Full-Disclosure] WinHKI - ARC File Extraction of 1KB to 1.56GB
Application: WinHKI Vendors: http://www.webtoolmaster.com Versions: 1.4d Platforms: Windows Bug: ARC File Extraction of 1KB to 1.56GB Exploitation: Local extract file Date: 24 Dec 2004 Author: Rafel Ivgi, The-Insider E-Mail: [email protected] Website: http://theinsider.deep-ice.com 1 Introducti...