appsec.fyi · Sources

cert.pl

5 curated AppSec resources from cert.pl across 4 topics on appsec.fyi.

cert.pl

Resources curated from this publisher and indexed across appsec.fyi topic pages. Last item added: 2026-06-30.

CSRF 2 Fuzzing 1 RCE 1 SQLi 1
Date Added Resource Excerpt
2026-06-30 2026Vulnerabilities in KTM System e-BOK softwareCSRFVulnerabilities in KTM System e-BOK software https://ift.tt/pdqUmlj
2026-06-30 2026Vulnerabilities in Redeight CMS softwareSQLiThis content announces vulnerabilities discovered in Redeight CMS software. The provided link leads to more details about these security flaws. The summary does not mention a specific bug bounty payout amount.
2026-06-09 2026Vulnerabilities in Logseq softwareRCEWriteup on CVE-2026-9279 and related vulnerabilities in Logseq software. This analysis details how an IPC handler bypass via shell metacharacters in arguments to `child_process.spawn` allows arbitrary shell command execution. Additional vulnerabilities include improper path validation in preload scripts leading to file manipulation, stored XSS in `package.json`'s name field, and a sandbox escape flaw enabled by a disabled CSP, allowing arbitrary JavaScript execution in the host context. Version v0.10.15 was confirmed vulnerable.
2026-05-22 2026Autonomous fuzzing process under LLM supervisionFuzzingLibrary for autonomous fuzzing, codenamed fuzzlab, utilizes Large Language Models (LLMs) under strict procedural guidance to automate software security testing. This Python-based system analyzes code, generates test programs, classifies findings, and prepares reports. It has successfully identified vulnerabilities in ModSecurity and Oracle VirtualBox, demonstrating its capability to supervise fuzzing campaigns, adapt to anomalies, and improve test generation without constant human intervention, supporting various AI models through a standardized interface.
2026-05-12 2026Vulnerabilities in PAC4J softwareCSRFWriteup on CVE-2026-40458 and CVE-2026-40459 in PAC4J software, detailing Cross-Site Request Forgery (CSRF) vulnerabilities exploitable through deterministic `String.hashCode()` collisions and LDAP Injection flaws in ID-based search parameters. These vulnerabilities allowed unauthorized profile updates, password changes, and arbitrary directory operations. The issues were resolved in PAC4J versions 5.7.10 and 6.4.1.