cert.pl
Resources curated from this publisher and indexed across appsec.fyi topic pages. Last item added: 2026-06-30.
| Date Added | Resource | Excerpt |
|---|---|---|
| 2026-06-30 2026 | Vulnerabilities in KTM System e-BOK softwareCSRF | Writeup on CVE-2026-35095, CVE-2026-35096, CVE-2026-35097, and CVE-2026-35098 in KTM System e-BOK software. The report details session hijacking via client-controlled session identifiers (CVE-2026-35095), cross-site request forgery for email and password changes (CVE-2026-35096), weak password constraints (CVE-2026-35097), and unlimited login attempts enabling brute-force attacks (CVE-2026-35098). Patches were released in June 2026. |
| 2026-06-30 2026 | Vulnerabilities in Redeight CMS softwareSQLi | Analysis of Redeight CMS version 1.0 vulnerabilities, including CVE-2026-53690, an SQL injection via the userEmail parameter on the login endpoint, CVE-2026-53691, an unrestricted file upload leading to RCE through the FileAdd endpoint, and CVE-2026-53692, weak password storage using unsalted MD5. |
| 2026-06-09 2026 | Vulnerabilities in Logseq softwareRCE | Writeup on CVE-2026-9279 and related vulnerabilities in Logseq software. This analysis details how an IPC handler bypass via shell metacharacters in arguments to `child_process.spawn` allows arbitrary shell command execution. Additional vulnerabilities include improper path validation in preload scripts leading to file manipulation, stored XSS in `package.json`'s name field, and a sandbox escape flaw enabled by a disabled CSP, allowing arbitrary JavaScript execution in the host context. Version v0.10.15 was confirmed vulnerable. |
| 2026-05-22 2026 | Autonomous fuzzing process under LLM supervisionFuzzing | Library for autonomous fuzzing, codenamed fuzzlab, utilizes Large Language Models (LLMs) under strict procedural guidance to automate software security testing. This Python-based system analyzes code, generates test programs, classifies findings, and prepares reports. It has successfully identified vulnerabilities in ModSecurity and Oracle VirtualBox, demonstrating its capability to supervise fuzzing campaigns, adapt to anomalies, and improve test generation without constant human intervention, supporting various AI models through a standardized interface. |
| 2026-05-12 2026 | Vulnerabilities in PAC4J softwareCSRF | Writeup on CVE-2026-40458 and CVE-2026-40459 in PAC4J software, detailing Cross-Site Request Forgery (CSRF) vulnerabilities exploitable through deterministic `String.hashCode()` collisions and LDAP Injection flaws in ID-based search parameters. These vulnerabilities allowed unauthorized profile updates, password changes, and arbitrary directory operations. The issues were resolved in PAC4J versions 5.7.10 and 6.4.1. |