Vulnerability Research

Protocol

  • CVE-2025-66624 (BACnet)
    Out-of-bounds vulnerability (CVSS 7.5)

Apache

  • CVE-2025-66524 (NiFi)
    Unsafe deserialization RCE (CVSS 7.5)
  • CVE-2025-67895 (Airflow)
    Edge3 Worker RPC RCE

Python Library

  • CVE-2025-67724 (Tornado)
    XSS via unescaped reason phrase (CVSS 6.1)
  • CVE-2025-67725 (Tornado)
    Event loop blocking DoS via HTTPHeaders.add (CVSS 7.5)
  • CVE-2025-67726 (Tornado)
    Quadratic DoS via multipart parameters (CVSS 7.5)
  • CVE-2025-69228 (aiohttp)
    Memory exhaustion DoS via Request.post() (CVSS 6.6)
  • CVE-2025-69229 (aiohttp)
    Blocking CPU DoS via chunked messages (CVSS 6.6)
  • CVE-2025-69230 (aiohttp)
    Cookie parser warning storm DoS (CVSS 6.5)

QEMU

  • CVE-2025-14876
    Denial of Service in virtio device emulation (CVSS 5.5)

Capstone

  • CVE-2025-68114 (Capstone Disassembler)
    Stack buffer overflow via vsnprintf (CVSS 4.8)
  • CVE-2025-67873 (Capstone Disassembler)
    Heap buffer overflow via skipdata callback (CVSS 4.8)

NASA

  • CVE-2026-21897 (CryptoLib)
    Out-of-bounds write in GVCID managed parameters (CVSS 7.3)
  • CVE-2026-21898 (CryptoLib)
    Out-of-bounds read in AOS frame parsing (CVSS 7.5)

Mobile Bug Bounty

  • Swiss Federal Railways (SBB) Mobile App
    Bug Bounty Reward: 800€