#Sec_code_review
"FuncVul: An Effective Function Level Vulnerability Detection Model using LLM and Code Chunk", 2025.
]-> Repo: https://github.com/sajalhalder/FuncVul
#exploit
#Kernel_Security
1. CVE-2025-22056:
The tragedy of Netfilter Tunnel
2. CVE-2023-52922:
UaF in CAN BCM subsystem leading to information disclosure
3. CVE-2025-22037:
Remote NULL Deref in Linux KSMBD
4. CVE-2024-56626/CVE-2024-56627:
Linux Kernel OOB Write in ksmbd_vfs_stream_write/ksmbd_vfs_stream_read
5. CVE-2025-37752:
Two Bytes Of Madness (Pwning Linux Kernel With A 0x0000 Written 262636 Bytes OOB)
6. Exploring Kernel Address Leakage via WARN()
#AppSec
#Cloud_Security
1. Attacking JWT using X.509 Certificates
https://trustedsec.com/blog/attacking-jwt-using-x509-certificates
2. Code execution from web browser using URL schemes handled by KDE's KTelnetService and Konsole (CVE-2025-49091)
https://proofnet.de/publikationen/konsole_rce.html
3. A vulnerability in Real User Monitoring feature of Adobe Experience Manager (AEM) allowed for persistent XSS attacks on AEM cloud sites
https://slcyber.io/assetnote-security-research-center/how-we-got-persistent-xss-on-every-aem-cloud-site-thrice
#WLAN_Security
"Stealtooth: Breaking Bluetooth Security Abusing Silent Automatic Pairing", 2025.
]-> BLESA Spoofing Attacks
// Stealtooth - new attack that abuses unknown vulnerabilities in the automatic pairing functions in commercial Bluetooth devices to achieve completely silent device link key overwriting