We found an unauthenticated arbitrary file read in Gazebo Sim's WebsocketServer plugin where a single WebSocket frame reads any file on the server, including /etc/shadow and SSH keys.
We found an integer overflow in Bullet3's STL mesh loader where a crafted triangle count bypasses the sanity check, causing the parser to read 4 GB from an 88-byte heap buffer.
A new module in OWASP Nettacker to detect the presence of a critical vulnerability in Ivanti Connect Secure (ICS) (CVE-2023-46805) that can lead to authentication bypass which is typically chained with a command injection vulnerability (CVE-2024-21887).
A new module in Google Tsunami Security Scanner to detect a critical vulnerability in Adobe ColdFusion (CVE-2023-26360) that can lead to unauthenticated file read and arbitrary code execution.