Uncategorized Archives

Discovering Negative-Days with LLM Workflows | Spaceraccoon

May 26, 2026 by emma@emma-plan.org

Feb 7, 2026 Link: https://spaceraccoon.dev/discovering-negative-days-llm-workflows/ Time-to-Exploit is Negative By now, you’ve probably read Anthropic’s zero-days blogpost where an “out-of-the-box” Claude Opus 4.6 workflow was used to find 500 vulnerabilities in open-source projects. While I think this is a logical application of LLMs (see my keynote at the recent Association for the Advancement of Artificial Intelligence workshop on Artificial Intelligence … Read more

Negative-Days with Vulnerability Spoiler Alert: Three Months Later (LLM) | Spaceraccoon

May 26, 2026May 26, 2026 by emma@emma-plan.org

May 24, 2026 Link: https://spaceraccoon.dev/negative-days-vulnerability-spoiler-alert/ When I published Discovering Negative-Days with LLM Workflows three months ago, I got a lot of great feedback and interest. Since then, the waves have only gotten stronger in the vulnerability research world with plenty of critical disclosures in major open-source projects. Some of these were caught by my demo of Vulnerability … Read more

MiniPlasma: Windows privilege escalation zero-day affects fully patched systems | ThreatLocker

May 22, 2026 by emma@emma-plan.org

Andrea Pomaranski, Special Projects IT Engineer May 19, 2026 Link: https://www.threatlocker.com/blog/miniplasma-windows-privilege-escalation-zero-day-affects-fully-patched-systems MiniPlasma zero-day: What it is, how it works, and how to protect your environment A Windows vulnerability from 2020 is back, and it works on fully patched systems. MiniPlasma is the latest in a series of Windows zero-day exploits publicly released by a security … Read more

Road to Exim RCE – Abusing Unsafe Memory Allocator in the Most Popular MTA (CVE-2017-16943, CVE-2017-16944) | DEVCORE

May 22, 2026May 21, 2026 by emma@emma-plan.org

Meh, 2017-12-11 Link: https://devco.re/blog/2017/12/11/Exim-RCE-advisory-CVE-2017-16943-en/ On 23 November, 2017, we reported two vulnerabilities to Exim. These bugs exist in the SMTP daemon and attackers do not need to be authenticated, including CVE-2017-16943 for a use-after-free (UAF) vulnerability, which leads to Remote Code Execution (RCE); and CVE-2017-16944 for a Denial-of-Service (DoS) vulnerability. About Exim Exim is a … Read more

Scraps of Notes on Exploiting Exim Vulnerabilities (CVE-2018-6789, CVE-2019-15846) | Synacktiv

May 22, 2026May 21, 2026 by emma@emma-plan.org

Written by Mehdi Talbi, Paul Fariello – 08/10/2019 Link: https://www.synacktiv.com/en/publications/scraps-of-notes-on-exploiting-exim-vulnerabilities In this post we have seen the fundamentals of Exim that are required to successfully exploit a heap overflow. Then, we have shown how we could use them for two different vulnerabilities. Moreover, the techniques used to exploit CVE-2018-6789 may apply to exploit the freshly disclosed heap-based overflow … Read more

From theory to practice: analysis and PoC development for CVE-2020-28018 (Use-After-Free in Exim) | Adepts of 0xCC

May 22, 2026May 21, 2026 by emma@emma-plan.org

May 14, 2021 Adepts of 0xCC Link: https://adepts.of0x.cc/exim-cve-2020-28018/ Introduction Qualys recently released an advisory named “21Nails” with 21 vulnerabilities discovered in Exim, some leading to LPE and RCE. This post will analyze one of those vulnerabilities with CVE ID: CVE-2020-28018. The vulnerability is a Use-After-Free (UAF) vulnerability on tls-openssl.c, that leads to Remote Code Execution. This vulnerability … Read more

Exim Off-by-one RCE: Exploiting CVE-2018-6789 with Fully Mitigations Bypassing | DEVCORE

May 20, 2026 by emma@emma-plan.org

Meh, 2018-03-06 Link: https://devco.re/blog/2018/03/06/exim-off-by-one-RCE-exploiting-CVE-2018-6789-en/ Overview We reported an overflow vulnerability in the base64 decode function of Exim on 5 February, 2018, identified as CVE-2018-6789. This bug exists since the first commit of exim, hence ALL versions are affected. According to our research, it can be leveraged to gain Pre-auth Remote Code Execution and at least 400k servers are at risk. Patched version … Read more

Dead.Letter (CVE-2026-45185) How XBOW Found an Unauthenticated RCE on Exim

May 20, 2026 by emma@emma-plan.org

May 12, 2026 Federico Kirschbaum, Andres Luksenberg Link: XBOW – Dead.Letter (CVE-2026-45185) How XBOW Found an Unauthenticated RCE on Exim Dear reader, What follows is, before anything else, a story. One of those old, well-worn ones. A story of encounters and misencounters, of broken hearts and quiet betrayals, of loves once thought to be forever … Read more

21Nails: Multiple vulnerabilities in Exim | Qualys Security Advisory

May 20, 2026 by emma@emma-plan.org

2021/05/04 Link: qualys.com/2021/05/04/21nails/21nails.txt SummaryWe recently audited central parts of the Exim mail server(https://en.wikipedia.org/wiki/Exim) and discovered 21 vulnerabilities(from CVE-2020-28007 to CVE-2020-28026, plus CVE-2021-27216): 11 localvulnerabilities, and 10 remote vulnerabilities. Unless otherwise noted,all versions of Exim are affected since at least the beginning of itsGit history, in 2004.We have not tried to exploit all of these vulnerabilities, … Read more

iOS Deep Link attacks Part 2 – Exploitation | 8kSec Blogs

May 18, 2026 by emma@emma-plan.org

By 8kSec Research Team, June 5, 2023 Link: https://8ksec.io/ios-deep-link-attacks-part-2-exploitation-8ksec-blogs/