11 vulnerabilities responsibly disclosed by our research team. Real findings, real impact.
11
CVEs
5
Products
11
Via Daylight Engine
CWE-420 — ControlMaster ask mux-proxy confirmation bypass (fixed in OpenSSH 10.3p1)
Sole discovery
GP cert auto-enrollment plain-HTTP root-CA injection (all Samba >= 4.16)
Additional reporter (w/ DREAM Team)
Integer-overflow range-check bypass leads to OOB read in HEIF decoder (ships in KDE/Qt/ImageMagick)
Sole reporter
Unauthenticated Spotlight-RPC heap OOB read via unbounded element count in sl_unpack_ints
Sole reporter
Unauthenticated Spotlight-RPC heap OOB read via unbounded toc_index in sl_unpack_loop
Sole reporter
Missing range validation on server quantum config leads to DoS
Sole reporter
These CVEs were discovered through our security research program. The same techniques and tools power the scans we run for our clients.
Get your free report