What This Vulnerability Research Portfolio Represents
Discoveries That Matter
Our vulnerability research team reverse engineers your enterprise software to find the 0-days that threaten your infrastructure - before attackers do.
Enterprise Focus
The vulnerabilities below affect systems organizations use: SAP. IBM. Check Point. F5. BMC. Microsoft. Rapid7. Cyberark.
Current Research
We identified a wide range of CVEs across various industries - each of the vulnerabilities have been assigned a threat level ranging from critical to low. We pride ourselves in beating others to identify critical CVEs in large infrastructure for orgasations such as IBM and Microsoft.
Heap Buffer Overflow in vifm History Merge via Crafted vifminfo.json
Integer Overflow in simdjson Leading to Out-of-Bounds Read
Reflected Cross-Site Scripting in ATutor /install/install.php
Reflected Cross-Site Scripting in ATutor /install/upgrade.php
Insecure Directory Permissions in GNU nano Leading to Privilege Abuse
Race Condition in GNU Sed
bzip2recover Off-by-One Error Leading to Global Buffer Overflow
Authorization Bypass Through User-Controlled Key in OutSystems Lifetime
Path traversal in Vim < v9.2.0280
Authorization Bypass in MLflow AJAX Endpoint
Stored XSS via unsafe YAML parsing in MLflow
F5 BIG-IP Configuration Utility - Reflected Content Injection
TCC bypass via misconfigured Node fuses in Cursor AI code editor allows unauthorized access to protected macOS resources
Privilege escalation via get-task-allow entitlement in Invoice Ninja allows attackers to debug and manipulate the application process on macOS
TCC bypass via inherited permissions in bundled Python interpreter in GIMP.app allows scripts to access protected resources
We map your systems before testing how they break.
That's why critical findings usually show up outside the original scope - attackers don't respect scope documents.
Security Assessment Services FAQ
Questions enterprise security teams ask before partnering with AFINE for security assessments.