Constantinos Patsakis

5 exploits Active since Oct 2017
CVE-2025-61301 GITHUB HIGH python WRITEUP
CAPEv2 - Denial of Service via Oversized Behavior Data
Denial-of-analysis in reporting/mongodb.py and reporting/jsondump.py in CAPEv2 (commit 52e4b43, on 2025-05-17) allows attackers who can submit samples to cause incomplete or missing behavioral analysis reports by generating deeply nested or oversized behavior data that trigger MongoDB BSON limits or orjson recursion errors when the sample executes in the sandbox.
2 stars
CVSS 7.5
CVE-2025-61301 NOMISEC HIGH WORKING POC
CAPEv2 - Denial of Service via Oversized Behavior Data
Denial-of-analysis in reporting/mongodb.py and reporting/jsondump.py in CAPEv2 (commit 52e4b43, on 2025-05-17) allows attackers who can submit samples to cause incomplete or missing behavioral analysis reports by generating deeply nested or oversized behavior data that trigger MongoDB BSON limits or orjson recursion errors when the sample executes in the sandbox.
2 stars
CVSS 7.5
CVE-2025-61303 NOMISEC CRITICAL WORKING POC
Hatching Triage Sandbox Windows 10 build 2004 and LTSC 2021 - Denial-of-Analysis via Recursive Child Process Spawning
Hatching Triage Sandbox Windows 10 build 2004 (2025-08-14) and Windows 10 LTSC 2021(2025-08-14) contains a vulnerability in its Windows behavioral analysis engine that allows a submitted malware sample to evade detection and cause denial-of-analysis. The vulnerability is triggered when a sample recursively spawns a large number of child processes, generating high log volume and exhausting system resources. As a result, key malicious behavior, including PowerShell execution and reverse shell activity, may not be recorded or reported, misleading analysts and compromising the integrity and availability of sandboxed analysis results.
2 stars
CVSS 9.8
CVE-2025-67221 NOMISEC HIGH WORKING POC
orjson < 3.11.4 - Denial of Service via Deeply Nested JSON Documents
The orjson.dumps function in orjson thru 3.11.4 does not limit recursion for deeply nested JSON documents.
1 stars
CVSS 7.5
CVE-2017-0807 NOMISEC CRITICAL WORKING POC
Android <7.1.2 - Privilege Escalation
An elevation of privilege vulnerability in the Android framework (ui framework). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-35056974.
1 stars
CVSS 9.8