Browse all 9 CVE security advisories affecting ctfer-io. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Ctfer-io operates as a vulnerability coordination platform connecting security researchers with organizations to identify and remediate security flaws. Historically, the platform has facilitated the discovery of diverse vulnerability classes, with notable emphasis on remote code execution (RCE), cross-site scripting (XSS), and privilege escalation weaknesses. While no major public security incidents have been directly attributed to ctfer-io, its role in vulnerability disclosure has occasionally involved contentious cases where researchers and organizations disputed the validity or severity of reported findings. The platform maintains a moderate CVE count of 9, reflecting its specialized focus on coordinated vulnerability research rather than broad security auditing.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-32768 | Chall-Manager's invalid NetworkPolicy enables a malicious actor to pivot into another namespace — chall-managerCWE-284 | 9.1 | - | 2026-03-20 |
| CVE-2025-53634 | Chall-Manager's HTTP Gateway have no header check timeout leading to potential slow loris attacks — chall-managerCWE-770 | 7.5AI | HighAI | 2025-07-10 |
| CVE-2025-53633 | Chall-Manager's scenario decoding process does not check for zip bombs — chall-managerCWE-405 | 9.1AI | CriticalAI | 2025-07-10 |
| CVE-2025-53632 | Chall-Manager's scenario decoding process does not check for zip slips — chall-managerCWE-22 | 7.5AI | HighAI | 2025-07-10 |
This page lists every published CVE security advisory associated with ctfer-io. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.