Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

trailofbits — Vulnerabilities & Security Advisories 13

Browse all 13 CVE security advisories affecting trailofbits. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Trail of Bits provides security auditing, penetration testing, and vulnerability research services, focusing on securing critical infrastructure and software systems. Their vulnerability record primarily includes remote code execution, cross-site scripting, and privilege escalation flaws, often in complex applications and cryptographic implementations. The firm is known for its deep technical expertise and contributions to open-source security tools. While no major security incidents have been publicly attributed to the organization, their work frequently involves analyzing high-stakes systems in finance, blockchain, and government sectors. Their CVEs typically demonstrate sophisticated exploitation techniques in enterprise environments and custom cryptographic implementations.

Top products by trailofbits: fickling uthenticode rfc3161-client
CVE IDTitleCVSSSeverityPublished
CVE-2026-14535 Fickling MLAllowlist analysis pass rendered inoperative by shared mutable state in AnalysisContext.shorten_code() — ficklingCWE-693 8.8 High2026-07-04
CVE-2026-14534 Fickling check_safety() bypass via unlisted standard library modules (_posixsubprocess, site, atexit) — ficklingCWE-184 8.8 High2026-07-04
CVE-2026-33753 Improper Certificate Validation in rfc3161-client — rfc3161-clientCWE-295 6.2 Medium2026-04-08
CVE-2026-22612 Fickling vulnerable to detection bypass due to "builtins" blindness — ficklingCWE-502 9.1 -2026-01-10
CVE-2026-22609 Fickling has Static Analysis Bypass via Incomplete Dangerous Module Blocklist — ficklingCWE-184 9.8 -2026-01-10
CVE-2026-22608 Fickling vulnerable to use of ctypes and pydoc gadget chain to bypass detection — ficklingCWE-184 9.8 -2026-01-10
CVE-2026-22607 Fickling Blocklist Bypass: cProfile.run() — ficklingCWE-184 9.8 -2026-01-10
CVE-2026-22606 Fickling has a bypass via runpy.run_path() and runpy.run_module() — ficklingCWE-184 9.8 -2026-01-10
CVE-2025-67748 Fickling has Code Injection vulnerability via pty.spawn() — ficklingCWE-184 9.1AICriticalAI2025-12-16
CVE-2025-67747 Fickling has missing detection for marshal.loads and types.FunctionType in unsafe modules list — ficklingCWE-184 8.4AIHighAI2025-12-16
CVE-2025-52556 rfc3161-client has insufficient verification for timestamp response signatures — rfc3161-clientCWE-347 7.5AIHighAI2025-06-21
CVE-2023-39969 uthenticode signature validation bypass vulnerability — uthenticodeCWE-347 9.1 Critical2023-08-09
CVE-2023-40012 uthenticode EKU validation bypass — uthenticodeCWE-325 5.9 Medium2023-08-09

This page lists every published CVE security advisory associated with trailofbits. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.