Resources
Explore our contributions to the open-source community and our security vulnerability research/findings.
Open Source Projects
TechniqueRAG: Retrieval Augmented Generation for Adversarial Technique Annotation in Cyber Threat Intelligence Text
Accurately identifying adversarial techniques in security texts is critical for
AZERG STIX Entity and Relationship Extractor
AZERG is a framework for automatically extracting Structured Threat Information Expression
LLMxCPG: Context-Aware Vulnerability Detection Through Code Property Graph-Guided Large Language Models
Software vulnerabilities present a persistent security challenge, with over 25,000
Security Vulnerability Findings
CVE-2026-1801 in libsoup
libsoup contains an HTTP request smuggling vulnerability in its chunked transfer encoding parser. The library accepts lone LF (\n) characters instead of requiring CRLF (\r\n) as mandated by RFC 9112,
CVE-2025-51602 in VLC Media Player
As a part of our ongoing efforts in vulnerability analysis at QCRI, we discovered a new Out-of-bounds read vulnerability in the MMS component of VLC Media Player (CVE-2025-51602). The vulnerability
CVE-2025-6170 in libxml2
We discovered a vulnerability in gnome/libxml2 in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does
CVE-2025-6021 in libxml2
We discovered a vulnerability in gnome/libxml2 in xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow. This issue can result in memory corruption
CVE-2025-6491 in php-src
We discovered a vulnerability in php/php-src (the core source code for PHP programming language) if a SoapVar instance is created with a fully qualified name larger than 2G, this will