Verified Security Research

31 Vulnerabilities. 48 Hours.

Every finding confirmed with AddressSanitizer (20+ test runs each) and independently validated by three commercial LLMs before reporting to vendors.

Vulnerabilities

discovered in 48 hours

MITRE Tickets

confirmed

8.5

Average CVSS

across high-severity findings

Critical (9.0+)

including one CVSS 10.0

Projects Audited

open-source automotive + web

Automotive CVEs

affecting real vehicles

Confirmed MITRE Tickets

Confirmed MITRE tickets and CVSS scores
MITRE #	Domain	Vulnerability	CVSS
#2014701	Frontend Framework SSR	SSTI → Remote Code Execution	10.0
#2014716	Automotive OS	Widget Zip Slip → RCE	9.8
#2014740	CAN TCP Gateway	Stack Buffer Overflow	9.8
#2014747	CAN-over-Ethernet	Heap Overflow (UDP/TCP/SCTP)	9.8
#2014750	Vehicle Monitoring	GVRET Frame Triple Overflow	9.8
#2013193	Automotive OS Core	Unauthenticated Privilege Escalation	7.8
#2014714	Automotive CAN Service	UDS Stack Buffer Overflow	7.8
#2014719	Automotive CAN Protocol	ISO-TP Out-of-Bounds Read	7.1
#2014728	Heavy Vehicle Protocol	Integer Underflow → OOB Write	8.2
#2014734	CAN Protocol Library	ISO-TP Nibble OOB Read	7.1
#2014736	Heavy Vehicle Protocol (fork)	TP Integer Underflow	8.2
#2014758	Embedded IPC Framework	ELF Loader Integer Overflow	8.1
#2013988	Frontend Framework SSR	Event Handler Filter Bypass → XSS	7.2

All findings under coordinated disclosure. CVE IDs will be published after vendor patches are released.

Cerberus Protocol — Our Methodology

AI-Augmented Triage

Three commercial LLMs independently analyze source code for vulnerability patterns. Consensus ≥ 2/3 required to proceed.

ASAN Verification

20+ AddressSanitizer test runs per finding with varied parameters. 100% crash rate on overflow inputs, 100% clean on normal inputs.

Cross-Validation

Each finding independently confirmed by Gemini, GLM-5, and Kimi-K2. Only 3/3 unanimous confirmations are reported to vendors.

Research methodology cross-links

Follow the evidence chain from the public research timeline to the full methodology, Trust Center, and productized scanner proof.

Evidence trail

AI-assisted audit method

Read methodology article

Explains target selection, three-model validation, dynamic verification, false-positive handling, and disclosure boundaries.

Claims tied to sources

Trust evidence hierarchy

Connects the research record to security.txt, public engineering surface, and buyer-verifiable evidence paths.

CVE benchmark proof

Nora Scan product proof

Shows how the vulnerability-research workflow maps into the Nora Scan product surface and proof module.

Disclosure Timeline

Mar 25, 2026

Vulnerability reports sent to Vue.js, AGL, OVMS3, OpenAMP, socketcand, cannelloni, J1939 maintainers

Mar 26, 2026

15 MITRE tickets confirmed. All CVE requests acknowledged.