Deserialization

SAP Security Patch Day Fixes Four Critical Flaws, Including a CVSS 10.0 RCE (CVE-2025-42944)

• Vulnerability Report

SAP Security Patch Day Fixes Four Critical Flaws, Including a CVSS 10.0 RCE (CVE-2025-42944)

Do Son September 9, 2025 0

Today, SAP released 21 new Security Notes and 4 updates as part of its monthly Security Patch...

Read More Read more about SAP Security Patch Day Fixes Four Critical Flaws, Including a CVSS 10.0 RCE (CVE-2025-42944)

PoC Published for Remote Code Execution Flaw in Microsoft IIS Web Deploy

• Vulnerability

PoC Published for Remote Code Execution Flaw in Microsoft IIS Web Deploy

Do Son September 3, 2025 1

Security researcher Batuhan Er of HawkTrace has been credited by Microsoft for uncovering CVE-2025-53772, a critical remote...

Read More Read more about PoC Published for Remote Code Execution Flaw in Microsoft IIS Web Deploy

CVE-2025-6507 (CVSS 9.8): Critical H2O-3 Vulnerability Puts Machine Learning at Risk

• Vulnerability Report

CVE-2025-6507 (CVSS 9.8): Critical H2O-3 Vulnerability Puts Machine Learning at Risk

Do Son September 2, 2025 0

H2O-3, a widely used open-source platform for distributed and scalable machine learning, has been found vulnerable to...

Read More Read more about CVE-2025-6507 (CVSS 9.8): Critical H2O-3 Vulnerability Puts Machine Learning at Risk

Two RCE Vulnerabilities Found in Open-Source BI Tool DataEase

• Vulnerability Report

Two RCE Vulnerabilities Found in Open-Source BI Tool DataEase

Do Son August 26, 2025 0

Security researchers have disclosed two critical vulnerabilities in DataEase, an open-source business intelligence (BI) tool designed for...

Read More Read more about Two RCE Vulnerabilities Found in Open-Source BI Tool DataEase

CVE-2025-30023: Critical RCE Vulnerability Discovered in Axis Video Management Software

• Vulnerability Report

CVE-2025-30023: Critical RCE Vulnerability Discovered in Axis Video Management Software

Do Son July 14, 2025 0

Axis Communications has issued a security advisory for a critical vulnerability affecting several of its flagship software...

Read More Read more about CVE-2025-30023: Critical RCE Vulnerability Discovered in Axis Video Management Software

Laravel Flaw: Leaked APP_KEY Turns Into Remote Code Execution

• Vulnerability Report

Laravel Flaw: Leaked APP_KEY Turns Into Remote Code Execution

Do Son July 11, 2025 0

A recent technical deep-dive by Synacktiv has exposed a serious yet often overlooked risk in Laravel—the popular...

Read More Read more about Laravel Flaw: Leaked APP_KEY Turns Into Remote Code Execution

Critical HIKVISION applyCT Flaw (CVE-2025-34067, CVSS 10.0): Unauthenticated RCE Via Fastjson

• Vulnerability Report

Critical HIKVISION applyCT Flaw (CVE-2025-34067, CVSS 10.0): Unauthenticated RCE Via Fastjson

Do Son July 4, 2025 0

A newly disclosed vulnerability in HIKVISION’s widely deployed security management platform, applyCT (previously known as HikCentral), has...

Read More Read more about Critical HIKVISION applyCT Flaw (CVE-2025-34067, CVSS 10.0): Unauthenticated RCE Via Fastjson

CVE-2025-36038: Critical RCE Vulnerability Discovered in IBM WebSphere Application Server

• Vulnerability Report

CVE-2025-36038: Critical RCE Vulnerability Discovered in IBM WebSphere Application Server

Do Son June 27, 2025 0

IBM has issued a security alert regarding a high-severity vulnerability—CVE-2025-36038—affecting WebSphere Application Server versions 8.5 and 9.0....

Read More Read more about CVE-2025-36038: Critical RCE Vulnerability Discovered in IBM WebSphere Application Server

Legacy vBulletin 4.x Patch Backfires: RCE via Signed Base64 Payloads and a Full PoC

• Vulnerability

Legacy vBulletin 4.x Patch Backfires: RCE via Signed Base64 Payloads and a Full PoC

Do Son June 7, 2025 0

Security researcher Egidio Romano (EgiX) uncovers a fascinating PHP Object Injection (POI) vulnerability in legacy versions of...

Read More Read more about Legacy vBulletin 4.x Patch Backfires: RCE via Signed Base64 Payloads and a Full PoC

CVE-2025-48951: Critical Deserialization Flaw in Auth0 PHP SDK Threatens Millions of Applications

• Vulnerability Report

CVE-2025-48951: Critical Deserialization Flaw in Auth0 PHP SDK Threatens Millions of Applications

Do Son June 5, 2025 0

A newly disclosed vulnerability in the Auth0 PHP SDK—a widely-used authentication toolkit with over 16 million downloads—poses...

Read More Read more about CVE-2025-48951: Critical Deserialization Flaw in Auth0 PHP SDK Threatens Millions of Applications

Critical RCE Flaw Patched in Roundcube Webmail: Update Immediately!

• Vulnerability Report

Critical RCE Flaw Patched in Roundcube Webmail: Update Immediately!

Do Son June 2, 2025 0

Roundcube Webmail, a widely-used browser-based IMAP client, has patched a critical security vulnerability, tracked as CVE-2025-49113 (CVSS...

Read More Read more about Critical RCE Flaw Patched in Roundcube Webmail: Update Immediately!