PoC

Critical Next.js auth bypass vulnerability opens web apps to compromise (CVE-2025-29927)

Cloudflare, Don't miss, framework, Hot stuff, News, Next.js, open source, PoC, ProjectDiscovery, vulnerability, web application security, web development /

Critical Next.js auth bypass vulnerability opens web apps to compromise (CVE-2025-29927) 2025-03-24 at 15:17 By Zeljka Zorz A critical vulnerability (CVE-2025-29927) in the open source Next.js framework can be exploited by attackers to bypass authorization checks and gain unauthorized access to web pages they should no have access to (e.g., the web app’s admin panel). […]

React to this headline:

Loading spinner

Critical Next.js auth bypass vulnerability opens web apps to compromise (CVE-2025-29927) Read More »

NAKIVO Backup & Replication vulnerability exploited by attackers (CVE-2024-48248)

backup, disaster recovery, Don't miss, enterprise, Hot stuff, MSP, Nakivo, News, PoC, SMBs, vulnerability, WatchTowr /

NAKIVO Backup & Replication vulnerability exploited by attackers (CVE-2024-48248) 2025-03-21 at 13:33 By Zeljka Zorz A vulnerability (CVE-2024-48248) in NAKIVO Backup and Replication, a backup, ransomware protection and disaster recovery solution designed for organizations of all sizes and managed service providers (MSPs), is being actively exploited. The US Cybersecurity and Infrastructure Security Agency (CISA) has

React to this headline:

Loading spinner

NAKIVO Backup & Replication vulnerability exploited by attackers (CVE-2024-48248) Read More »

Critical Veeam Backup & Replication RCE vulnerability fixed, patch ASAP! (CVE-2025-23120)

backup, Don't miss, enterprise, Hot stuff, News, PoC, Rapid7, SMBs, Veeam Software, vulnerability, WatchTowr /

Critical Veeam Backup & Replication RCE vulnerability fixed, patch ASAP! (CVE-2025-23120) 2025-03-20 at 14:29 By Zeljka Zorz Veeam has released fixes for a critical remote code execution vulnerability (CVE-2025-23120) affecting its enterprise Veeam Backup & Replication solution, and is urging customers to quickly upgrade to a fixed version. There is currently no indication that the

React to this headline:

Loading spinner

Critical Veeam Backup & Replication RCE vulnerability fixed, patch ASAP! (CVE-2025-23120) Read More »

MITRE Caldera RCE vulnerability with public PoC fixed, patch ASAP! (CVE-2025–27364)

CVE, Don't miss, Hot stuff, MITRE, News, open source, PoC, red team, training /

MITRE Caldera RCE vulnerability with public PoC fixed, patch ASAP! (CVE-2025–27364) 2025-02-28 at 17:03 By Zeljka Zorz Users of the MITRE Caldera cyber security platform have been urged to plug a critical hole (CVE-2025–27364) that may allow unauthenticated attackers to achieve remote code execution. About MITRE Caldera MITRE Caldera is a platform built on the

React to this headline:

Loading spinner

MITRE Caldera RCE vulnerability with public PoC fixed, patch ASAP! (CVE-2025–27364) Read More »

PoC exploit for Ivanti Endpoint Manager vulnerabilities released (CVE-2024-13159)

Don't miss, endpoint management, enterprise, Horizon3.ai, Hot stuff, Ivanti, News, PoC /

PoC exploit for Ivanti Endpoint Manager vulnerabilities released (CVE-2024-13159) 2025-02-24 at 16:18 By Zeljka Zorz A proof-of-concept (PoC) exploit for four critical Ivanti Endpoint Manager vulnerabilities has been released by Horizon3.ai researchers. The vulnerabilities – CVE-2024-10811, CVE-2024-13161, CVE-2024-13160 and CVE-2024-13159 – may be exploited by remote, unauthenticated attackers to leverage Ivanti EPM machine account credentials

React to this headline:

Loading spinner

PoC exploit for Ivanti Endpoint Manager vulnerabilities released (CVE-2024-13159) Read More »

PoC Exploit Published for Critical Ivanti EPM Vulnerabilities

Ivanti, PoC, Vulnerabilities, vulnerability /

PoC Exploit Published for Critical Ivanti EPM Vulnerabilities 2025-02-20 at 13:47 By Ionut Arghire Proof-of-concept (PoC) code and technical details on four critical-severity Ivanti EPM vulnerabilities are now available. The post PoC Exploit Published for Critical Ivanti EPM Vulnerabilities appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source React to

React to this headline:

Loading spinner

PoC Exploit Published for Critical Ivanti EPM Vulnerabilities Read More »

PAN-OS authentication bypass hole plugged, PoC is public (CVE-2025-0108)

Assetnote, Don't miss, exploit, firewall, Hot stuff, News, Palo Alto Networks, PoC, security update /

PAN-OS authentication bypass hole plugged, PoC is public (CVE-2025-0108) 2025-02-13 at 13:17 By Zeljka Zorz Palo Alto Networks has fixed a high-severity authentication bypass vulnerability (CVE-2025-0108) in the management web interface of its next-gen firewalls, a proof-of-concept exploit (PoC) for which has been made public. “Palo Alto Networks is not aware of any malicious exploitation

React to this headline:

Loading spinner

PAN-OS authentication bypass hole plugged, PoC is public (CVE-2025-0108) Read More »

Cisco fixes ClamAV vulnerability with available PoC and critical Meeting Management flaw

Cisco, Don't miss, Hot stuff, News, PoC, security update, video conferencing, vulnerability /

Cisco fixes ClamAV vulnerability with available PoC and critical Meeting Management flaw 2025-01-23 at 15:03 By Zeljka Zorz Cisco has released patches for a critical privilege escalation vulnerability in Meeting Management (CVE-2025-20156) and a heap-based buffer overflow flaw (CVE-2025-20128) that, when triggered, could terminate the ClamAV scanning process on endpoints running a Cisco Secure Endpoint

React to this headline:

Loading spinner

Cisco fixes ClamAV vulnerability with available PoC and critical Meeting Management flaw Read More »

Mitel MiCollab zero-day and PoC exploit unveiled

0-day, collaboration, CVE, Don't miss, enterprise, Hot stuff, Mitel, News, PoC, WatchTowr /

Mitel MiCollab zero-day and PoC exploit unveiled 2024-12-05 at 16:32 By Zeljka Zorz A zero-day vulnerability in the Mitel MiCollab enterprise collaboration suite can be exploited to read files containing sensitive data, watchTowr researcher Sonny Macdonald has disclosed, and followed up by releasing a proof-of-concept (PoC) exploit that chains together this zero-day file read vulnerability

React to this headline:

Loading spinner

Mitel MiCollab zero-day and PoC exploit unveiled Read More »

PoC exploit for critical WhatsUp Gold RCE vulnerability released (CVE-2024-8785)

CVE, Don't miss, enterprise, exploit, Hot stuff, network monitoring, News, PoC, Progress, Tenable, vulnerability /

PoC exploit for critical WhatsUp Gold RCE vulnerability released (CVE-2024-8785) 2024-12-04 at 13:38 By Zeljka Zorz Researchers have published a proof-of-concept (PoC) exploit for CVE-2024-8785, a critical remote code execution vulnerability affecting Progress WhatsUp Gold, a popular network monitoring solution for enterprises. CVE-2024-8785 and the PoC exploit CVE-2024-8785 stems from the incorrect use of a

React to this headline:

Loading spinner

PoC exploit for critical WhatsUp Gold RCE vulnerability released (CVE-2024-8785) Read More »

Critical Palo Alto Networks Expedition bug exploited (CVE-2024-5910)

CVE, Don't miss, Horizon3.ai, Hot stuff, News, Palo Alto Networks, PoC, vulnerability /

Critical Palo Alto Networks Expedition bug exploited (CVE-2024-5910) 2024-11-08 at 13:36 By Zeljka Zorz A vulnerability (CVE-2024-5910) in Palo Alto Networks Expedition, a firewall configuration migration tool, is being exploited by attackers in the wild, the Cybersecurity and Infrastructure Security Agency (CISA) confirmed on Thursday. About CVE-2024-5910 Unearthed and reported by Brian Hysell of Synopsys

React to this headline:

Loading spinner

Critical Palo Alto Networks Expedition bug exploited (CVE-2024-5910) Read More »

Exploited: Cisco, SharePoint, Chrome vulnerabilities

brute-force, Chrome, CISA, Cisco, Don't miss, enterprise, exploit, Hot stuff, Kaspersky, News, PoC, SharePoint, vulnerability /

Exploited: Cisco, SharePoint, Chrome vulnerabilities 2024-10-25 at 13:33 By Zeljka Zorz Threat actors have been leveraging zero and n-day vulnerabilities in Cisco security appliances (CVE-2024-20481), Microsoft Sharepoint (CVE-2024-38094), and Google’s Chrome browser (CVE-2024-4947). CVE-2024-20481 (Cisco ASA/FTD) In the past few days, Cisco has released fixes for a slew of vulnerabilities affecting the software powering its

React to this headline:

Loading spinner

Exploited: Cisco, SharePoint, Chrome vulnerabilities Read More »

Exploit code for critical GitLab auth bypass flaw released (CVE-2024-45409)

authentication, Don't miss, exploit, GitLab, Hot stuff, News, PoC, ProjectDiscovery, security update, Synactiv, vulnerability /

Exploit code for critical GitLab auth bypass flaw released (CVE-2024-45409) 2024-10-09 at 15:49 By Zeljka Zorz If you run a self-managed GitLab installation with configured SAML-based authentication and you haven’t upgraded it since mid-September, do it now, because security researchers have published an analysis of CVE-2024-45409 and an exploit script that may help attackers gain

React to this headline:

Loading spinner

Exploit code for critical GitLab auth bypass flaw released (CVE-2024-45409) Read More »

Critical Zimbra RCE vulnerability under mass exploitation (CVE-2024-45519)

CVE, Don't miss, exploit, Hot stuff, News, PoC, ProjectDiscovery, Proofpoint, Synacor, vulnerability /

Critical Zimbra RCE vulnerability under mass exploitation (CVE-2024-45519) 2024-10-02 at 14:16 By Zeljka Zorz Attackers are actively exploiting CVE-2024-45519, a critical Zimbra vulnerability that allows them to execute arbitrary commands on vulnerable installations. Proofpoint’s threat researchers say that the attacks started on September 28 – several weeks after Zimbra developers released patches for CVE-2024-45519 and

React to this headline:

Loading spinner

Critical Zimbra RCE vulnerability under mass exploitation (CVE-2024-45519) Read More »

CUPS vulnerabilities affecting Linux, Unix systems can lead to RCE

CVE, Don't miss, Hot stuff, Linux, News, PoC, Rapid7, Red Hat, Tenable, vulnerability /

CUPS vulnerabilities affecting Linux, Unix systems can lead to RCE 2024-09-27 at 13:31 By Zeljka Zorz After much hyping and following prematurely leaked information by a third party, security researcher Simone Margaritelli has released details about four zero-day vulnerabilities in the Common UNIX Printing System (CUPS) that can be abused by remote, unauthenticated attackers to

React to this headline:

Loading spinner

CUPS vulnerabilities affecting Linux, Unix systems can lead to RCE Read More »

PoC for critical SolarWinds Web Help Desk vulnerability released (CVE-2024-28987)

CVE, Don't miss, education, enterprise, Government, Horizon3.ai, Hot stuff, MSP, News, PoC, SMBs, SolarWinds, vulnerability /

PoC for critical SolarWinds Web Help Desk vulnerability released (CVE-2024-28987) 2024-09-25 at 17:17 By Zeljka Zorz Details about and proof-of-concept (PoC) exploit code for CVE-2024-28987, a recently patched SolarWinds Web Help Desk (WHD) vulnerability that could be exploited by unauthenticated attackers to remotely read and modify all help desk ticket details, are now public. “When

React to this headline:

Loading spinner

PoC for critical SolarWinds Web Help Desk vulnerability released (CVE-2024-28987) Read More »

Ivanti vTM auth bypass flaw exploited in attacks, CISA warns (CVE-2024-7593)

CVE, Don't miss, enterprise, exploit, Hot stuff, Ivanti, News, PoC, vulnerability /

Ivanti vTM auth bypass flaw exploited in attacks, CISA warns (CVE-2024-7593) 2024-09-25 at 12:46 By Zeljka Zorz CVE-2024-7593, a critical authentication bypass vulnerability affecting Ivanti Virtual Traffic Manager (vTM) appliances, is actively exploited by attackers. The confirmation comes from the Cybersecurity and Infrastructure Security Agency (CISA), which added the flaw to its Known Exploited Vulnerabilities

React to this headline:

Loading spinner

Ivanti vTM auth bypass flaw exploited in attacks, CISA warns (CVE-2024-7593) Read More »

PoC exploit for exploited Ivanti Cloud Services Appliance flaw released (CVE-2024-8190)

CVE, Don't miss, enterprise, Horizon3.ai, Hot stuff, Ivanti, News, PoC, secure communications, vulnerability /

PoC exploit for exploited Ivanti Cloud Services Appliance flaw released (CVE-2024-8190) 2024-09-17 at 13:02 By Zeljka Zorz CVE-2024-8190, an OS command injection vulnerability in Ivanti Cloud Services Appliance (CSA) v4.6, is under active exploitation. Details about the attacks are still unknown, but there may be more in the near future: Horizon3.ai researchers have published their

React to this headline:

Loading spinner

PoC exploit for exploited Ivanti Cloud Services Appliance flaw released (CVE-2024-8190) Read More »

Adobe completes fix for Reader bug with known PoC exploit (CVE-2024-41869)

Adobe, Adobe Reader, Check Point, Don't miss, Expmon, Hot stuff, News, PoC, security update, vulnerability /

Adobe completes fix for Reader bug with known PoC exploit (CVE-2024-41869) 2024-09-12 at 15:16 By Zeljka Zorz Among the security updates released by Adobe on Tuesday are those for various versions of Adobe Acrobat and Reader, which fix two critical flaws that could lead to arbitrary code execution: CVE-2024-45112 and CVE-2024-41869. Nothing in the advisory

React to this headline:

Loading spinner

Adobe completes fix for Reader bug with known PoC exploit (CVE-2024-41869) Read More »

Chinese APT40 group swifly leverages public PoC exploits

APT, Australia, China, CISA, Don't miss, Hot stuff, News, PoC, web application, web shell /

Chinese APT40 group swifly leverages public PoC exploits 2024-07-09 at 14:46 By Zeljka Zorz Chinese state-sponsored cyber group APT40 is amazingly fast at adapting public proof-of-concept (PoC) exploits for vulnerabilities in widely used software, an advisory released by intelligence and cybersecurity agencies from eight countries warns. The group, which is also known as Kryptonite Panda

React to this headline:

Loading spinner

Chinese APT40 group swifly leverages public PoC exploits Read More »

Scroll to Top