Exploit for External Control of File Name or Path in Microsoft

CVE-2025-24054 PoC A simple Proof of Concept for CVE-2025-2...

EUVD-2023-55519

Malicious code in bioql PyPI...

CVE-2023-50786

Dradis through 4.16.0 allows referencing external images resources over HTTPS, instead of forcing the use of embedded uploaded images. This can be leveraged by an authorized author to attempt to steal the Net-NTLM hashes of other authors on a Windows domain network...

PT-2025-28033 · Dradis · Dradis

Name of the Vulnerable Software and Affected Versions: Dradis versions through 4.16.0 Description: Dradis allows referencing external images over HTTPS instead of requiring the use of embedded images. This can be exploited by an authorized author to attempt to steal the Net-NTLM hashes of other...

CVE-2023-50786

Dradis through 4.16.0 allows referencing external images resources over HTTPS, instead of forcing the use of embedded uploaded images. This can be leveraged by an authorized author to attempt to steal the Net-NTLM hashes of other authors on a Windows domain network...

CVE-2023-50786

CVE-2023-50786 affects Dradis 4.16.0 and earlier, where references to external HTTPS images are allowed instead of forcing embedded images. This can enable an authorized author to attempt theft of Net-NTLM hashes from other authors on a Windows domain network. Remediation: upgrade to a version th...

CVE-2023-46595

Net-NTLM leak via HTML injection in FireFlow VisualFlow workflow editor allows an attacker to obtain victim’s domain credentials and Net-NTLM hash which can lead to relay domain attacks. Fixed in A32.20 b570 or above, A32.50 b390 or above...

Vulnerabilities fixed in Microsoft Office

Microsoft has fixed vulnerabilities in several Office products. The vulnerabilities allow a malicious person to perform execute attacks that can result in the following categories of damage: Denial-of-Service DoS Remote code execution User Rights Spoofing Access to sensitive data Increased user...

Amazon AWS VPN Client 信息泄露漏洞

Amazon AWS VPN Client is a fully managed remote access VPN solution from Amazon.com. Amazon AWS VPN Client for Windows version 2.0.0 is vulnerable to an information disclosure vulnerability that could be exploited by an attacker to disclose a user's Net-NTLMv2 hash to an external server...

Claromentis Discuss 1.2.1 Cross Site Scripting

Issue: Stored Cross site Scripting XSS on Discuss Module v1.2.1 in Claromentis intranet application Reserved CVE: CVE-2018-15903 Vulnerability OverviewThe Discuss v1.2.1 module in Claromentis 8.2.2 is vulnerable to Stored Cross Site Scripting XSS. An authenticated attacker is able to place...