9801 matches found
Ofensive-security-Portfolio
This repository contains my Offensive Cyber Security / Penetrati...
SolarWinds Web Help Desk < 12.8.3 - Insecure Deserialization
SolarWinds Web Help Desk before version 12.8.3 contain a critical Java deserialization vulnerability that enables remote code execution. Attackers can exploit this flaw to execute arbitrary commands on the host machine. Initially reported as unauthenticated, SolarWinds was unable to reproduce...
SUSE CVE-2025-24293
Active Storage allowed transformation methods potentially unsafe Active Storage attempts to prevent the use of potentially unsafe image transformation methods and parameters by default. The default allowed list contains three methods allow for the circumvention of the safe defaults which enables...
K000159874: SSSD vulnerability CVE-2025-11561
Security Advisory Description A flaw was found in the integration of Active Directory and the System Security Services Daemon SSSD on Linux systems. In default configurations, the Kerberos local authentication plugin sssdkrb5localauthplugin is enabled, but a fallback to the an2ln plugin is...
GO-2026-4335 Fleet has a JWT signature bypass vulnerability in Azure AD MDM enrollment in github.com/fleetdm/fleet
Fleet has a JWT signature bypass vulnerability in Azure AD MDM enrollment in github.com/fleetdm/fleet...
CVE-2026-24667
CVE-2026-24667 concerns the Open eClass platform (formerly GUnet eClass). Before version 4.2, the system failed to invalidate active user sessions after a password change, allowing existing session tokens to remain usable and potentially granting unauthorized continued access to user accounts. Th...
CVE-2026-24667 Open eClass's Active Sessions Not Invalidated After Password Change Allow Persistent Account Access
The Open eClass platform formerly known as GUnet eClass is a complete course management system. Prior to version 4.2, failure to invalidate active user sessions after a password change allows existing session tokens to remain valid, potentially enabling unauthorized continued access to user...
CVE-2026-24667 Open eClass's Active Sessions Not Invalidated After Password Change Allow Persistent Account Access
The Open eClass platform formerly known as GUnet eClass is a complete course management system. Prior to version 4.2, failure to invalidate active user sessions after a password change allows existing session tokens to remain valid, potentially enabling unauthorized continued access to user...
CVE-2026-24667 Open eClass's Active Sessions Not Invalidated After Password Change Allow Persistent Account Access
The Open eClass platform formerly known as GUnet eClass is a complete course management system. Prior to version 4.2, failure to invalidate active user sessions after a password change allows existing session tokens to remain valid, potentially enabling unauthorized continued access to user...
Exploit for Deserialization of Untrusted Data in Facebook React
RSC Sentinel CVE-2025-55182 Next.js / React Server Components...
CVE-2026-24936
When a specific function is enabled while joining a AD Domain from ADM, an improper input parameters validation vulnerability in a specific CGI program allowing an unauthenticated remote attacker to write arbitrary data to any file on the system. By exploiting this vulnerability, attackers can...
CVE-2026-24936
When a specific function is enabled while joining a AD Domain from ADM, an improper input parameters validation vulnerability in a specific CGI program allowing an unauthenticated remote attacker to write arbitrary data to any file on the system. By exploiting this vulnerability, attackers can...
CVE-2026-24936
CVE-2026-24936 affects ASUSTOR ADM: an improper input parameter validation flaw in a CGI program when a specific function is enabled during AD Domain join allows an unauthenticated remote attacker to write arbitrary data to any file, potentially leading to complete system compromise. Affected: AD...
EUVD-2026-5316
When a specific function is enabled while joining a AD Domain from ADM, an improper input parameters validation vulnerability in a specific CGI program allowing an unauthenticated remote attacker to write arbitrary data to any file on the system. By exploiting this vulnerability, attackers can...
PT-2026-6510
Fleet has a JWT signature bypass vulnerability in Azure AD MDM enrollment in github.com/fleetdm/fleet...
kernel: mptcp: Use __sk_dst_get() and dst_dev_rcu() in mptcp_active_enable()
A use-after-free flaw was found in Multipath TCP in the Linux kernel in net/mptcp/ctrl.c:mptcpactiveenablecode due to concurrency problem. This flaw could allow an attacker to crash the system at device disconnect. This vulnerability could even lead to a kernel information leak problem...
The Crown Jewels of Active Directory: How Trellix Helix Detects NTDS.dit Theft
The Crown Jewels of Active Directory: How Trellix Helix Detects NTDS.dit Theft By Adithya Chandra and Maulik Maheta · February 2, 2026 Executive summary Active Directory serves as the central repository for an organization's authentication infrastructure. Malicious actors frequently focus on...
CVE-2025-24293
Active Storage allowed transformation methods potentially unsafe Active Storage attempts to prevent the use of potentially unsafe image transformation methods and parameters by default. The default allowed list contains three methods allow for the circumvention of the safe defaults which enables...
UBUNTU-CVE-2025-24293
Active Storage allowed transformation methods potentially unsafe Active Storage attempts to prevent the use of potentially unsafe image transformation methods and parameters by default. The default allowed list contains three methods allow for the circumvention of the safe defaults which enables...
CVE-2025-24293
Active Storage allowed transformation methods potentially unsafe Active Storage attempts to prevent the use of potentially unsafe image transformation methods and parameters by default. The default allowed list contains three methods allow for the circumvention of the safe defaults which enables...