192412 matches found
CVE-2025-48840
An authentication bypass by spoofing vulnerability in Fortinet FortiWeb 7.6.0 through 7.6.3, FortiWeb 7.4.0 through 7.4.8, FortiWeb 7.2 all versions, FortiWeb 7.0 all versions may allow a remote unauthenticated attacker to bypass hostname restrictions via a specially crafted request...
CVE-2025-48840
An authentication bypass by spoofing vulnerability in Fortinet FortiWeb 7.6.0 through 7.6.3, FortiWeb 7.4.0 through 7.4.8, FortiWeb 7.2 all versions, FortiWeb 7.0 all versions may allow a remote unauthenticated attacker to bypass hostname restrictions via a specially crafted request...
CVE-2025-54820
A Stack-based Buffer Overflow vulnerability CWE-121 vulnerability in Fortinet FortiManager 7.4.0 through 7.4.2, FortiManager 7.2.0 through 7.2.10, FortiManager 6.4 all versions may allow a remote unauthenticated attacker to execute unauthorized commands via crafted requests, if the service is...
CVE-2026-30897
A stack-based buffer overflow vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.3, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4.0 through 7.4.11, FortiWeb 7.2 all versions, FortiWeb 7.0 all versions may allow a remote authenticated attacker who can bypass stack protection and ASLR to execute...
How to Stop AI Data Leaks: A Webinar Guide to Auditing Modern Agentic Workflows
Artificial Intelligence AI is no longer just a tool we talk to; it is a tool that does things for us. These are called AI Agents. They can send emails, move data, and even manage software on their own. But there is a problem. While these agents make work faster, they also open a new "back door" f...
CVE-2025-41757
A low-privileged remote attacker can abuse the backup restore functionality of UBR ubr-restore which runs with elevated privileges and does not validate the contents of the backup archive to create or overwrite arbitrary files anywhere on the system...
CVE-2025-61614
In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed...
CVE-2026-3814
A security flaw has been discovered in UTT HiPER 810G up to 1.7.7-1711. Affected by this issue is the function strcpy of the file /goform/getOneApConfTempEntry. Performing a manipulation results in buffer overflow. It is possible to initiate the attack remotely. The exploit has been released to t...
ASP.NET Core Denial of Service Vulnerability
Allocation of resources without limits or throttling in ASP.NET Core allows an unauthorized attacker to deny service over a network...
Windows Authentication Elevation of Privilege Vulnerability
Use after free in Windows Authentication Methods allows an authorized attacker to elevate privileges locally...
Windows Device Association Service Elevation of Privilege Vulnerability
Concurrent execution using shared resource with improper synchronization 'race condition' in Windows Device Association Service allows an authorized attacker to elevate privileges locally...
Win32k Elevation of Privilege Vulnerability
Use after free in Windows Win32K allows an authorized attacker to elevate privileges locally...
MapUrlToZone Security Feature Bypass Vulnerability
Improper resolution of path equivalence in Windows MapUrlToZone allows an unauthorized attacker to bypass a security feature over a network...
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
Integer overflow or wraparound in Windows Routing and Remote Access Service RRAS allows an authorized attacker to execute code over a network...
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
Integer overflow or wraparound in Windows Routing and Remote Access Service RRAS allows an authorized attacker to execute code over a network...
GitHub: Zero Shot SCFoundation Remote Code Execution Vulnerability
Dependency on vulnerable third-party component in GitHub Repo: zero-shot-scfoundation allows an unauthorized attacker to execute code over a network...
Windows Kerberos Security Feature Bypass Vulnerability
Concurrent execution using shared resource with improper synchronization 'race condition' in Windows Kerberos allows an unauthorized attacker to bypass a security feature over a network...
When Trusted Websites Turn Malicious: WordPress Compromises Advance Global Stealer Operation
Overview Rapid7 Labs has identified and analyzed an ongoing, widespread compromise of legitimate, potentially highly trusted WordPress websites, misused by an unidentified threat actor to inject a ClickFix implant impersonating a Cloudflare human verification challenge CAPTCHA. The lure is design...
CVE-2026-2741
CVE-2026-2741 affects Vaadin’s build process which automatically downloads and extracts Node.js when not installed locally. A path traversal flaw in specially crafted ZIP archives can make files be written outside the intended extraction directory during Node.js download/extraction for Vaadin ver...
The Zero-Day Scramble is Avoidable: A Guide to Attack Surface Reduction
You can't control when the next critical vulnerability drops. You can control how much of your environment is exposed when it does. The problem is that most teams have more internet-facing exposure than they realise. Intruder's Head of Security digs into why this happens and how teams can manage ...