ofensive-playbook

HackTheBox — Writeups Collection A collection of HackTheBox m...

dotnet: .NET: Denial of Service via stack overflow

A flaw was found in .NET. A remote attacker could exploit a stack overflow vulnerability during encrypted key nested decryption, leading to a Denial of Service DoS. This could make the affected system unavailable to legitimate users...

Security update for ovmf

This update for ovmf fixes the following issue: CVE-2025-59438: mbedtls: padding oracle attack possible through timing of cipher error reporting bsc1252441. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...

OPENSUSE-SU-2026:20554-1 Security update for dovecot24

This update for dovecot24 fixes the following issues: - Update to v2.4.3 - CVE-2025-59028: Invalid base64 authentication can cause DoS for other logins bsc1260894. - CVE-2025-59031: decode2text.sh OOXML extraction may follow symlinks and read unintended files during indexing bsc1260895. -...

Security Bulletin: IBM SOAR QRadar Plugin App is vulnerable to using components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM SOAR QRadar Plugin App has addressed the applicable CVEs with an update. Vulnerability Details CVEID:CVE-2025-68146 DESCRIPTION: filelock is a...

EUVD-2026-23212

The Prismatic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'prismaticencoded' pseudo-shortcode in all versions up to, and including, 3.7.3. This is due to insufficient input sanitization and output escaping on user-supplied attributes within the 'prismaticdecode'...

CVE-2026-3876

The Prismatic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'prismaticencoded' pseudo-shortcode in all versions up to, and including, 3.7.3. This is due to insufficient input sanitization and output escaping on user-supplied attributes within the 'prismaticdecode'...

CVE-2026-22617

Eaton Intelligent Power Protector IPP uses an insecure cookie configuration, which could allow a network‑based attacker to intercept the cookie and exploit it through a man‑in‑the‑middle attack. This security issue has been fixed in the latest version of Eaton IPP software which is available on t...

CVE-2023-3634

In products of the MSE6 product-family by Festo a remote authenticated, low privileged attacker could use functions of undocumented test mode which could lead to a complete loss of confidentiality, integrity and availability...

CVE-2026-5070 Vantage <= 1.20.32 - Authenticated (Contributor+) Stored Cross-Site Scripting via Gallery Block Text Content

The Vantage theme for WordPress is vulnerable to Stored Cross-Site Scripting via Gallery block text content in versions up to, and including, 1.20.32 due to insufficient output escaping in the gallery template. This makes it possible for authenticated attackers, with contributor-level access and...

CVE-2026-3878 WP Docs <= 2.2.9 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'wpdocs_options[icon_size]'

The WP Docs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wpdocsoptionsiconsize' parameter in all versions up to, and including, 2.2.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level...

CVE-2026-6311

An uninitialized use flaw was found in the Accessibility component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=498201025...

CVE-2026-5086

Crypt::SecretBuffer versions before 0.019 for Perl is suseceptible to timing attacks. For example, if Crypt::SecretBuffer was used to store and compare plaintext passwords, then discrepencies in timing could be used to guess the secret password...

Symlink Attack

Overview froxlor/froxlor is a server administration software. Affected versions of this package are vulnerable to Symlink Attack via the DataDump.add process. An attacker can gain ownership of arbitrary directories and their contents by creating a symlink within their own directory that points to...

PT-2026-33340

Name of the Vulnerable Software and Affected Versions Digital Knowledge KnowledgeDeliver versions prior to February 24, 2026 Description Hard-coded ASP.NET/IIS machineKey values in standardized web.config files allow unauthenticated remote code execution. Attackers can use these shared keys to...

PT-2026-33250

MailGates/MailAudit developed by Openfind has a Stack-based Buffer Overflow vulnerability, allowing unauthenticated remote attackers to control the program's execution flow and execute arbitrary code...

PT-2026-33222

Name of the Vulnerable Software and Affected Versions MuPDF mutool affected versions not specified Description MuPDF mutool fails to sanitize PDF metadata fields before writing them to terminal output. This allows the injection of arbitrary ANSI escape sequences—codes used to control terminal...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : nghttp2 (SUSE-SU-2026:1350-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:1350-1 advisory. This update for nghttp2 fixes the following issue: - CVE-2026-27135: assertion failure due to missing sta...

Too Private to Tell: Practical Token Theft Attacks on Apple Intelligence

Apple Intelligence is a generative AI GenAI service provided by Apple on its devices. While offering a similar set of features as other similar GenAI services, Apple Intelligence is claimed to be designed with an extra focus on user security and privacy through a two-stage authentication and...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: cups (UTSA-2026-007170)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007170 advisory. OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, in a network-exposed cupsd with a...