VulnCheck KEV: CVE-2026-48172

LiteSpeed User-End cPanel Plugin before 2.4.5 allows privilege escalation possibly to root, as exploited in the wild in May 2026. Detection is best done via a command line of grep -rE "cpaneljsonapifunc=redisAble" /var/cpanel/logs /usr/local/cpanel/logs/ 2/dev/null in Bash. If you get no output,...

Exploit for Path Traversal in Rarlab Winrar

!Window...

Vulnerability in Acrobat Reader could lead to remote code execution; Microsoft patches information disclosure issue in Windows API

Cisco Talos' Vulnerability Research team discovered two vulnerabilities have been disclosed and fixed over the past few weeks. Talos discovered a time-of-check time-of-use vulnerability in Adobe Acrobat Reader, one of the most popular PDF readers currently available, and an information disclosure...

Multiple vulnerabilities in Adobe Acrobat Reader could lead to remote code execution

Cisco Talos has disclosed more than 30 vulnerabilities in February, including seven in Adobe Acrobat Reader, one of the most popular PDF editing and reading software currently available. Adversaries could exploit these vulnerabilities to trigger the reuse of a previously freed object, thus causin...

Exploit for Unprotected Alternate Channel in Rockwellautomation Allen-Bradley_Stratix_5200_Firmware

CVE-2023-20198 An Exploitation script developed to exploit the...

Exploit for Unprotected Alternate Channel in Rockwellautomation Allen-Bradley_Stratix_5200_Firmware

CVE-2023-20198 An Exploitation script developed to exploit the...

Ingress nginx annotation injection causes arbitrary command execution

Issue Details A security issue was identified in ingress-nginx where the nginx.ingress.kubernetes.io/configuration-snippet annotation on an Ingress object in the networking.k8s.io or extensions API group can be used to inject arbitrary commands, and obtain the credentials of the ingress-nginx...

Privilege escalation in project role template binding (PRTB) and -promoted roles

Impact An issue was discovered in Rancher versions from 2.5.0 up to and including 2.5.16 and from 2.6.0 up to and including 2.6.9, where an authorization logic flaw allows privilege escalation via project role template binding PRTB and -promoted roles. This issue is not present in Rancher 2.7...

Detecting Exploitation of Local Vulnerabilities Through Trend Micro Vision One™ and Cloud One™

We provide a guide to detecting Dirty Pipe, a Linux kernel vulnerability tracked as CVE-2022-0847...

Worming your way in through IIS - CVE-2022-21907

Worming your way in through IIS - CVE-2022-21907 By Trellix · January 27, 2022 This story was written by Eion Carroll. IIS HTTP Stack History In the first patch Tuesday of 2022, Microsoft released a patch for a wormable vulnerability CVE-2022-21907 within the IIS HTTP stack, or more specifically...

Detecting Credential Stealing Attacks Through Active In-Network Defense

ARCHIVED STORY Detecting Credential Stealing Attacks Through Active In-Network Defense By Chintan Shah · September 22, 2021 Executive Summary Today, enterprises tend to use multiple layers of security defenses, ranging from perimeter defense on network entry points to host based security solution...

Last Week’s Security news: PrintNightmare, Kaseya, Intune, Metasploit Docker escape

Hello guys! The second episode of Last Week’s Security news from June 28 to July 4. The most interesting vulnerability of the last week is of course Microsoft Print Spooler "PrintNightmare". By sending an RpcAddPrinterDriverEx RPC request, for example over SMB, a remote, authenticated attacker ma...

Nethive-Project - Restructured And Collaborated SIEM And CVSS Infrastructure

The Nethive Project provides a Security Information and Event Management SIEM insfrastructure empowered by CVSS automatic measurements. Features Machine Learning powered SQL Injection Detection Server-side XSS Detection based on Chrome's XSS Auditor Post-exploitation Detection powered by Auditbea...

LIVE Webinar on Zerologon Vulnerability: Technical Analysis and Detection

I am sure that many of you have by now heard of a recently disclosed critical Windows server vulnerability—called Zerologon—that could let hackers completely take over enterprise networks. For those unaware, in brief, all supported versions of the Windows Server operating systems are vulnerable t...

B2Bbuilder injection vulnerability+Exp+the default administrator account-vulnerability warning-the black bar safety net

The test version of the program is: B2Bbuilderv6. 6 http://www.site.com/?m=offer&s=offerlist&id=1 0 0 4+and%28select+1+from%28select+count%2 8%2 9%2Cconcat%2 8% 2 8 select+%28select+%28select+concat%280x27%2C0x7e%2Cb2bbuilderadmin. user,0x27,password %2C0x27%2C0x7e%2 9+from+%60b2bbuilder%6 0...

Cross-site Scripting (XSS) Vulnerabilities in Rating-Widget

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in Rating-Widget WordPress plugin which could be exploited to perform cross-site scripting attacks. 1 Cross-site scripting XSS vulnerabilities in Rating-Widget 1.1 The vulnerability exists due to input sanitation...

To bypass the'Access Denied'-a vulnerability warning-the black bar safety net

jackal registerglobals = On ? php $sqlcontent = "? PHP exit’Access Denied’; ?& gt;".$ p."\ n"; fileputcontents$logfile, $sqlcontent; ?& gt;exp-demo. php? logfile=php://filter/write=convert. base64-decode/resource=abc. php&p=aPD9waHAgcGhwaW5mbygpOy8vPz4= http://marc.info/?l=full-disclosure& ... 7...

iDEFENSE Security Advisory 04.12.05: Microsoft Windows Internet Explorer Long Hostname Heap Corruption Vulnerability

Microsoft Windows Internet Explorer Long Hostname Heap Corruption Vulnerability iDEFENSE Security Advisory 04.12.05 www.idefense.com/application/poi/display?id=229&type=vulnerabilities April 12, 2005 I. BACKGROUND Internet Explorer is a set of core technologies in Microsoft Windows operating...