151 matches found
CVE-2025-26399 SolarWinds Web Help Desk Deserialization of Untrusted Data Privilege Escalation Vulnerability
SolarWinds Web Help Desk was found to be susceptible to an unauthenticated AjaxProxy deserialization remote code execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. This vulnerability is a patch bypass of CVE-2024-28988, which in turn is a patc...
CVE-2025-26399
SolarWinds Web Help Desk (WHD) is affected by CVE-2025-26399, an unauthenticated AjaxProxy deserialization vulnerability that enables remote code execution. This is a patch bypass of CVE-2024-28988 (and 2024-28986). In-the-wild activity and security guidance from Microsoft indicate unauthenticate...
CVE-2025-55732
Frappe is a full-stack web application framework. Prior to 15.74.2 and 14.96.15, an attacker could implement SQL injection through specially crafted requests, allowing malicious people to access sensitive information. This vulnerability is a bypass of the official patch released for CVE-2025-5289...
CVE-2025-55732 Frappe has the possibility of SQL Injection due to improper validations
Frappe is a full-stack web application framework. Prior to 15.74.2 and 14.96.15, an attacker could implement SQL injection through specially crafted requests, allowing malicious people to access sensitive information. This vulnerability is a bypass of the official patch released for CVE-2025-5289...
CVE-2025-55732 Frappe has the possibility of SQL Injection due to improper validations
Frappe is a full-stack web application framework. Prior to 15.74.2 and 14.96.15, an attacker could implement SQL injection through specially crafted requests, allowing malicious people to access sensitive information. This vulnerability is a bypass of the official patch released for CVE-2025-5289...
PT-2025-34075
Name of the Vulnerable Software and Affected Versions: Frappe versions prior to 15.74.2 Frappe versions prior to 14.96.15 Description: Frappe is a full-stack web application framework. Prior to versions 15.74.2 and 14.96.15, an attacker could implement SQL injection through specially crafted...
Microsoft Windows 10.0.19045 - NTLMv2 Hash Disclosure
Exploit Title: Microsoft Windows 10.0.19045 - NTLMv2 Hash Disclosure Date: 13/08/2025 Exploit Author: Ruben Enkaoua Author link: https://x.com/RubenLabs, https://github.com/rubenformation Original Blog: https://cymulate.com/blog/zero-click-one-ntlm-microsoft-security-patch-bypass-cve-2025-50154/...
Linux Distros Unpatched Vulnerability : CVE-2025-38001
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: netsched: hfsc: Address reentrant enqueue adding class to eltree twice Savino says: We are...
Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Microsoft
NTLM/SMB Hardening & Threat Hunt Toolkit Author: w01f...
CVE-2025-53770 - Zero-day exploitation in the wild of Microsoft SharePoint servers
Overview On Saturday July 19, 2025, Microsoft released an advisory for CVE-2025-53770, a critical Remote Code Execution RCE vulnerability affecting on-premise SharePoint servers. This vulnerability has been exploited in the wild as a zero-day by an unknown threat actor prior to the disclosure fro...
CVE-2025-49002
DataEase is an open source business intelligence and data visualization tool. Versions prior to version 2.10.10 have a flaw in the patch for CVE-2025-32966 that allow the patch to be bypassed through case insensitivity because INIT and RUNSCRIPT are prohibited. The vulnerability has been fixed in...
CVE-2025-49002
DataEase is an open source business intelligence and data visualization tool. Versions prior to version 2.10.10 have a flaw in the patch for CVE-2025-32966 that allow the patch to be bypassed through case insensitivity because INIT and RUNSCRIPT are prohibited. The vulnerability has been fixed in...
CVE-2025-49002
DataEase (open source BI/visualization) contains a vulnerability in versions prior to 2.10.10 where a patch for CVE-2025-32966 can be bypassed due to case-insensitive handling, specifically when INIT and RUNSCRIPT are prohibited. The issue is fixed in v2.10.10. A GitHub exploit post (DataEase_Pos...
CVE-2025-49002 Dataease H2 Database Remote Code Execution (RCE) Bypass Vulnerability
DataEase is an open source business intelligence and data visualization tool. Versions prior to version 2.10.10 have a flaw in the patch for CVE-2025-32966 that allow the patch to be bypassed through case insensitivity because INIT and RUNSCRIPT are prohibited. The vulnerability has been fixed in...
CVE-2025-48999
DataEase (open source BI/data viz) contains a vulnerability tied to CVE-2025-46566 bypassed in versions before 2.10.10. In a malicious payload, getUrlType() returns hostName; since the judgment is false, the code path is not filtered and the payload can be concatenated at the replace location to ...
CVE-2025-48998
DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.6, a bypass of the patch for CVE-2025-27103 allows authenticated users to read and deserialize arbitrary files through the background JDBC connection. The vulnerability has been fixed in v2.10.10. ...
CVE-2025-48998 Dataease MYSQL JDBC File Reading Vulnerability
DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.6, a bypass of the patch for CVE-2025-27103 allows authenticated users to read and deserialize arbitrary files through the background JDBC connection. The vulnerability has been fixed in v2.10.10. ...
PT-2025-23669 · Dataease · Dataease
Name of the Vulnerable Software and Affected Versions: DataEase versions prior to 2.10.10 Description: A bypass of the patch for a previous issue exists, allowing for the construction of a malicious JDBC statement. In a malicious payload, the getUrlType function retrieves the hostName. Since the...
Critical Veeam Backup & Replication CVE-2025-23120
Update Friday, March 28, 2025:Security researchers at CODE WHITE GmbH have noted on social media that it is possible to bypass the patch for CVE-2025-23120. Rapid7 has not directly confirmed the patch bypass, but we are relatively confident in the validity of the finding. Customers should ensure...
Patch bypass (Insufficient Patch) of CVE-2024-8736 leads to DoS
This report is not public...