IR Trends Q1 2025: Phishing soars as identity-based attacks persist

Phishing attacks spiked this quarter as threat actors leveraged this method of initial access in half of all engagements, a vast increase from previous quarters. Conversely, the use of valid accounts for initial access was rarely seen this quarter, despite being the top observed method in 2024,...

Exploit for Unrestricted Upload of File with Dangerous Type in Boxbilling

CVE-2022-3552 In order to exploit the vulnerability in BoxBli...

CVE-2021-47664

Due to improper authentication mechanism an unauthenticated remote attacker can enumerate valid usernames...

CVE-2025-27927

An unauthenticated attackers can obtain a list of smart devices by knowing a valid username through an unprotected API...

CVE-2025-31941

An unauthenticated attacker can obtain a list of smart devices by knowing a valid username...

DEBIAN-CVE-2025-2291

Password can be used past expiry in PgBouncer due to authquery not taking into account Postgres its VALID UNTIL value, which allows an attacker to log in with an already expired password...

UBUNTU-CVE-2025-2291

Password can be used past expiry in PgBouncer due to authquery not taking into account Postgres its VALID UNTIL value, which allows an attacker to log in with an already expired password...

CVE-2025-20150 Cisco Nexus Dashboard Username Enumeration Vulnerability

A vulnerability in Cisco Nexus Dashboard could allow an unauthenticated, remote attacker to enumerate LDAP user accounts. This vulnerability is due to the improper handling of LDAP authentication requests. An attacker could exploit this vulnerability by sending authentication requests to an...

CVE-2025-27927

An unauthenticated attackers can obtain a list of smart devices by knowing a valid username through an unprotected API...

CVE-2025-27927

CVE-2025-27927 concerns Growatt Cloud Applications (Growatt Cloud portal). Connected sources describe a vulnerability where an unauthenticated attacker can determine a list of smart devices by querying an unprotected API using a valid username, indicating weak access control on user-oriented API ...

CVE-2025-31941

An unauthenticated attacker can obtain a list of smart devices by knowing a valid username...

CVE-2025-31941 Growatt Cloud portal Authorization Bypass Through User-Controlled Key

An unauthenticated attacker can obtain a list of smart devices by knowing a valid username...

📄 SilverStripe 5.3.8 Cross Site Scripting

SilverStripe version 5.34.8 suffers from a persistent cross site scripting vulnerability. Exploit Title: SilverStripe 5.3.8 - Stored Cross Site Scripting XSS Authenticated Date: 2025-01-15 Exploit Author: James Nicoll Vendor Homepage: https://www.silverstripe.org/ Software Link:...

CVE-2025-1782

In HylaFAX Enterprise Web Interface and AvantFAX, the language form element is not properly sanitized before being used and can be misused to include an arbitrary file in the PHP code allowing an attacker to do anything as the web server user. This flaw requires the attacker to be authenticated...

Exploit for Code Injection in Ispconfig

CVE-2023-46818-Exploit This is my own exploit for CVE-2023-468...

CVE-2025-22375

An authentication bypass vulnerability was found in Videx's CyberAudit-Web. Through the exploitation of a logic flaw, an attacker could create a valid session without any credentials. This vulnerability has been patched in versions later than 9.5 and a patch has been made available to all instanc...

CVE-2025-22375

Summary of CVE-2025-22375 (Videx CyberAudit-Web): A logic flaw in CyberAudit-Web allows an attacker to bypass authentication and obtain a valid session without credentials. This affects versions prior to 9.5; patches exist for all instances, including End of Maintenance (EOM) versions, and custom...

RubyGems: Memory leak in gem decode logic can allow attacker to take down Rubygems.org application

A memory leak vulnerability was discovered in the gem decode logic of the Rubygems.org application. The vulnerability allowed an attacker with a valid API key to set arbitrary instance variables during the decoding of gem metadata, which would cause the server to exhaust its memory. The issue was...

Malicious code in valid-ip-ban (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b8178b30a109e454369e72c1f8e3c53686457f2af96fee398ca102ad91681e92 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-3134 Malicious code in valid-ip-scope (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7465414603f3c8dda0d63ea47cec0337ce0286407a8c488100a46b5a78a5b49d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...