CVE-2025-68924

In Umbraco UmbracoForms through 8.13.16, an authenticated attacker can supply a malicious WSDL aka Webservice URL as a data source for remote code execution...

SOAPwn: Pwning .NET Framework Applications through HTTP Client Proxies and WSDL

This is a whitepaper which supplements the BlackHat Europe 2025 presentation called "SOAPwn: Pwning .NET Framework Applications Through HTTP Client Proxies and WSDL". In this whitepaper, the author presents new exploitation sinks in .NET Framework, which may allow an attacker to achieve either...

CVE-2025-34393 Barracuda RMM < 2025.1.1 Service Center Insecure Reflection RCE

Barracuda Service Center, as implemented in the RMM solution, in versions prior to 2025.1.1, does not correctly verify the name of an attacker-controlled WSDL service, leading to insecure reflection. This can result in remote code execution through either invocation of arbitrary methods or...

Barracuda Service Center 安全漏洞

Barracuda Service Center is a service center software from Barracuda USA. A security vulnerability exists in Barracuda Service Center versions prior to 2025.1.1 that originates from a URL defined in a WSDL under the control of an unauthenticated attacker, which could lead to arbitrary file writin...