A list of all named vulnerabilities, attack techniques and exploits. https://vulnerability.garden
(source: http://www.airmagnet.com/news/press_releases/2009/08252009.php) ]]> Mon, 27 Apr 2026 16:37:00 -0400 http://www.airmagnet.com/news/press_releases/2009/08252009.php /vulns/2026/2026-04-27-skyjack/
(source: http://pastebin.com/JBcih6wR) ]]> Mon, 27 Apr 2026 16:30:00 -0400 http://pastebin.com/JBcih6wR /vulns/2026/2026-04-27-escalateplowman/
(source: http://pastebin.com/JBcih6wR) ]]> Mon, 27 Apr 2026 16:26:00 -0400 http://pastebin.com/JBcih6wR /vulns/2026/2026-04-27-egregioiusblunder/
(source: https://shadowbrokers.tumblr.com/) ]]> Mon, 27 Apr 2026 16:17:00 -0400 https://shadowbrokers.tumblr.com/ /vulns/2026/2026-04-27-ebbisland/
(source: https://twitter.com/shadowbrokerss/status/764806012534030336) ]]> Mon, 27 Apr 2026 16:15:00 -0400 https://twitter.com/shadowbrokerss/status/764806012534030336 /vulns/2026/2026-04-27-benigncertain/
(source: https://shadowbrokers.tumblr.com/) ]]> Mon, 27 Apr 2026 16:11:00 -0400 https://shadowbrokers.tumblr.com/ /vulns/2026/2026-04-27-extremeparr/
(source: https://twitter.com/shadowbrokerss/status/764806012534030336) ]]> Mon, 27 Apr 2026 16:09:00 -0400 https://twitter.com/shadowbrokerss/status/764806012534030336 /vulns/2026/2026-04-27-epicbanana/
(source: https://twitter.com/shadowbrokerss/status/764806012534030336) ]]> Mon, 27 Apr 2026 15:57:00 -0400 https://twitter.com/shadowbrokerss/status/764806012534030336 /vulns/2026/2026-04-27-extrabacon/
(source: https://www.mimecast.com/blog/2017/08/introducing-the-ropemaker-email-exploit/) ]]> Mon, 27 Apr 2026 15:54:00 -0400 https://www.mimecast.com/blog/2017/08/introducing-the-ropemaker-email-exploit/ /vulns/2026/2026-04-27-ropemaker/
(source: https://trustedsec.com/blog/ekuwu-not-just-another-ad-cs-esc) ]]> Mon, 27 Apr 2026 15:50:00 -0400 https://trustedsec.com/blog/ekuwu-not-just-another-ad-cs-esc /vulns/2026/2026-04-27-ekuwu/
(source: https://www.forescout.com/blog/exploiting-serial-to-ethernet-converters-in-critical-infrastructure/) ]]> Fri, 24 Apr 2026 08:25:00 -0400 https://www.forescout.com/blog/exploiting-serial-to-ethernet-converters-in-critical-infrastructure/ /vulns/2026/2026-04-24-bridge-break/
(source: https://securelist.com/phantomrpc-rpc-vulnerability/119428/) ]]> Fri, 24 Apr 2026 08:22:00 -0400 https://securelist.com/phantomrpc-rpc-vulnerability/119428/ /vulns/2026/2026-04-24-phantomrpc/
(source: https://github.security.telekom.com/2026/04/pack2theroot-linux-local-privilege-escalation.html) ]]> Wed, 22 Apr 2026 21:04:00 -0400 https://github.security.telekom.com/2026/04/pack2theroot-linux-local-privilege-escalation.html /vulns/2026/2026-04-22-pack2theroot/
(source: https://medium.com/@iamkumarraj/godpotato-empowering-windows-privilege-escalation-techniques-400b88403a71) ]]> Wed, 22 Apr 2026 10:26:00 -0400 https://medium.com/@iamkumarraj/godpotato-empowering-windows-privilege-escalation-techniques-400b88403a71 /vulns/2026/2026-04-22-godpotato/
(source: https://www.thomashouhou.com/post/cookie-tossing-attacks/) ]]> Wed, 22 Apr 2026 10:15:00 -0400 https://www.thomashouhou.com/post/cookie-tossing-attacks/ /vulns/2026/2026-04-22-cookie-tossing/
(source: https://cloak-and-dagger.org) ]]> Wed, 22 Apr 2026 10:10:00 -0400 https://cloak-and-dagger.org /vulns/2026/2026-04-22-cloak-and-dagger/
(source: https://arxiv.org/pdf/2507.00847) ]]> Wed, 22 Apr 2026 10:04:00 -0400 https://arxiv.org/pdf/2507.00847 /vulns/2026/2026-04-22-stealtooth/
(source: https://dirtytooth.com) ]]> Wed, 22 Apr 2026 09:59:00 -0400 https://dirtytooth.com /vulns/2026/2026-04-22-dirtytooth/
(source: https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/) ]]> Wed, 22 Apr 2026 09:43:00 -0400 https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/ /vulns/2026/2026-04-22-rohnp/
(source: https://github.com/Ridter/noPac) ]]> Wed, 22 Apr 2026 09:36:00 -0400 https://github.com/Ridter/noPac /vulns/2026/2026-04-22-nopac/
(source: https://socket.dev/blog/slopsquatting-how-ai-hallucinations-are-fueling-a-new-class-of-supply-chain-attacks) ]]> Wed, 22 Apr 2026 01:11:00 -0400 https://socket.dev/blog/slopsquatting-how-ai-hallucinations-are-fueling-a-new-class-of-supply-chain-attacks /vulns/2026/2026-04-22-slopsquatting/
(source: https://sites.google.com/view/bluetoothvul/home) ]]> Wed, 22 Apr 2026 00:59:00 -0400 https://sites.google.com/view/bluetoothvul/home /vulns/2026/2026-04-22-badbluetooth/
(source: https://oddguan.com/blog/comment-and-control-prompt-injection-credential-theft-claude-code-gemini-cli-github-copilot/) ]]> Tue, 21 Apr 2026 13:30:00 -0400 https://oddguan.com/blog/comment-and-control-prompt-injection-credential-theft-claude-code-gemini-cli-github-copilot/ /vulns/2026/2026-04-21-comment-and-control/
(source: https://blog.zimperium.com/zimperium-zlabs-is-raising-the-volume-new-vulnerability-processing-mp3mp4-media/) ]]> Tue, 21 Apr 2026 09:11:00 -0400 https://blog.zimperium.com/zimperium-zlabs-is-raising-the-volume-new-vulnerability-processing-mp3mp4-media/ /vulns/2026/2026-04-21-stagefright-2/
(source: https://bbqand0days.com/Pork-Explosion-Unleashed/) ]]> Tue, 21 Apr 2026 09:06:00 -0400 https://bbqand0days.com/Pork-Explosion-Unleashed/ /vulns/2026/2026-04-21-pork-explosion/
(source: https://truesecdev.wordpress.com/2015/04/09/hidden-backdoor-api-to-root-privileges-in-apple-os-x/) ]]> Tue, 21 Apr 2026 08:58:00 -0400 https://truesecdev.wordpress.com/2015/04/09/hidden-backdoor-api-to-root-privileges-in-apple-os-x/ /vulns/2026/2026-04-21-rootpipe/
(source: https://poodlebleed.com) ]]> Tue, 21 Apr 2026 08:51:00 -0400 https://poodlebleed.com /vulns/2026/2026-04-21-poodlebleed/
(source: https://jakearchibald.com/2018/i-discovered-a-browser-bug/) ]]> Tue, 21 Apr 2026 08:00:00 -0400 https://jakearchibald.com/2018/i-discovered-a-browser-bug/ /vulns/2026/2026-04-21-wavethrough/
(source: http://www.checkpoint.com/quadrooter) ]]> Tue, 21 Apr 2026 00:59:00 -0400 http://www.checkpoint.com/quadrooter /vulns/2026/2026-04-21-quadrooter/
(source: https://bastille.net/research/vulnerabilities/sirenjack) ]]> Tue, 21 Apr 2026 00:51:00 -0400 https://bastille.net/research/vulnerabilities/sirenjack /vulns/2026/2026-04-21-sirenjack/
(source: https://stringbleed.github.io) ]]> Tue, 21 Apr 2026 00:45:00 -0400 https://stringbleed.github.io /vulns/2026/2026-04-21-stringbleed/
(source: https://ringroadbug.com) ]]> Tue, 21 Apr 2026 00:40:00 -0400 https://ringroadbug.com /vulns/2026/2026-04-21-ring-road/
(source: https://riddle.link) ]]> Tue, 21 Apr 2026 00:37:00 -0400 https://riddle.link /vulns/2026/2026-04-21-the-riddle/
(source: https://exploitbox.io/paper/Pwning-PHP-Mail-Function-For-Fun-And-RCE.html) ]]> Tue, 21 Apr 2026 00:29:00 -0400 https://exploitbox.io/paper/Pwning-PHP-Mail-Function-For-Fun-And-RCE.html /vulns/2026/2026-04-21-pwnscriptum/
(source: http://phwned.com/) ]]> Tue, 21 Apr 2026 00:02:00 -0400 http://phwned.com/ /vulns/2026/2026-04-21-phwned/
(source: http://notoken.pl/) ]]> Mon, 20 Apr 2026 23:59:00 -0400 http://notoken.pl/ /vulns/2026/2026-04-20-notoken/
(source: https://sc1.checkpoint.com/misfortune-cookie/index.html) ]]> Mon, 20 Apr 2026 23:55:00 -0400 https://sc1.checkpoint.com/misfortune-cookie/index.html /vulns/2026/2026-04-20-misfortune-cookie/
(source: https://www.tenable.com/security/research/tra-2016-12) ]]> Mon, 20 Apr 2026 23:51:00 -0400 https://www.tenable.com/security/research/tra-2016-12 /vulns/2026/2026-04-20-lobster/
(source: https://web.archive.org/web/20170519015240/http://ghostbutt.com/) ]]> Mon, 20 Apr 2026 23:43:00 -0400 https://web.archive.org/web/20170519015240/http://ghostbutt.com/ /vulns/2026/2026-04-20-ghostbutt/
(source: https://biterrant.io/) ]]> Mon, 20 Apr 2026 23:39:00 -0400 https://biterrant.io/ /vulns/2026/2026-04-20-biterrant/
(source: http://www.antbleed.com/) ]]> Mon, 20 Apr 2026 23:35:00 -0400 http://www.antbleed.com/ /vulns/2026/2026-04-20-antbleed/
(source: https://sadlock.org/) ]]> Mon, 20 Apr 2026 23:17:00 -0400 https://sadlock.org/ /vulns/2026/2026-04-20-sadlock/
(source: http://backronym.fail/) ]]> Mon, 20 Apr 2026 23:10:00 -0400 http://backronym.fail/ /vulns/2026/2026-04-20-backronym/
(source: https://www.straiker.ai/blog/nomshub-cursor-remote-tunneling-sandbox-breakout) ]]> Fri, 17 Apr 2026 12:25:00 -0400 https://www.straiker.ai/blog/nomshub-cursor-remote-tunneling-sandbox-breakout /vulns/2026/2026-04-17-nomshub/
(source: https://deadeclipse666.blogspot.com/2026/04/public-disclosure-response-for-cve-2026.html?m=1) ]]> Wed, 15 Apr 2026 23:55:00 -0400 https://deadeclipse666.blogspot.com/2026/04/public-disclosure-response-for-cve-2026.html?m=1 /vulns/2026/2026-04-16-redsun/
(source: https://www.capsulesecurity.io/blog-post/shareleak-taking-the-wheel-of-microsofts-copilot-studio-cve-2026-21520) ]]> Wed, 15 Apr 2026 23:10:00 -0400 https://www.capsulesecurity.io/blog-post/shareleak-taking-the-wheel-of-microsofts-copilot-studio-cve-2026-21520 /vulns/2026/2026-04-15-shareleak/
(source: https://www.capsulesecurity.io/blog-post/pipeleak-the-lead-that-stole-your-database-exploiting-salesforce-agentforce-with-indirect-prompt-injection) ]]> Wed, 15 Apr 2026 23:08:00 -0400 https://www.capsulesecurity.io/blog-post/pipeleak-the-lead-that-stole-your-database-exploiting-salesforce-agentforce-with-indirect-prompt-injection /vulns/2026/2026-04-15-pipeleak/
(source: https://pluto.security/blog/mcp-bug-nginx-security-vulnerability-cvss-9-8/) ]]> Wed, 15 Apr 2026 22:59:00 -0400 https://pluto.security/blog/mcp-bug-nginx-security-vulnerability-cvss-9-8/ /vulns/2026/2026-04-15-mcpwn/
(source: https://fabricked-attack.github.io) ]]> Wed, 15 Apr 2026 15:40:00 -0400 https://fabricked-attack.github.io /vulns/2026/2026-04-15-fabricked/
(source: https://arxiv.org/pdf/2403.03792) ]]> Sat, 11 Apr 2026 21:08:00 -0400 https://arxiv.org/pdf/2403.03792 /vulns/2026/2026-04-11-neural-exec/
(source: https://x.com/EfficiencyDOGE/status/1864357823163060316) ]]> Fri, 10 Apr 2026 00:46:00 -0400 https://x.com/EfficiencyDOGE/status/1864357823163060316 /vulns/2026/2026-04-10-dogereaper/
(source: https://blog.talosintelligence.com/revault-when-your-soc-turns-against-you/) ]]> Fri, 10 Apr 2026 00:36:00 -0400 https://blog.talosintelligence.com/revault-when-your-soc-turns-against-you/ /vulns/2026/2026-04-10-revault/
(source: https://cyata.ai/vault-fault/) ]]> Fri, 10 Apr 2026 00:30:00 -0400 https://cyata.ai/vault-fault/ /vulns/2026/2026-04-10-vault-fault/
(source: https://saltaformaggio.ece.gatech.edu/publications/oygenblik2025villainnet.pdf) ]]> Fri, 10 Apr 2026 00:26:00 -0400 https://saltaformaggio.ece.gatech.edu/publications/oygenblik2025villainnet.pdf /vulns/2026/2026-04-10-villainnet/
(source: https://www.microsoft.com/en-us/security/blog/2025/07/28/sploitlight-analyzing-a-spotlight-based-macos-tcc-vulnerability/) ]]> Fri, 10 Apr 2026 00:12:00 -0400 https://www.microsoft.com/en-us/security/blog/2025/07/28/sploitlight-analyzing-a-spotlight-based-macos-tcc-vulnerability/ /vulns/2026/2026-04-10-sploitlight/
(source: https://sites.google.com/view/alphachannelattack/home) ]]> Fri, 10 Apr 2026 00:06:00 -0400 https://sites.google.com/view/alphachannelattack/home /vulns/2026/2026-04-10-alphadog/
(source: https://potsolutions.net/the-g-door-microsoft-365-the-risk-of-unmanaged-google-doc-accounts/) ]]> Fri, 10 Apr 2026 00:03:00 -0400 https://potsolutions.net/the-g-door-microsoft-365-the-risk-of-unmanaged-google-doc-accounts/ /vulns/2026/2026-04-10-g-door/
(source: https://www.aim.security/lp/aim-labs-curxecute-blogpost) ]]> Thu, 09 Apr 2026 23:58:00 -0400 https://www.aim.security/lp/aim-labs-curxecute-blogpost /vulns/2026/2026-04-09-curxecute/
(source: https://securityboulevard.com/2026/04/react2dos-cve-2026-23869-when-the-flight-protocol-crashes-at-takeoff/) ]]> Thu, 09 Apr 2026 23:30:00 -0400 https://securityboulevard.com/2026/04/react2dos-cve-2026-23869-when-the-flight-protocol-crashes-at-takeoff/ /vulns/2026/2026-04-09-react2dos/
(source: https://www.rc4nomore.com) ]]> Thu, 09 Apr 2026 15:15:00 -0400 https://www.rc4nomore.com /vulns/2026/2026-04-09-rc4-nomore/
(source: https://archive.hack.lu/2014/Hacklu2014_offline_bruteforce_attack_on_wps.pdf) ]]> Thu, 09 Apr 2026 15:10:00 -0400 https://archive.hack.lu/2014/Hacklu2014_offline_bruteforce_attack_on_wps.pdf /vulns/2026/2026-04-09-pixie-dust/
(source: https://arxiv.org/pdf/1802.09085) ]]> Thu, 09 Apr 2026 15:08:00 -0400 https://arxiv.org/pdf/1802.09085 /vulns/2026/2026-04-09-sgxpectre/
(source: https://www.vusec.net/projects/anc/) ]]> Thu, 09 Apr 2026 15:02:00 -0400 https://www.vusec.net/projects/anc/ /vulns/2026/2026-04-09-evict-time/
(source: https://www.airtightnetworks.com/WPA2-Hole196) ]]> Thu, 09 Apr 2026 14:38:00 -0400 https://www.airtightnetworks.com/WPA2-Hole196 /vulns/2026/2026-04-09-hole196/
(source: https://arxiv.org/pdf/1711.08002) ]]> Thu, 09 Apr 2026 13:47:00 -0400 https://arxiv.org/pdf/1711.08002 /vulns/2026/2026-04-09-memjam/
(source: https://httpoxy.org) ]]> Thu, 09 Apr 2026 13:38:00 -0400 https://httpoxy.org /vulns/2026/2026-04-09-httpoxy/
(source: https://noma.security/blog/dockerdash-two-attack-paths-one-ai-supply-chain-crisis/) ]]> Wed, 08 Apr 2026 09:48:00 -0400 https://noma.security/blog/dockerdash-two-attack-paths-one-ai-supply-chain-crisis/ /vulns/2026/2026-04-08-dockerdash/
(source: https://noma.security/blog/grafana-ghost/) ]]> Wed, 08 Apr 2026 09:46:00 -0400 https://noma.security/blog/grafana-ghost/ /vulns/2026/2026-04-08-grafanaghost/
(source: https://deadeclipse666.blogspot.com/2026/04/public-disclosure.html) ]]> Wed, 08 Apr 2026 09:40:00 -0400 https://deadeclipse666.blogspot.com/2026/04/public-disclosure.html /vulns/2026/2026-04-08-bluehammer/
(source: https://gpuhammer.com) ]]> Wed, 08 Apr 2026 09:20:00 -0400 https://gpuhammer.com /vulns/2026/2026-04-08-gpuhammer/
(source: https://gddr.fail) ]]> Wed, 08 Apr 2026 09:16:00 -0400 https://gddr.fail /vulns/2026/2026-04-08-geforge/
(source: https://gddr.fail) ]]> Wed, 08 Apr 2026 09:10:00 -0400 https://gddr.fail /vulns/2026/2026-04-08-gddrhammer/
(source: https://gpubreach.ca) ]]> Wed, 08 Apr 2026 09:04:00 -0400 https://gpubreach.ca /vulns/2026/2026-04-08-gpubreach/
(source: https://secureannex.com/blog/prompt-poaching/) ]]> Sun, 29 Mar 2026 12:58:00 -0400 https://secureannex.com/blog/prompt-poaching/ /vulns/2026/2026-03-29-prompt-poaching/
(source: https://www.koi.ai/blog/open-sesame-how-a-fail-open-bug-in-open-vsxs-new-scanner-let-malware-walk-right-in) ]]> Sat, 28 Mar 2026 23:28:00 -0400 https://www.koi.ai/blog/open-sesame-how-a-fail-open-bug-in-open-vsxs-new-scanner-let-malware-walk-right-in /vulns/2026/2026-03-28-open-sesame/
(source: https://www.reversinglabs.com/blog/rl-identifies-malware-ml-model-hosted-on-hugging-face) ]]> Sat, 28 Mar 2026 23:26:00 -0400 https://www.reversinglabs.com/blog/rl-identifies-malware-ml-model-hosted-on-hugging-face /vulns/2026/2026-03-28-nullifai/
(source: https://www.radware.com/blog/threat-intelligence/zombieagent/) ]]> Sat, 28 Mar 2026 23:21:00 -0400 https://www.radware.com/blog/threat-intelligence/zombieagent/ /vulns/2026/2026-03-28-zombieagent/
(source: https://bishopfox.com/blog/strongswan-cve-2026-25075-integer-underflow-in-vpn-authentication) ]]> Thu, 26 Mar 2026 22:41:00 -0400 https://bishopfox.com/blog/strongswan-cve-2026-25075-integer-underflow-in-vpn-authentication /vulns/2026/2026-03-26-strongswan/
(source: https://www.koi.ai/blog/shadowprompt-how-any-website-could-have-hijacked-anthropic-claude-chrome-extension) ]]> Thu, 26 Mar 2026 16:06:00 -0400 https://www.koi.ai/blog/shadowprompt-how-any-website-could-have-hijacked-anthropic-claude-chrome-extension /vulns/2026/2026-03-26-shadowprompt/
(source: https://v4bel.github.io/linux/2026/03/23/ooc.html) ]]> Thu, 26 Mar 2026 12:14:00 -0400 https://v4bel.github.io/linux/2026/03/23/ooc.html /vulns/2026/2026-03-26-out-of-cancel/
(source: https://dl.acm.org/doi/pdf/10.1145/3719027.3765123) ]]> Thu, 26 Mar 2026 08:45:00 -0400 https://dl.acm.org/doi/pdf/10.1145/3719027.3765123 /vulns/2026/2026-03-26-badaml/
(source: https://www.cyberark.com/resources/threat-research-blog/c4-bomb-blowing-up-chromes-appbound-cookie-encryption) ]]> Wed, 25 Mar 2026 10:27:00 -0400 https://www.cyberark.com/resources/threat-research-blog/c4-bomb-blowing-up-chromes-appbound-cookie-encryption /vulns/2026/2026-03-25-c4-attack/
(source: https://cloud.google.com/blog/topics/threat-intelligence/dprk-adopts-etherhiding) ]]> Wed, 25 Mar 2026 10:20:00 -0400 https://cloud.google.com/blog/topics/threat-intelligence/dprk-adopts-etherhiding /vulns/2026/2026-03-25-etherhiding/
(source: https://www.varonis.com/blog/bidi-swap) ]]> Wed, 25 Mar 2026 10:16:00 -0400 https://www.varonis.com/blog/bidi-swap /vulns/2026/2026-03-25-bidi-swap/
(source: https://www.semperis.com/blog/golden-dmsa-what-is-dmsa-authentication-bypass/) ]]> Wed, 25 Mar 2026 10:14:00 -0400 https://www.semperis.com/blog/golden-dmsa-what-is-dmsa-authentication-bypass/ /vulns/2026/2026-03-25-golden-dmsa/
(source: https://pwner.gg/blog/2025-08-13-fortiweb-cve-2025-52970) ]]> Wed, 25 Mar 2026 10:11:00 -0400 https://pwner.gg/blog/2025-08-13-fortiweb-cve-2025-52970 /vulns/2026/2026-03-25-fortmajeure/
(source: https://www.hacktron.ai/blog/supapwn) ]]> Wed, 25 Mar 2026 10:09:00 -0400 https://www.hacktron.ai/blog/supapwn /vulns/2026/2026-03-25-supapwn/
(source: https://cyata.ai/blog/langgrinch-langchain-core-cve-2025-68664/) ]]> Wed, 25 Mar 2026 10:02:00 -0400 https://cyata.ai/blog/langgrinch-langchain-core-cve-2025-68664/ /vulns/2026/2026-03-25-langgrinch/
(source: https://ginnoslab.org/2019/09/21/wibattack-vulnerability-in-wib-sim-browser-can-let-attackers-globally-take-control-of-hundreds-of-millions-of-the-victim-mobile-phones-worldwide-to-make-a-phone-call-send-sms-to-any-phone-numbers/) ]]> Tue, 24 Mar 2026 01:18:00 -0400 https://ginnoslab.org/2019/09/21/wibattack-vulnerability-in-wib-sim-browser-can-let-attackers-globally-take-control-of-hundreds-of-millions-of-the-victim-mobile-phones-worldwide-to-make-a-phone-call-send-sms-to-any-phone-numbers/ /vulns/2026/2026-03-24-wibattack/
(source: https://www.heise.de/en/news/Critical-security-vulnerability-in-Citrix-Gateway-and-Netscaler-ADC-11221853.html) ]]> Mon, 23 Mar 2026 22:15:00 -0400 https://www.heise.de/en/news/Critical-security-vulnerability-in-Citrix-Gateway-and-Netscaler-ADC-11221853.html /vulns/2026/2026-03-23-citrixbleed-3/
(source: https://www.akamai.com/blog/security-research/2026/mar/cve-2026-31979-symlink-root-privilege-escalation-himmelblau) ]]> Mon, 23 Mar 2026 10:38:00 -0400 https://www.akamai.com/blog/security-research/2026/mar/cve-2026-31979-symlink-root-privilege-escalation-himmelblau /vulns/2026/2026-03-23-the-symlink-trap/
(source: https://www.youtube.com/watch?v=rPTifU1lG7Q) ]]> Mon, 23 Mar 2026 10:15:00 -0400 https://www.youtube.com/watch?v=rPTifU1lG7Q /vulns/2026/2026-03-23-tlbfail/ Mon, 23 Mar 2026 10:14:00 -0400 https://vulnerability.garden /vulns/2026/2026-03-23-landa/ Mon, 23 Mar 2026 10:12:00 -0400 https://vulnerability.garden /vulns/2026/2026-03-23-smith/
(source: https://www.youtube.com/watch?v=rPTifU1lG7Q) ]]> Mon, 23 Mar 2026 10:10:00 -0400 https://www.youtube.com/watch?v=rPTifU1lG7Q /vulns/2026/2026-03-23-badrecovery/
(source: https://github.com/felix-pb/kfd/blob/main/writeups/physpuppet.md) ]]> Mon, 23 Mar 2026 10:08:00 -0400 https://github.com/felix-pb/kfd/blob/main/writeups/physpuppet.md /vulns/2026/2026-03-23-physpuppet/
(source: https://www.youtube.com/watch?v=rPTifU1lG7Q) ]]> Mon, 23 Mar 2026 10:02:00 -0400 https://www.youtube.com/watch?v=rPTifU1lG7Q /vulns/2026/2026-03-23-oobpci/
(source: https://cpdos.org/) ]]> Mon, 23 Mar 2026 09:53:00 -0400 https://cpdos.org/ /vulns/2026/2026-03-23-cpdos/
(source: https://www.usenix.org/conference/usenixsecurity14/technical-sessions/presentation/yarom) ]]> Mon, 23 Mar 2026 09:46:00 -0400 https://www.usenix.org/conference/usenixsecurity14/technical-sessions/presentation/yarom /vulns/2026/2026-03-23-flush-reload/
(source: https://mlq.me/download/takeaway.pdf) ]]> Mon, 23 Mar 2026 09:43:00 -0400 https://mlq.me/download/takeaway.pdf /vulns/2026/2026-03-23-collide-probe/
(source: https://minerva.crocs.fi.muni.cz/) ]]> Mon, 23 Mar 2026 09:22:00 -0400 https://minerva.crocs.fi.muni.cz/ /vulns/2026/2026-03-23-minerva/
(source: https://rampageattack.com/) ]]> Mon, 23 Mar 2026 09:20:00 -0400 https://rampageattack.com/ /vulns/2026/2026-03-23-rampage/
(source: https://www.tacitosecurity.com/multihit.html) ]]> Mon, 23 Mar 2026 09:14:00 -0400 https://www.tacitosecurity.com/multihit.html /vulns/2026/2026-03-23-itlb-multihit/
(source: https://initblog.com/2019/dirty-sock/) ]]> Mon, 23 Mar 2026 09:12:00 -0400 https://initblog.com/2019/dirty-sock/ /vulns/2026/2026-03-23-dirty-sock/
(source: https://thunderclap.io/) ]]> Mon, 23 Mar 2026 09:05:00 -0400 https://thunderclap.io/ /vulns/2026/2026-03-23-thunderclap/
(source: https://www.jasadvisors.com/jasbug-high-risk-security-vulnerability-discovered-by-jas-global-advisors/) ]]> Mon, 23 Mar 2026 09:04:00 -0400 https://www.jasadvisors.com/jasbug-high-risk-security-vulnerability-discovered-by-jas-global-advisors/ /vulns/2026/2026-03-23-jasbug/
(source: https://www.usenix.org/conference/usenixsecurity21/presentation/shusterman) ]]> Mon, 23 Mar 2026 08:59:00 -0400 https://www.usenix.org/conference/usenixsecurity21/presentation/shusterman /vulns/2026/2026-03-23-prime-probe/
(source: https://www.usenix.org/conference/usenixsecurity19/presentation/islam) ]]> Mon, 23 Mar 2026 08:55:00 -0400 https://www.usenix.org/conference/usenixsecurity19/presentation/islam /vulns/2026/2026-03-23-spoiler/
(source: https://www.usenix.org/conference/usenixsecurity20/presentation/afek) ]]> Mon, 23 Mar 2026 08:51:00 -0400 https://www.usenix.org/conference/usenixsecurity20/presentation/afek /vulns/2026/2026-03-23-nxnsattack/
(source: https://zenity.io/blog/research/zapescape-organization-wide-control-over-code-by-zapier) ]]> Mon, 23 Mar 2026 08:47:00 -0400 https://zenity.io/blog/research/zapescape-organization-wide-control-over-code-by-zapier /vulns/2026/2026-03-23-zapescape/
(source: https://www.cyera.com/research/ni8mare-unauthenticated-remote-code-execution-in-n8n-cve-2026-21858) ]]> Mon, 23 Mar 2026 08:24:00 -0400 https://www.cyera.com/research/ni8mare-unauthenticated-remote-code-execution-in-n8n-cve-2026-21858 /vulns/2026/2026-03-23-ni8mare/
(source: https://dl.acm.org/doi/10.1145/3576915.3616661) ]]> Mon, 23 Mar 2026 08:00:00 -0400 https://dl.acm.org/doi/10.1145/3576915.3616661 /vulns/2026/2026-03-23-tilemask/
(source: https://wiretap.fail/) ]]> Sun, 22 Mar 2026 08:25:00 -0400 https://wiretap.fail/ /vulns/2026/2026-03-22-wiretap-fail/
(source: https://tee.fail/) ]]> Sun, 22 Mar 2026 08:24:00 -0400 https://tee.fail/ /vulns/2026/2026-03-22-tee-fail/
(source: https://ecc.fail/) ]]> Sun, 22 Mar 2026 08:21:00 -0400 https://ecc.fail/ /vulns/2026/2026-03-22-ecc-fail/
(source: https://sgx.fail/) ]]> Sun, 22 Mar 2026 08:11:00 -0400 https://sgx.fail/ /vulns/2026/2026-03-22-sgx-fail/
(source: https://decoder.cloud/2024/04/24/hello-im-your-domain-admin-and-i-want-to-authenticate-against-you/) ]]> Sun, 22 Mar 2026 08:00:00 -0400 https://decoder.cloud/2024/04/24/hello-im-your-domain-admin-and-i-want-to-authenticate-against-you/ /vulns/2026/2026-03-22-silverpotato/
(source: https://comsec.ethz.ch/research/microarch/inception/) ]]> Sat, 21 Mar 2026 20:39:00 -0400 https://comsec.ethz.ch/research/microarch/inception/ /vulns/2026/2026-03-21-phantom-speculation/
(source: https://media.ccc.de/v/37c3-11859-operation_triangulation_what_you_get_when_attack_iphones_of_researchers) ]]> Sat, 21 Mar 2026 18:33:00 -0400 https://media.ccc.de/v/37c3-11859-operation_triangulation_what_you_get_when_attack_iphones_of_researchers /vulns/2026/2026-03-21-dmafail/
(source: https://www.ox.security/blog/freescout-rce-cve-2026-28289/) ]]> Sat, 21 Mar 2026 09:33:00 -0400 https://www.ox.security/blog/freescout-rce-cve-2026-28289/ /vulns/2026/2026-03-21-mail2shell/
(source: https://exploiter.dev/blog/2022/CVE-2022-2602.html) ]]> Fri, 20 Mar 2026 21:40:00 -0400 https://exploiter.dev/blog/2022/CVE-2022-2602.html /vulns/2026/2026-03-20-dirtycred-remastered/
(source: https://a13xp0p0v.github.io/2021/02/09/CVE-2021-26708.html) ]]> Fri, 20 Mar 2026 21:39:00 -0400 https://a13xp0p0v.github.io/2021/02/09/CVE-2021-26708.html /vulns/2026/2026-03-20-four-bytes-of-power/
(source: https://www.armis.com/research/nat-slipstreaming-v2-0/) ]]> Fri, 20 Mar 2026 15:39:00 -0400 https://www.armis.com/research/nat-slipstreaming-v2-0/ /vulns/2026/2026-03-20-nat-slipstreaming-2/
(source: https://sa.my/slipstream/) ]]> Fri, 20 Mar 2026 15:35:00 -0400 https://sa.my/slipstream/ /vulns/2026/2026-03-20-nat-slipstreaming/
(source: https://towelroot.com) ]]> Fri, 20 Mar 2026 10:52:00 -0400 https://towelroot.com /vulns/2026/2026-03-20-towelroot/
(source: https://blog.zimperium.com/doubledirect-zimperium-discovers-full-duplex-icmp-redirect-attacks-in-the-wild/) ]]> Fri, 20 Mar 2026 10:47:00 -0400 https://blog.zimperium.com/doubledirect-zimperium-discovers-full-duplex-icmp-redirect-attacks-in-the-wild/ /vulns/2026/2026-03-20-doubledirect/
(source: https://research.checkpoint.com/2017/beware-bashware-new-method-malware-bypass-security-solutions/) ]]> Fri, 20 Mar 2026 10:41:00 -0400 https://research.checkpoint.com/2017/beware-bashware-new-method-malware-bypass-security-solutions/ /vulns/2026/2026-03-20-bashware/
(source: https://privacy4cars.com/can-my-car-be-hacked/default.aspx) ]]> Fri, 20 Mar 2026 10:36:00 -0400 https://privacy4cars.com/can-my-car-be-hacked/default.aspx /vulns/2026/2026-03-20-carsblues/
(source: https://www.tenable.com/blog/cloudimposer-executing-code-on-millions-of-google-servers-with-a-single-malicious-package) ]]> Fri, 20 Mar 2026 10:32:00 -0400 https://www.tenable.com/blog/cloudimposer-executing-code-on-millions-of-google-servers-with-a-single-malicious-package /vulns/2026/2026-03-20-cloudimposer/
(source: https://arxiv.org/pdf/1808.10250v1) ]]> Fri, 20 Mar 2026 10:31:00 -0400 https://arxiv.org/pdf/1808.10250v1 /vulns/2026/2026-03-20-sonarsnoop/
(source: http://cybellum.com/doubleagentzero-day-code-injection-and-persistence-technique/) ]]> Fri, 20 Mar 2026 10:28:00 -0400 http://cybellum.com/doubleagentzero-day-code-injection-and-persistence-technique/ /vulns/2026/2026-03-20-doubleagent/
(source: https://www.usenix.org/system/files/usenixsecurity25-draschbacher.pdf) ]]> Fri, 20 Mar 2026 10:20:00 -0400 https://www.usenix.org/system/files/usenixsecurity25-draschbacher.pdf /vulns/2026/2026-03-20-choicejacking/
(source: https://www.avanan.com/resources/zerofont-phishing-attack) ]]> Fri, 20 Mar 2026 10:16:00 -0400 https://www.avanan.com/resources/zerofont-phishing-attack /vulns/2026/2026-03-20-zerofont/
(source: http://blacknurse.dk/) ]]> Fri, 20 Mar 2026 10:11:00 -0400 http://blacknurse.dk/ /vulns/2026/2026-03-20-blacknurse/
(source: https://www.varonis.com/blog/outlook-add-in-exfiltration?wvideo=vzydyz0z9s) ]]> Fri, 20 Mar 2026 10:05:00 -0400 https://www.varonis.com/blog/outlook-add-in-exfiltration?wvideo=vzydyz0z9s /vulns/2026/2026-03-20-exfil-out-and-look/
(source: https://dnsbomb.net) ]]> Fri, 20 Mar 2026 09:58:00 -0400 https://dnsbomb.net /vulns/2026/2026-03-20-dnsbomb/
(source: https://pushsecurity.com/blog/phishing-with-active-directory-federation-services/) ]]> Fri, 20 Mar 2026 09:57:00 -0400 https://pushsecurity.com/blog/phishing-with-active-directory-federation-services/ /vulns/2026/2026-03-20-adfsjacking/
(source: https://www.securityjoes.com/post/process-mockingjay-echoing-rwx-in-userland-to-achieve-code-execution) ]]> Fri, 20 Mar 2026 09:53:00 -0400 https://www.securityjoes.com/post/process-mockingjay-echoing-rwx-in-userland-to-achieve-code-execution /vulns/2026/2026-03-20-mockingjay/
(source: https://embracethered.com/blog/posts/2024/chatgpt-macos-app-persistent-data-exfiltration/) ]]> Fri, 20 Mar 2026 09:51:00 -0400 https://embracethered.com/blog/posts/2024/chatgpt-macos-app-persistent-data-exfiltration/ /vulns/2026/2026-03-20-spaiware/
(source: https://www.cequence.ai/blog/cq-prime-threat-research/prying-eye-vulnerability-direct-to-api-enumeration-attack-enables-snooping/) ]]> Fri, 20 Mar 2026 09:48:00 -0400 https://www.cequence.ai/blog/cq-prime-threat-research/prying-eye-vulnerability-direct-to-api-enumeration-attack-enables-snooping/ /vulns/2026/2026-03-20-prying-eye/
(source: https://www.fireeye.com/blog/technical/cyber-exploits/2014/11/masque-attack-all-your-ios-apps-belong-to-us.html) ]]> Fri, 20 Mar 2026 09:46:00 -0400 https://www.fireeye.com/blog/technical/cyber-exploits/2014/11/masque-attack-all-your-ios-apps-belong-to-us.html /vulns/2026/2026-03-20-masque-attack/
(source: https://www.deepinstinct.com/blog/nofilter-abusing-windows-filtering-platform-for-privilege-escalation) ]]> Fri, 20 Mar 2026 09:42:00 -0400 https://www.deepinstinct.com/blog/nofilter-abusing-windows-filtering-platform-for-privilege-escalation /vulns/2026/2026-03-20-nofilter/
(source: https://checkmarx.com/blog/starjacking-making-your-new-open-source-package-popular-in-a-snap/) ]]> Fri, 20 Mar 2026 09:35:00 -0400 https://checkmarx.com/blog/starjacking-making-your-new-open-source-package-popular-in-a-snap/ /vulns/2026/2026-03-20-starjacking/
(source: https://blogs.jpcert.or.jp/en/2023/08/maldocinpdf.html) ]]> Fri, 20 Mar 2026 09:32:00 -0400 https://blogs.jpcert.or.jp/en/2023/08/maldocinpdf.html /vulns/2026/2026-03-20-maldoc-in-pdf/
(source: https://www.hiddenlayer.com/research/echogram-the-hidden-vulnerability-undermining-ai-guardrails) ]]> Fri, 20 Mar 2026 09:27:00 -0400 https://www.hiddenlayer.com/research/echogram-the-hidden-vulnerability-undermining-ai-guardrails /vulns/2026/2026-03-20-echogram/
(source: https://portswigger.net/research/stealing-httponly-cookies-with-the-cookie-sandwich-technique) ]]> Fri, 20 Mar 2026 09:25:00 -0400 https://portswigger.net/research/stealing-httponly-cookies-with-the-cookie-sandwich-technique /vulns/2026/2026-03-20-cookie-sandwich/
(source: https://sansec.io/research/magento-polyshell) ]]> Fri, 20 Mar 2026 09:20:00 -0400 https://sansec.io/research/magento-polyshell /vulns/2026/2026-03-20-polyshell/
(source: https://trustedsec.com/blog/full-disclosure-a-third-and-fourth-azure-sign-in-log-bypass-found) ]]> Fri, 20 Mar 2026 09:16:00 -0400 https://trustedsec.com/blog/full-disclosure-a-third-and-fourth-azure-sign-in-log-bypass-found /vulns/2026/2026-03-20-graphvulns/
(source: https://www.cyberark.com/resources/threat-research-blog/ghosthook-bypassing-patchguard-with-processor-trace-based-hooking) ]]> Thu, 19 Mar 2026 22:24:00 -0400 https://www.cyberark.com/resources/threat-research-blog/ghosthook-bypassing-patchguard-with-processor-trace-based-hooking /vulns/2026/2026-03-19-ghosthook/
(source: https://blog.ensilo.com/atombombing-a-code-injection-that-bypasses-current-security-solutions) ]]> Thu, 19 Mar 2026 22:14:00 -0400 https://blog.ensilo.com/atombombing-a-code-injection-that-bypasses-current-security-solutions /vulns/2026/2026-03-19-atombombing/
(source: https://www.fortinet.com/blog/threat-research/turning-page-tables-bypassing-kerne-mitigations-successfully-escalate-privileges) ]]> Thu, 19 Mar 2026 22:09:00 -0400 https://www.fortinet.com/blog/threat-research/turning-page-tables-bypassing-kerne-mitigations-successfully-escalate-privileges /vulns/2026/2026-03-19-turning-page-tables/
(source: https://teamwin.in/hashjack-new-attack-technique-tricks-ai-browsers-using-a-simple/) ]]> Thu, 19 Mar 2026 22:02:00 -0400 https://teamwin.in/hashjack-new-attack-technique-tricks-ai-browsers-using-a-simple/ /vulns/2026/2026-03-19-hashjack/
(source: https://www.avanan.com/resources/basestriker-vulnerability-office-365) ]]> Thu, 19 Mar 2026 22:00:00 -0400 https://www.avanan.com/resources/basestriker-vulnerability-office-365 /vulns/2026/2026-03-19-basestriker/
(source: https://github.com/dxa4481/Pastejacking) ]]> Thu, 19 Mar 2026 21:56:00 -0400 https://github.com/dxa4481/Pastejacking /vulns/2026/2026-03-19-pastejacking/
(source: https://www.praetorian.com/blog/ghost-calls-abusing-web-conferencing-for-covert-command-control-part-1-of-2/) ]]> Thu, 19 Mar 2026 21:53:00 -0400 https://www.praetorian.com/blog/ghost-calls-abusing-web-conferencing-for-covert-command-control-part-1-of-2/ /vulns/2026/2026-03-19-ghost-calls/
(source: https://checkmarx.com/zero-post/bypassing-ai-agent-defenses-with-lies-in-the-loop/) ]]> Thu, 19 Mar 2026 21:46:00 -0400 https://checkmarx.com/zero-post/bypassing-ai-agent-defenses-with-lies-in-the-loop/ /vulns/2026/2026-03-19-lies-in-the-loop/
(source: https://www.varonis.com/blog/cookie-bite) ]]> Thu, 19 Mar 2026 21:30:00 -0400 https://www.varonis.com/blog/cookie-bite /vulns/2026/2026-03-19-cookie-bite/
(source: https://www.enea.com/info/simjacker/) ]]> Thu, 19 Mar 2026 21:22:00 -0400 https://www.enea.com/info/simjacker/ /vulns/2026/2026-03-19-simjacker/
(source: https://www.mousejack.com/mousejack) ]]> Thu, 19 Mar 2026 21:06:00 -0400 https://www.mousejack.com/mousejack /vulns/2026/2026-03-19-mousejack/
(source: https://www.varonis.com/blog/counter-strike-servicenow) ]]> Thu, 19 Mar 2026 20:59:00 -0400 https://www.varonis.com/blog/counter-strike-servicenow /vulns/2026/2026-03-19-counter-strike/
(source: https://aireye.tech/2021/09/13/the-ssid-stripping-vulnerability-when-you-dont-see-what-you-get/) ]]> Thu, 19 Mar 2026 20:55:00 -0400 https://aireye.tech/2021/09/13/the-ssid-stripping-vulnerability-when-you-dont-see-what-you-get/ /vulns/2026/2026-03-19-ssid-stripping/
(source: https://arxiv.org/pdf/2501.11848) ]]> Thu, 19 Mar 2026 20:52:00 -0400 https://arxiv.org/pdf/2501.11848 /vulns/2026/2026-03-19-fedmua/
(source: https://arxiv.org/pdf/2403.13018) ]]> Thu, 19 Mar 2026 20:48:00 -0400 https://arxiv.org/pdf/2403.13018 /vulns/2026/2026-03-19-deba/
(source: https://www.safebreach.com/blog/win-dos-epidemic-abusing-rpc-for-dos-and-ddos/) ]]> Thu, 19 Mar 2026 20:43:00 -0400 https://www.safebreach.com/blog/win-dos-epidemic-abusing-rpc-for-dos-and-ddos/ /vulns/2026/2026-03-19-win-ddos/
(source: https://www.usenix.org/conference/usenixsecurity23/presentation/xia) ]]> Thu, 19 Mar 2026 20:38:00 -0400 https://www.usenix.org/conference/usenixsecurity23/presentation/xia /vulns/2026/2026-03-19-nuit/
(source: https://www.oasis.security/blog/oasis-security-research-team-discovers-microsoft-azure-mfa-bypass) ]]> Thu, 19 Mar 2026 20:36:00 -0400 https://www.oasis.security/blog/oasis-security-research-team-discovers-microsoft-azure-mfa-bypass /vulns/2026/2026-03-19-authquake/
(source: https://www.crowdstrike.com/en-us/blog/owassrf-exploit-analysis-and-recommendations/) ]]> Thu, 19 Mar 2026 20:30:00 -0400 https://www.crowdstrike.com/en-us/blog/owassrf-exploit-analysis-and-recommendations/ /vulns/2026/2026-03-19-owassrf/
(source: https://www.varonis.com/blog/reprompt) ]]> Thu, 19 Mar 2026 20:28:00 -0400 https://www.varonis.com/blog/reprompt /vulns/2026/2026-03-19-reprompt/
(source: https://www.oasis.security/blog/claude-ai-prompt-injection-data-exfiltration-vulnerability) ]]> Thu, 19 Mar 2026 20:25:00 -0400 https://www.oasis.security/blog/claude-ai-prompt-injection-data-exfiltration-vulnerability /vulns/2026/2026-03-19-claudy-day/
(source: https://eyalro.net/project/cat.html) ]]> Thu, 19 Mar 2026 20:18:00 -0400 https://eyalro.net/project/cat.html /vulns/2026/2026-03-19-bleichenbachers-cat/
(source: http://ccsinjection.lepidum.co.jp/) ]]> Thu, 19 Mar 2026 20:08:00 -0400 http://ccsinjection.lepidum.co.jp/ /vulns/2026/2026-03-19-ccs-injection/
(source: https://google.github.io/security-research/pocs/linux/bleedingtooth/writeup.html#badchoice-stack-based-information-leak-cve-2020-12352) ]]> Wed, 18 Mar 2026 21:34:00 -0400 https://google.github.io/security-research/pocs/linux/bleedingtooth/writeup.html#badchoice-stack-based-information-leak-cve-2020-12352 /vulns/2026/2026-03-18-badchoice/
(source: https://google.github.io/security-research/pocs/linux/bleedingtooth/writeup.html#badkarma-heap-based-type-confusion-cve-2020-12351) ]]> Wed, 18 Mar 2026 21:33:00 -0400 https://google.github.io/security-research/pocs/linux/bleedingtooth/writeup.html#badkarma-heap-based-type-confusion-cve-2020-12351 /vulns/2026/2026-03-18-badkarma/
(source: https://google.github.io/security-research/pocs/linux/bleedingtooth/writeup.html#badvibes-heap-based-buffer-overflow-cve-2020-24490) ]]> Wed, 18 Mar 2026 21:31:00 -0400 https://google.github.io/security-research/pocs/linux/bleedingtooth/writeup.html#badvibes-heap-based-buffer-overflow-cve-2020-24490 /vulns/2026/2026-03-18-badvibes/
(source: https://promon.io/security-news/the-strandhogg-vulnerability) ]]> Wed, 18 Mar 2026 14:31:00 -0400 https://promon.io/security-news/the-strandhogg-vulnerability /vulns/2026/2026-03-18-strandhogg/
(source: https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md) ]]> Wed, 18 Mar 2026 12:51:00 -0400 https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md /vulns/2026/2026-03-18-internal-data-buffering/
(source: https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md) ]]> Wed, 18 Mar 2026 12:50:00 -0400 https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md /vulns/2026/2026-03-18-empty-frames-flood/
(source: https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md) ]]> Wed, 18 Mar 2026 12:49:00 -0400 https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md /vulns/2026/2026-03-18-0-length-headers-leak/
(source: https://www.midnightblue.nl/research/riskstation) ]]> Wed, 18 Mar 2026 10:28:00 -0400 https://www.midnightblue.nl/research/riskstation /vulns/2026/2026-03-18-risk-station/
(source: https://www.zafran.io/resources/breaking-waf) ]]> Wed, 18 Mar 2026 10:27:00 -0400 https://www.zafran.io/resources/breaking-waf /vulns/2026/2026-03-18-breakingwaf/
(source: https://www.qualys.com/2019/06/05/cve-2019-10149/return-wizard-rce-exim.txt) ]]> Wed, 18 Mar 2026 10:23:00 -0400 https://www.qualys.com/2019/06/05/cve-2019-10149/return-wizard-rce-exim.txt /vulns/2026/2026-03-18-the-return-of-the-wizard/
(source: https://blog.qualys.com/vulnerabilities-threat-research/2026/02/02/mutagen-astronomy-discovery-to-kev) ]]> Wed, 18 Mar 2026 10:21:00 -0400 https://blog.qualys.com/vulnerabilities-threat-research/2026/02/02/mutagen-astronomy-discovery-to-kev /vulns/2026/2026-03-18-mutagen-astronomy/
(source: https://www.armis.com/research/critix/#vulnerabilities) ]]> Wed, 18 Mar 2026 10:16:00 -0400 https://www.armis.com/research/critix/#vulnerabilities /vulns/2026/2026-03-18-crit-ix/
(source: https://maccarita.com/posts/idesaster/) ]]> Wed, 18 Mar 2026 10:10:00 -0400 https://maccarita.com/posts/idesaster/ /vulns/2026/2026-03-18-idesaster/
(source: https://www.tenable.com/blog/imagerunner-a-privilege-escalation-vulnerability-impacting-gcp-cloud-run) ]]> Wed, 18 Mar 2026 10:08:00 -0400 https://www.tenable.com/blog/imagerunner-a-privilege-escalation-vulnerability-impacting-gcp-cloud-run /vulns/2026/2026-03-18-imagerunner/
(source: https://blog.qualys.com/vulnerabilities-threat-research/2017/06/19/the-stack-clash) ]]> Wed, 18 Mar 2026 10:07:00 -0400 https://blog.qualys.com/vulnerabilities-threat-research/2017/06/19/the-stack-clash /vulns/2026/2026-03-18-stack-clash/
(source: https://github.com/jofpin/brash) ]]> Wed, 18 Mar 2026 10:04:00 -0400 https://github.com/jofpin/brash /vulns/2026/2026-03-18-brash/
(source: https://bogner.sh/2017/11/avgater-getting-local-admin-by-abusing-the-anti-virus-quarantine/) ]]> Wed, 18 Mar 2026 10:02:00 -0400 https://bogner.sh/2017/11/avgater-getting-local-admin-by-abusing-the-anti-virus-quarantine/ /vulns/2026/2026-03-18-avgater/
(source: https://orca.security/resources/blog/roguepilot-github-copilot-vulnerability/) ]]> Wed, 18 Mar 2026 10:01:00 -0400 https://orca.security/resources/blog/roguepilot-github-copilot-vulnerability/ /vulns/2026/2026-03-18-roguepilot/
(source: https://www.ktemkin.com/post/fusee_gelee/) ]]> Wed, 18 Mar 2026 09:59:00 -0400 https://www.ktemkin.com/post/fusee_gelee/ /vulns/2026/2026-03-18-fusee-gelee/
(source: https://www.proofpoint.com/us/blog/threat-insight/cursorjack-weaponizing-deeplinks-exploit-cursor-ide) ]]> Wed, 18 Mar 2026 09:55:00 -0400 https://www.proofpoint.com/us/blog/threat-insight/cursorjack-weaponizing-deeplinks-exploit-cursor-ide /vulns/2026/2026-03-18-cursorjack/
(source: https://www.stratascale.com/resource/cve-2025-32463-sudo-chroot-elevation-of-privilege/) ]]> Wed, 18 Mar 2026 09:49:00 -0400 https://www.stratascale.com/resource/cve-2025-32463-sudo-chroot-elevation-of-privilege/ /vulns/2026/2026-03-18-chroot-to-root/
(source: https://www.imperva.com/blog/madeyoureset-turning-http-2-server-against-itself/) ]]> Wed, 18 Mar 2026 09:43:00 -0400 https://www.imperva.com/blog/madeyoureset-turning-http-2-server-against-itself/ /vulns/2026/2026-03-18-madeyoureset/
(source: https://doublepulsar.com/citrixbleed-2-electric-boogaloo-cve-2025-5777-c7f5e349d206) ]]> Wed, 18 Mar 2026 09:38:00 -0400 https://doublepulsar.com/citrixbleed-2-electric-boogaloo-cve-2025-5777-c7f5e349d206 /vulns/2026/2026-03-18-citrixbleed-2/
(source: https://sensepost.com/cms/resources/conferences/2013/bh_zwave/Security%20Evaluation%20of%20Z-Wave_WP.pdf) ]]> Wed, 18 Mar 2026 09:32:00 -0400 https://sensepost.com/cms/resources/conferences/2013/bh_zwave/Security%20Evaluation%20of%20Z-Wave_WP.pdf /vulns/2026/2026-03-18-z-shave/
(source: https://😾😾😾.fm) ]]> Wed, 18 Mar 2026 09:25:00 -0400 https://😾😾😾.fm /vulns/2026/2026-03-18-thrangrycat/
(source: https://blog.checkpoint.com/research/certifigate/) ]]> Wed, 18 Mar 2026 09:23:00 -0400 https://blog.checkpoint.com/research/certifigate/ /vulns/2026/2026-03-18-certifi-gate/
(source: https://research.checkpoint.com/2018/sending-fax-back-to-the-dark-ages/) ]]> Wed, 18 Mar 2026 09:21:00 -0400 https://research.checkpoint.com/2018/sending-fax-back-to-the-dark-ages/ /vulns/2026/2026-03-18-faxploit/
(source: https://www.orpheus-lyre.info) ]]> Wed, 18 Mar 2026 09:16:00 -0400 https://www.orpheus-lyre.info /vulns/2026/2026-03-18-opheus-lyre/
(source: https://www.wiz.io/blog/wiz-research-redis-rce-cve-2025-49844) ]]> Wed, 18 Mar 2026 09:14:00 -0400 https://www.wiz.io/blog/wiz-research-redis-rce-cve-2025-49844 /vulns/2026/2026-03-18-redishell/
(source: https://www.cloudsek.com/threatintelligence/multiple-assets-still-vulnerable-to-archaic-rce-dubbed-explodingcan) ]]> Wed, 18 Mar 2026 09:11:00 -0400 https://www.cloudsek.com/threatintelligence/multiple-assets-still-vulnerable-to-archaic-rce-dubbed-explodingcan /vulns/2026/2026-03-18-explodingcan/
(source: https://tpm.fail) ]]> Wed, 18 Mar 2026 09:07:00 -0400 https://tpm.fail /vulns/2026/2026-03-18-tpm-fail/
(source: https://www.wiz.io/blog/nvidia-ai-vulnerability-cve-2025-23266-nvidiascape) ]]> Wed, 18 Mar 2026 09:04:00 -0400 https://www.wiz.io/blog/nvidia-ai-vulnerability-cve-2025-23266-nvidiascape /vulns/2026/2026-03-18-nvidiascape/ Wed, 18 Mar 2026 00:10:00 -0400 https://vulnerability.garden /vulns/2026/2026-03-18-eternalsynergy/ Wed, 18 Mar 2026 00:07:00 -0400 https://vulnerability.garden /vulns/2026/2026-03-18-eternalchampion/
(source: https://www.vusec.net/projects/flip-feng-shui/) ]]> Tue, 17 Mar 2026 15:45:00 -0400 https://www.vusec.net/projects/flip-feng-shui/ /vulns/2026/2026-03-17-flip-feng-shui/
(source: https://mdsattacks.com/#ridl-ng) ]]> Tue, 17 Mar 2026 15:41:00 -0400 https://mdsattacks.com/#ridl-ng /vulns/2026/2026-03-17-TAA/
(source: https://mdsattacks.com/#ridl-nng) ]]> Tue, 17 Mar 2026 15:39:00 -0400 https://mdsattacks.com/#ridl-nng /vulns/2026/2026-03-17-VRS/
(source: https://mdsattacks.com/#ridl-nng) ]]> Tue, 17 Mar 2026 15:36:00 -0400 https://mdsattacks.com/#ridl-nng /vulns/2026/2026-03-17-L1DES/
(source: https://comsec-files.ethz.ch/papers/dupefs_fast22.pdf) ]]> Tue, 17 Mar 2026 15:10:00 -0400 https://comsec-files.ethz.ch/papers/dupefs_fast22.pdf /vulns/2026/2026-03-17-dupefs/
(source: https://www.vusec.net/projects/glitch/) ]]> Tue, 17 Mar 2026 15:07:00 -0400 https://www.vusec.net/projects/glitch/ /vulns/2026/2026-03-17-glitch/
(source: https://comsec-files.ethz.ch/papers/tagbleed_eurosp20.pdf) ]]> Tue, 17 Mar 2026 14:28:00 -0400 https://comsec-files.ethz.ch/papers/tagbleed_eurosp20.pdf /vulns/2026/2026-03-17-tagbleed/
(source: https://comsec.ethz.ch/research/microarch/inception/) ]]> Tue, 17 Mar 2026 14:19:00 -0400 https://comsec.ethz.ch/research/microarch/inception/ /vulns/2026/2026-03-17-phantom/
(source: https://comsec-files.ethz.ch/papers/spyhammer_access24.pdf) ]]> Tue, 17 Mar 2026 14:06:00 -0400 https://comsec-files.ethz.ch/papers/spyhammer_access24.pdf /vulns/2026/2026-03-17-spyhammer/
(source: https://www.vusec.net/projects/drammer/) ]]> Tue, 17 Mar 2026 14:03:00 -0400 https://www.vusec.net/projects/drammer/ /vulns/2026/2026-03-17-drammer/
(source: https://comsec.ethz.ch/wp-content/files/risc-h_dramsec24.pdf) ]]> Tue, 17 Mar 2026 13:55:00 -0400 https://comsec.ethz.ch/wp-content/files/risc-h_dramsec24.pdf /vulns/2026/2026-03-17-risc-h/
(source: https://comsec.ethz.ch/research/dram/posthammer/) ]]> Tue, 17 Mar 2026 13:50:00 -0400 https://comsec.ethz.ch/research/dram/posthammer/ /vulns/2026/2026-03-17-posthammer/
(source: https://comsec-files.ethz.ch/papers/woot15.pdf) ]]> Tue, 17 Mar 2026 13:45:00 -0400 https://comsec-files.ethz.ch/papers/woot15.pdf /vulns/2026/2026-03-17-cain/
(source: https://www.vusec.net/projects/eccploit/) ]]> Tue, 17 Mar 2026 13:28:00 -0400 https://www.vusec.net/projects/eccploit/ /vulns/2026/2026-03-17-eccploit/
(source: https://download.vusec.net/papers/throwhammer_atc18.pdf) ]]> Tue, 17 Mar 2026 13:24:00 -0400 https://download.vusec.net/papers/throwhammer_atc18.pdf /vulns/2026/2026-03-17-throwhammer/
(source: https://arxiv.org/pdf/1805.04956) ]]> Tue, 17 Mar 2026 13:22:00 -0400 https://arxiv.org/pdf/1805.04956 /vulns/2026/2026-03-17-nethammer/
(source: https://www.vusec.net/projects/trrespass/) ]]> Tue, 17 Mar 2026 13:14:00 -0400 https://www.vusec.net/projects/trrespass/ /vulns/2026/2026-03-17-trrespass/
(source: https://trustedsec.com/blog/lnkmemaybe-a-review-of-cve-2026-25185) ]]> Mon, 16 Mar 2026 08:00:00 -0400 https://trustedsec.com/blog/lnkmemaybe-a-review-of-cve-2026-25185 /vulns/2026/2026-03-16-lnkmemaybe/
(source: https://www.mdsec.co.uk/2026/03/rip-regpwn/) ]]> Fri, 13 Mar 2026 08:00:00 -0400 https://www.mdsec.co.uk/2026/03/rip-regpwn/ /vulns/2026/2026-03-13-regpwn/
(source: https://securitylab.github.com/resources/github-actions-preventing-pwn-requests/) ]]> Thu, 12 Mar 2026 08:00:00 -0400 https://securitylab.github.com/resources/github-actions-preventing-pwn-requests/ /vulns/2026/2026-03-12-pwn-requests/
(source: https://cdn2.qualys.com/advisory/2026/03/10/crack-armor.txt) ]]> Thu, 12 Mar 2026 08:00:00 -0400 https://cdn2.qualys.com/advisory/2026/03/10/crack-armor.txt /vulns/2026/2026-03-12-crackarmor/
(source: https://i.blackhat.com/BH-US-24/Presentations/US24-Qian-PageJack-A-Powerful-Exploit-Technique-With-Page-Level-UAF-Thursday.pdf) ]]> Wed, 11 Mar 2026 08:00:00 -0400 https://i.blackhat.com/BH-US-24/Presentations/US24-Qian-PageJack-A-Powerful-Exploit-Technique-With-Page-Level-UAF-Thursday.pdf /vulns/2026/2026-03-11-pagejack/
(source: https://zenity.io/company-overview/newsroom/company-news/zenity-labs-discloses-pleasefix-perplexedagent-vulnerability) ]]> Tue, 10 Mar 2026 08:00:00 -0400 https://zenity.io/company-overview/newsroom/company-news/zenity-labs-discloses-pleasefix-perplexedagent-vulnerability /vulns/2026/2026-03-10-pleasefix/
(source: https://www.tenable.com/blog/leakylooker-google-cloud-looker-studio-vulnerabilities) ]]> Tue, 10 Mar 2026 08:00:00 -0400 https://www.tenable.com/blog/leakylooker-google-cloud-looker-studio-vulnerabilities /vulns/2026/2026-03-10-leakylooker/
(source: https://pushsecurity.com/blog/installfix/) ]]> Mon, 09 Mar 2026 08:00:00 -0400 https://pushsecurity.com/blog/installfix/ /vulns/2026/2026-03-09-installfix/
(source: https://noma.security/blog/contextcrush-context7-the-mcp-server-vulnerability/) ]]> Mon, 09 Mar 2026 08:00:00 -0400 https://noma.security/blog/contextcrush-context7-the-mcp-server-vulnerability/ /vulns/2026/2026-03-09-contextcrush/
(source: https://www.oasis.security/blog/openclaw-vulnerability) ]]> Mon, 02 Mar 2026 07:00:00 -0500 https://www.oasis.security/blog/openclaw-vulnerability /vulns/2026/2026-03-02-clawjacked/
(source: https://www.ndss-symposium.org/ndss-paper/airsnitch-demystifying-and-breaking-client-isolation-in-wi-fi-networks/) ]]> Thu, 26 Feb 2026 07:00:00 -0500 https://www.ndss-symposium.org/ndss-paper/airsnitch-demystifying-and-breaking-client-isolation-in-wi-fi-networks/ /vulns/2026/2026-02-26-airsnitch/
(source: https://noma.security/blog/forcedleak-agent-risks-exposed-in-salesforce-agentforce/) ]]> Mon, 23 Feb 2026 07:00:00 -0500 https://noma.security/blog/forcedleak-agent-risks-exposed-in-salesforce-agentforce/ /vulns/2026/2026-02-23-forcedleak/
(source: https://www.vulncheck.com/blog/metro4shell_eitw) ]]> Wed, 04 Feb 2026 07:00:00 -0500 https://www.vulncheck.com/blog/metro4shell_eitw /vulns/2026/2026-02-04-metro4shell/
(source: https://www.cyera.com/research/n8scape-pyodide-sandbox-escape-9-9-critical-post-auth-rce-in-n8n-cve-2025-68668) ]]> Mon, 02 Feb 2026 07:00:00 -0500 https://www.cyera.com/research/n8scape-pyodide-sandbox-escape-9-9-critical-post-auth-rce-in-n8n-cve-2025-68668 /vulns/2026/2026-02-02-n8scape/
(source: https://omeramiad.com/posts/gatewaytoheaven-gcp-cross-tenant-vulnerability/) ]]> Mon, 02 Feb 2026 07:00:00 -0500 https://omeramiad.com/posts/gatewaytoheaven-gcp-cross-tenant-vulnerability/ /vulns/2026/2026-02-02-gatewaytoheaven/
(source: https://www.cyera.com/research/cellbreak-grists-pyodide-sandbox-escape-and-the-data-at-risk-blast-radius) ]]> Mon, 02 Feb 2026 07:00:00 -0500 https://www.cyera.com/research/cellbreak-grists-pyodide-sandbox-escape-and-the-data-at-risk-blast-radius /vulns/2026/2026-02-02-cellbreak/
(source: https://holeybeep.ninja) ]]> Wed, 21 Jan 2026 07:00:00 -0500 https://holeybeep.ninja /vulns/2026/2026-01-21-holey-beep/
(source: https://www.zafran.io/resources/chainleak-critical-ai-framework-vulnerabilities-expose-data-enable-cloud-takeover) ]]> Wed, 21 Jan 2026 07:00:00 -0500 https://www.zafran.io/resources/chainleak-critical-ai-framework-vulnerabilities-expose-data-enable-cloud-takeover /vulns/2026/2026-01-21-chainleak/
(source: https://stackwarpattack.com/) ]]> Tue, 20 Jan 2026 07:00:00 -0500 https://stackwarpattack.com/ /vulns/2026/2026-01-20-stackwarp/
(source: https://www.huntress.com/blog/malicious-browser-extention-crashfix-kongtuke) ]]> Tue, 20 Jan 2026 07:00:00 -0500 https://www.huntress.com/blog/malicious-browser-extention-crashfix-kongtuke /vulns/2026/2026-01-20-crashfix/
(source: https://appomni.com/ao-labs/bodysnatcher-agentic-ai-security-vulnerability-in-servicenow/) ]]> Tue, 20 Jan 2026 07:00:00 -0500 https://appomni.com/ao-labs/bodysnatcher-agentic-ai-security-vulnerability-in-servicenow/ /vulns/2026/2026-01-20-bodysnatcher/
(source: https://whisperpair.eu/) ]]> Thu, 15 Jan 2026 07:00:00 -0500 https://whisperpair.eu/ /vulns/2026/2026-01-15-whisperpair/
(source: https://www.varonis.com/blog/mongobleed-cve-2025-14847-memory-leak-vulnerability) ]]> Thu, 15 Jan 2026 07:00:00 -0500 https://www.varonis.com/blog/mongobleed-cve-2025-14847-memory-leak-vulnerability /vulns/2026/2026-01-15-mongobleed/
(source: https://www.wiz.io/blog/wiz-research-codebreach-vulnerability-aws-codebuild) ]]> Thu, 15 Jan 2026 07:00:00 -0500 https://www.wiz.io/blog/wiz-research-codebreach-vulnerability-aws-codebuild /vulns/2026/2026-01-15-codebreach/
(source: https://faith2dxy.xyz/2026-01-03/cve_2025_38352_analysis_part_3/) ]]> Tue, 13 Jan 2026 07:00:00 -0500 https://faith2dxy.xyz/2026-01-03/cve_2025_38352_analysis_part_3/ /vulns/2026/2026-01-13-chronomaly/
(source: https://perfektblue.pcacybersecurity.com/) ]]> Tue, 06 Jan 2026 07:00:00 -0500 https://perfektblue.pcacybersecurity.com/ /vulns/2026/2026-01-06-perfektblue/
(source: https://noma.security/blog/geminijack-google-gemini-zero-click-vulnerability/) ]]> Thu, 18 Dec 2025 07:00:00 -0500 https://noma.security/blog/geminijack-google-gemini-zero-click-vulnerability/ /vulns/2025/2025-12-18-geminijack/
(source: https://pushsecurity.com/blog/consentfix) ]]> Thu, 18 Dec 2025 07:00:00 -0500 https://pushsecurity.com/blog/consentfix /vulns/2025/2025-12-18-consentfix/
(source: https://www.sonarsource.com/blog/zombie-workflows-a-github-actions-horror-story/) ]]> Wed, 10 Dec 2025 07:00:00 -0500 https://www.sonarsource.com/blog/zombie-workflows-a-github-actions-horror-story/ /vulns/2025/2025-12-10-zombie-workflows/
(source: https://www.aikido.dev/blog/promptpwnd-github-actions-ai-agents) ]]> Wed, 10 Dec 2025 07:00:00 -0500 https://www.aikido.dev/blog/promptpwnd-github-actions-ai-agents /vulns/2025/2025-12-10-promptpwnd/
(source: https://react2shell.com/) ]]> Tue, 09 Dec 2025 07:00:00 -0500 https://react2shell.com/ /vulns/2025/2025-12-09-react2shell/
(source: https://www.microsoft.com/en-us/security/blog/2025/11/07/whisper-leak-a-novel-side-channel-cyberattack-on-remote-language-models/) ]]> Wed, 12 Nov 2025 07:00:00 -0500 https://www.microsoft.com/en-us/security/blog/2025/11/07/whisper-leak-a-novel-side-channel-cyberattack-on-remote-language-models/ /vulns/2025/2025-11-12-whisper-leak/
(source: https://x.com/MayhemDayOne/status/1285303164116389890) ]]> Wed, 12 Nov 2025 07:00:00 -0500 https://x.com/MayhemDayOne/status/1285303164116389890 /vulns/2025/2025-11-12-meow-attack/
(source: https://www.operant.ai/art-kubed/shadow-escape) ]]> Wed, 29 Oct 2025 08:00:00 -0400 https://www.operant.ai/art-kubed/shadow-escape /vulns/2025/2025-10-29-shadow-escape/
(source: https://edera.dev/stories/tarmageddon) ]]> Tue, 28 Oct 2025 08:00:00 -0400 https://edera.dev/stories/tarmageddon /vulns/2025/2025-10-28-tarmageddon/
(source: https://sansec.io/research/sessionreaper) ]]> Tue, 28 Oct 2025 08:00:00 -0400 https://sansec.io/research/sessionreaper /vulns/2025/2025-10-28-sessionreaper/
(source: https://rmpocalypse.github.io/) ]]> Wed, 15 Oct 2025 08:00:00 -0400 https://rmpocalypse.github.io/ /vulns/2025/2025-10-15-rmpocalypse/
(source: https://www.pixnapping.com/) ]]> Wed, 15 Oct 2025 08:00:00 -0400 https://www.pixnapping.com/ /vulns/2025/2025-10-15-pixnapping/
(source: https://www.legitsecurity.com/blog/camoleak-critical-github-copilot-vulnerability-leaks-private-source-code) ]]> Wed, 15 Oct 2025 08:00:00 -0400 https://www.legitsecurity.com/blog/camoleak-critical-github-copilot-vulnerability-leaks-private-source-code /vulns/2025/2025-10-15-camoleak/
(source: https://sites.google.com/view/mic-e-mouse) ]]> Tue, 07 Oct 2025 08:00:00 -0400 https://sites.google.com/view/mic-e-mouse /vulns/2025/2025-10-07-mic-e-mouse/
(source: https://www.radware.com/security/threat-advisories-and-attack-reports/shadowleak/) ]]> Wed, 01 Oct 2025 08:00:00 -0400 https://www.radware.com/security/threat-advisories-and-attack-reports/shadowleak/ /vulns/2025/2025-10-01-shadowleak/
(source: https://comsec.ethz.ch/research/dram/phoenix/) ]]> Wed, 01 Oct 2025 08:00:00 -0400 https://comsec.ethz.ch/research/dram/phoenix/ /vulns/2025/2025-10-01-phoenix/
(source: https://cispa.saarland/group/rossow/papers/nicraft-esorics2025.pdf) ]]> Wed, 01 Oct 2025 08:00:00 -0400 https://cispa.saarland/group/rossow/papers/nicraft-esorics2025.pdf /vulns/2025/2025-10-01-nicraft/
(source: https://comsec.ethz.ch/research/microarch/vmscape-exposing-and-exploiting-incomplete-branch-predictor-isolation-in-cloud-environments/) ]]> Wed, 17 Sep 2025 08:00:00 -0400 https://comsec.ethz.ch/research/microarch/vmscape-exposing-and-exploiting-incomplete-branch-predictor-isolation-in-cloud-environments/ /vulns/2025/2025-09-17-vmscape/
(source: https://cirriustech.co.uk/blog/announcing-spade/) ]]> Wed, 17 Sep 2025 08:00:00 -0400 https://cirriustech.co.uk/blog/announcing-spade/ /vulns/2025/2025-09-17-spade/
(source: https://www.usenix.org/system/files/usenixsecurity25-li-xiang.pdf) ]]> Wed, 17 Sep 2025 08:00:00 -0400 https://www.usenix.org/system/files/usenixsecurity25-li-xiang.pdf /vulns/2025/2025-09-17-oneflip/
(source: https://www.sweet.security/blog/ecscape-understanding-iam-privilege-boundaries-in-amazon-ecs) ]]> Wed, 17 Sep 2025 08:00:00 -0400 https://www.sweet.security/blog/ecscape-understanding-iam-privilege-boundaries-in-amazon-ecs /vulns/2025/2025-09-17-ecscape/
(source: https://zenity.io/research/agentflayer-vulnerabilities) ]]> Wed, 17 Sep 2025 08:00:00 -0400 https://zenity.io/research/agentflayer-vulnerabilities /vulns/2025/2025-09-17-agentflayer/
(source: https://alfiecg.uk/2025/07/16/Trigon.html) ]]> Thu, 31 Jul 2025 08:00:00 -0400 https://alfiecg.uk/2025/07/16/Trigon.html /vulns/2025/2025-07-31-trigon/ Thu, 31 Jul 2025 08:00:00 -0400 https://vulnerability.garden /vulns/2025/2025-07-31-toolshell/
(source: https://taptrap.click/) ]]> Wed, 09 Jul 2025 08:00:00 -0400 https://taptrap.click/ /vulns/2025/2025-07-09-taptrap/
(source: https://opossum-attack.com/) ]]> Wed, 09 Jul 2025 08:00:00 -0400 https://opossum-attack.com/ /vulns/2025/2025-07-09-opossum-attack/
(source: https://www.guidepointsecurity.com/blog/the-birth-and-death-of-loopyticket/) ]]> Wed, 09 Jul 2025 08:00:00 -0400 https://www.guidepointsecurity.com/blog/the-birth-and-death-of-loopyticket/ /vulns/2025/2025-07-09-loopyticket/
(source: https://web.archive.org/web/20250623161755/https://mrd0x.com/filefix-clickfix-alternative/) ]]> Tue, 24 Jun 2025 08:00:00 -0400 https://web.archive.org/web/20250623161755/https://mrd0x.com/filefix-clickfix-alternative/ /vulns/2025/2025-06-24-filefix/
(source: https://www.ox.security/blog/confirmed-critical-the-grafana-ghost-exposes-36-of-public-facing-instances-to-malicious-account-takeover/) ]]> Mon, 23 Jun 2025 08:00:00 -0400 https://www.ox.security/blog/confirmed-critical-the-grafana-ghost-exposes-36-of-public-facing-instances-to-malicious-account-takeover/ /vulns/2025/2025-06-23-the-grafana-ghost/
(source: https://arxiv.org/html/2506.08866v1) ]]> Mon, 23 Jun 2025 08:00:00 -0400 https://arxiv.org/html/2506.08866v1 /vulns/2025/2025-06-23-smartattack/
(source: https://coderush.me/hydroph0bia-part2/) ]]> Mon, 23 Jun 2025 08:00:00 -0400 https://coderush.me/hydroph0bia-part2/ /vulns/2025/2025-06-23-hydroph0bia/
(source: https://www.tenable.com/blog/gerriscary-hacking-the-supply-chain-of-popular-google-products-chromiumos-chromium-bazel-dart) ]]> Mon, 23 Jun 2025 08:00:00 -0400 https://www.tenable.com/blog/gerriscary-hacking-the-supply-chain-of-popular-google-products-chromiumos-chromium-bazel-dart /vulns/2025/2025-06-23-gerriscary/
(source: https://www.aim.security/lp/aim-labs-echoleak-blogpost) ]]> Mon, 23 Jun 2025 08:00:00 -0400 https://www.aim.security/lp/aim-labs-echoleak-blogpost /vulns/2025/2025-06-23-echoleak/
(source: https://neuraltrust.ai/blog/echo-chamber-context-poisoning-jailbreak) ]]> Mon, 23 Jun 2025 08:00:00 -0400 https://neuraltrust.ai/blog/echo-chamber-context-poisoning-jailbreak /vulns/2025/2025-06-23-echo-chamber/
(source: https://www.zscaler.com/blogs/security-research/danableed-danabot-c2-server-memory-leak-bug) ]]> Mon, 23 Jun 2025 08:00:00 -0400 https://www.zscaler.com/blogs/security-research/danableed-danabot-c2-server-memory-leak-bug /vulns/2025/2025-06-23-danableed/
(source: https://eprint.iacr.org/2025/1042) ]]> Mon, 23 Jun 2025 08:00:00 -0400 https://eprint.iacr.org/2025/1042 /vulns/2025/2025-06-23-crowhammer/
(source: https://noma.security/blog/how-an-ai-agent-vulnerability-in-langsmith-could-lead-to-stolen-api-keys-and-hijacked-llm-responses/) ]]> Mon, 23 Jun 2025 08:00:00 -0400 https://noma.security/blog/how-an-ai-agent-vulnerability-in-langsmith-could-lead-to-stolen-api-keys-and-hijacked-llm-responses/ /vulns/2025/2025-06-23-AgentSmith/
(source: https://iverify.io/blog/iverify-uncovers-evidence-of-zero-click-mobile-exploitation-in-the-us) ]]> Mon, 09 Jun 2025 08:00:00 -0400 https://iverify.io/blog/iverify-uncovers-evidence-of-zero-click-mobile-exploitation-in-the-us /vulns/2025/2025-06-09-nickname/
(source: https://www.akamai.com/blog/security-research/abusing-dmsa-for-privilege-escalation-in-active-directory) ]]> Mon, 09 Jun 2025 08:00:00 -0400 https://www.akamai.com/blog/security-research/abusing-dmsa-for-privilege-escalation-in-active-directory /vulns/2025/2025-06-09-badsuccessor/
(source: https://doublepulsar.com/use-one-virtual-machine-to-own-them-all-active-exploitation-of-esxicape-0091ccc5bdfc) ]]> Thu, 15 May 2025 08:00:00 -0400 https://doublepulsar.com/use-one-virtual-machine-to-own-them-all-active-exploitation-of-esxicape-0091ccc5bdfc /vulns/2025/2025-05-15-esxicape/
(source: https://comsec.ethz.ch/research/microarch/branch-privilege-injection/) ]]> Wed, 14 May 2025 08:00:00 -0400 https://comsec.ethz.ch/research/microarch/branch-privilege-injection/ /vulns/2025/2025-05-14-branch-privilege-injection/
(source: https://adragos.ro/fontleak/) ]]> Wed, 07 May 2025 08:00:00 -0400 https://adragos.ro/fontleak/ /vulns/2025/2025-05-07-fontleak/
(source: https://www.tenable.com/blog/confusedcomposer-a-privilege-escalation-vulnerability-impacting-gcp-composer) ]]> Wed, 30 Apr 2025 08:00:00 -0400 https://www.tenable.com/blog/confusedcomposer-a-privilege-escalation-vulnerability-impacting-gcp-composer /vulns/2025/2025-04-30-confusedcomposer/
(source: https://cirriustech.co.uk/blog/outtatune-vulnerability/) ]]> Tue, 29 Apr 2025 08:00:00 -0400 https://cirriustech.co.uk/blog/outtatune-vulnerability/ /vulns/2025/2025-04-29-outtatune/
(source: https://www.oligo.security/blog/airborne) ]]> Tue, 29 Apr 2025 08:00:00 -0400 https://www.oligo.security/blog/airborne /vulns/2025/2025-04-29-airborne/
(source: https://www.hiddenlayer.com/research/novel-universal-bypass-for-all-major-llms) ]]> Mon, 28 Apr 2025 08:00:00 -0400 https://www.hiddenlayer.com/research/novel-universal-bypass-for-all-major-llms /vulns/2025/2025-04-28-policy-puppetry/
(source: https://blog.trailofbits.com/2025/04/21/jumping-the-line-how-mcp-servers-can-attack-you-before-you-ever-use-them/) ]]> Tue, 22 Apr 2025 08:00:00 -0400 https://blog.trailofbits.com/2025/04/21/jumping-the-line-how-mcp-servers-can-attack-you-before-you-ever-use-them/ /vulns/2025/2025-04-22-line-jumping/
(source: https://www.forescout.com/research-labs/sun-down-a-dark-side-to-solar-energy-grids/) ]]> Fri, 28 Mar 2025 08:00:00 -0400 https://www.forescout.com/research-labs/sun-down-a-dark-side-to-solar-energy-grids/ /vulns/2025/2025-03-28-sun-down/
(source: https://www.wiz.io/blog/ingress-nginx-kubernetes-vulnerabilities) ]]> Tue, 25 Mar 2025 08:00:00 -0400 https://www.wiz.io/blog/ingress-nginx-kubernetes-vulnerabilities /vulns/2025/2025-03-25-ingressnightmare/
(source: https://www.pillar.security/blog/new-vulnerability-in-github-copilot-and-cursor-how-hackers-can-weaponize-code-agents) ]]> Wed, 19 Mar 2025 08:00:00 -0400 https://www.pillar.security/blog/new-vulnerability-in-github-copilot-and-cursor-how-hackers-can-weaponize-code-agents /vulns/2025/2025-03-19-rules-file-backdoor/
(source: https://workos.com/blog/samlstorm) ]]> Mon, 17 Mar 2025 08:00:00 -0400 https://workos.com/blog/samlstorm /vulns/2025/2025-03-17-samlstorm/
(source: https://cti.monster/blog/2025/03/04/evilloader.html) ]]> Thu, 06 Mar 2025 07:00:00 -0500 https://cti.monster/blog/2025/03/04/evilloader.html /vulns/2025/2025-03-06-evilloader/
(source: https://bughunters.google.com/blog/zen-and-the-art-of-microcode-hacking) ]]> Thu, 06 Mar 2025 07:00:00 -0500 https://bughunters.google.com/blog/zen-and-the-art-of-microcode-hacking /vulns/2025/2025-03-06-entrysign/
(source: https://gfw.report/publications/ndss25/en/) ]]> Thu, 27 Feb 2025 07:00:00 -0500 https://gfw.report/publications/ndss25/en/ /vulns/2025/2025-02-27-wallbleed/
(source: https://securitylabs.datadoghq.com/articles/whoami-a-cloud-image-name-confusion-attack/) ]]> Wed, 12 Feb 2025 07:00:00 -0500 https://securitylabs.datadoghq.com/articles/whoami-a-cloud-image-name-confusion-attack/ /vulns/2025/2025-02-12-whoami/
(source: https://predictors.fail/#slap) ]]> Tue, 28 Jan 2025 07:00:00 -0500 https://predictors.fail/#slap /vulns/2025/2025-01-28-slap/
(source: https://eprint.iacr.org/2024/398) ]]> Tue, 28 Jan 2025 07:00:00 -0500 https://eprint.iacr.org/2024/398 /vulns/2025/2025-01-28-last-challenge-attack/
(source: https://predictors.fail/#flop) ]]> Tue, 28 Jan 2025 07:00:00 -0500 https://predictors.fail/#flop /vulns/2025/2025-01-28-flop/
(source: https://flatt.tech/research/posts/clone2leak-your-git-credentials-belong-to-us/) ]]> Tue, 28 Jan 2025 07:00:00 -0500 https://flatt.tech/research/posts/clone2leak-your-git-credentials-belong-to-us/ /vulns/2025/2025-01-28-cloneleak/
(source: https://cellularsecurity.org/ransacked) ]]> Mon, 27 Jan 2025 07:00:00 -0500 https://cellularsecurity.org/ransacked /vulns/2025/2025-01-27-ransacked/
(source: https://dfir.ru/2025/01/20/cve-2025-21210-aka-crashxts-a-practical-randomization-attack-against-bitlocker/) ]]> Tue, 21 Jan 2025 07:00:00 -0500 https://dfir.ru/2025/01/20/cve-2025-21210-aka-crashxts-a-practical-randomization-attack-against-bitlocker/ /vulns/2025/2025-01-21-crashxts/
(source: https://blog.orange.tw/posts/2025-01-worstfit-unveiling-hidden-transformers-in-windows-ansi/) ]]> Fri, 10 Jan 2025 07:00:00 -0500 https://blog.orange.tw/posts/2025-01-worstfit-unveiling-hidden-transformers-in-windows-ansi/ /vulns/2025/2025-01-10-worstfit/
(source: https://lukasmaar.github.io/papers/ndss25-kernelsnitch.pdf) ]]> Sun, 05 Jan 2025 07:00:00 -0500 https://lukasmaar.github.io/papers/ndss25-kernelsnitch.pdf /vulns/2025/2025-01-05-kernelsnitch/
(source: https://unit42.paloaltonetworks.com/multi-turn-technique-jailbreaks-llms/) ]]> Sun, 05 Jan 2025 07:00:00 -0500 https://unit42.paloaltonetworks.com/multi-turn-technique-jailbreaks-llms/ /vulns/2025/2025-01-05-bad-likert-judge/
(source: https://dl.acm.org/doi/pdf/10.1145/3658644.3690189) ]]> Thu, 02 Jan 2025 07:00:00 -0500 https://dl.acm.org/doi/pdf/10.1145/3658644.3690189 /vulns/2025/2025-01-02-sysbumps/
(source: https://www.safebreach.com/blog/ldapnightmare-safebreach-labs-publishes-first-proof-of-concept-exploit-for-cve-2024-49113/) ]]> Thu, 02 Jan 2025 07:00:00 -0500 https://www.safebreach.com/blog/ldapnightmare-safebreach-labs-publishes-first-proof-of-concept-exploit-for-cve-2024-49113/ /vulns/2025/2025-01-02-ldapnightmare/
(source: https://www.evil.blog/2024/12/doubleclickjacking-what.html) ]]> Thu, 02 Jan 2025 07:00:00 -0500 https://www.evil.blog/2024/12/doubleclickjacking-what.html /vulns/2025/2025-01-02-doubleclickjacking/
(source: https://www.secura.com/blog/timeroasting-attacking-trust-accounts-in-active-directory) ]]> Fri, 20 Dec 2024 07:00:00 -0500 https://www.secura.com/blog/timeroasting-attacking-trust-accounts-in-active-directory /vulns/2024/2024-12-20-timeroasting/
(source: https://badram.eu/) ]]> Wed, 11 Dec 2024 07:00:00 -0500 https://badram.eu/ /vulns/2024/2024-12-11-badram/
(source: https://nastystereo.com/security/rails-_json-juggling-attack.html) ]]> Tue, 10 Dec 2024 07:00:00 -0500 https://nastystereo.com/security/rails-_json-juggling-attack.html /vulns/2024/2024-12-10-json-juggling-attack/
(source: https://swarm.ptsecurity.com/new-dog-old-tricks-damagecard-attack-targets-memory-directly-thru-sd-card-reader/) ]]> Mon, 09 Dec 2024 07:00:00 -0500 https://swarm.ptsecurity.com/new-dog-old-tricks-damagecard-attack-targets-memory-directly-thru-sd-card-reader/ /vulns/2024/2024-12-09-damagecard/
(source: https://www.volexity.com/blog/2024/11/22/the-nearest-neighbor-attack-how-a-russian-apt-weaponized-nearby-wi-fi-networks-for-covert-access/) ]]> Mon, 02 Dec 2024 07:00:00 -0500 https://www.volexity.com/blog/2024/11/22/the-nearest-neighbor-attack-how-a-russian-apt-weaponized-nearby-wi-fi-networks-for-covert-access/ /vulns/2024/2024-12-02-nearest-neighbor/
(source: https://www.knostic.ai/blog/flowbreaking-ai-attack) ]]> Mon, 02 Dec 2024 07:00:00 -0500 https://www.knostic.ai/blog/flowbreaking-ai-attack /vulns/2024/2024-12-02-flowbreaking/
(source: https://gergelykalman.com/badmalloc-CVE-2023-32428-a-macos-lpe.html) ]]> Mon, 02 Dec 2024 07:00:00 -0500 https://gergelykalman.com/badmalloc-CVE-2023-32428-a-macos-lpe.html /vulns/2024/2024-12-02-badmalloc/
(source: https://www.threatfabric.com/blogs/ghost-tap-new-cash-out-tactic-with-nfc-relay) ]]> Wed, 20 Nov 2024 07:00:00 -0500 https://www.threatfabric.com/blogs/ghost-tap-new-cash-out-tactic-with-nfc-relay /vulns/2024/2024-11-20-ghost-tap/
(source: https://unit42.paloaltonetworks.com/privilege-escalation-llm-model-exfil-vertex-ai/) ]]> Tue, 12 Nov 2024 07:00:00 -0500 https://unit42.paloaltonetworks.com/privilege-escalation-llm-model-exfil-vertex-ai/ /vulns/2024/2024-11-12-modeleak/
(source: https://guard.io/labs/crossbarking-exploiting-a-0-day-opera-vulnerability-with-a-cross-browser-extension-store-attack) ]]> Fri, 01 Nov 2024 08:00:00 -0400 https://guard.io/labs/crossbarking-exploiting-a-0-day-opera-vulnerability-with-a-cross-browser-extension-store-attack /vulns/2024/2024-11-01-crossbarking/
(source: https://unit42.paloaltonetworks.com/jailbreak-llms-through-camouflage-distraction/) ]]> Mon, 28 Oct 2024 08:00:00 -0400 https://unit42.paloaltonetworks.com/jailbreak-llms-through-camouflage-distraction/ /vulns/2024/2024-10-28-deceptive-delight/
(source: https://doublepulsar.com/burning-zero-days-fortijump-fortimanager-vulnerability-used-by-nation-state-in-espionage-via-msps-c79abec59773) ]]> Thu, 24 Oct 2024 08:00:00 -0400 https://doublepulsar.com/burning-zero-days-fortijump-fortimanager-vulnerability-used-by-nation-state-in-espionage-via-msps-c79abec59773 /vulns/2024/2024-10-24-fortijump/
(source: https://www.symmetry-systems.com/blog/confused-pilot-attack/) ]]> Tue, 22 Oct 2024 08:00:00 -0400 https://www.symmetry-systems.com/blog/confused-pilot-attack/ /vulns/2024/2024-10-22-confusedpilot/ Mon, 21 Oct 2024 08:00:00 -0400 https://vulnerability.garden /vulns/2024/2024-10-21-clickfix/
(source: https://medium.com/intigriti/how-i-hacked-hundreds-of-companies-through-their-helpdesk-b7680ddc2d4c) ]]> Fri, 18 Oct 2024 08:00:00 -0400 https://medium.com/intigriti/how-i-hacked-hundreds-of-companies-through-their-helpdesk-b7680ddc2d4c /vulns/2024/2024-10-18-ticket-trick/
(source: https://www.microsoft.com/en-us/security/blog/2024/10/17/new-macos-vulnerability-hm-surf-could-lead-to-unauthorized-data-access/) ]]> Thu, 17 Oct 2024 08:00:00 -0400 https://www.microsoft.com/en-us/security/blog/2024/10/17/new-macos-vulnerability-hm-surf-could-lead-to-unauthorized-data-access/ /vulns/2024/2024-10-17-hm-surf/
(source: https://uzl-its.github.io/tdxdown/) ]]> Tue, 15 Oct 2024 08:00:00 -0400 https://uzl-its.github.io/tdxdown/ /vulns/2024/2024-10-15-tdxdown/
(source: https://www.nozominetworks.com/blog/37-vulnerabilities-in-openflow-libfluid-msg-parsing-library) ]]> Tue, 15 Oct 2024 08:00:00 -0400 https://www.nozominetworks.com/blog/37-vulnerabilities-in-openflow-libfluid-msg-parsing-library /vulns/2024/2024-10-15-fluidfaults/
(source: https://stefangast.eu/papers/counterseveillance.pdf) ]]> Tue, 15 Oct 2024 08:00:00 -0400 https://stefangast.eu/papers/counterseveillance.pdf /vulns/2024/2024-10-15-counterseveillance/
(source: https://www.forescout.com/press-releases/14-vulnerabilities-draytek-routers/) ]]> Fri, 04 Oct 2024 08:00:00 -0400 https://www.forescout.com/press-releases/14-vulnerabilities-draytek-routers/ /vulns/2024/2024-10-04-dray-break/
(source: https://github.com/chadhyatt/kartlanpwn) ]]> Tue, 01 Oct 2024 08:00:00 -0400 https://github.com/chadhyatt/kartlanpwn /vulns/2024/2024-10-01-kart-lan-pwn/
(source: https://blog.amberwolf.com/blog/2024/september/skeleton-cookie-breaking-into-safeguard-with-cve-2024-45488/) ]]> Wed, 25 Sep 2024 08:00:00 -0400 https://blog.amberwolf.com/blog/2024/september/skeleton-cookie-breaking-into-safeguard-with-cve-2024-45488/ /vulns/2024/2024-09-25-skeleton-cookie/
(source: https://www.usenix.org/conference/usenixsecurity21/presentation/lee-yoochan) ]]> Wed, 25 Sep 2024 08:00:00 -0400 https://www.usenix.org/conference/usenixsecurity21/presentation/lee-yoochan /vulns/2024/2024-09-25-exprace/
(source: https://sites.google.com/view/Gazeploit/) ]]> Mon, 16 Sep 2024 08:00:00 -0400 https://sites.google.com/view/Gazeploit/ /vulns/2024/2024-09-16-gazeploit/
(source: https://jfrog.com/blog/revival-hijack-pypi-hijack-technique-exploited-22k-packages-at-risk/) ]]> Fri, 13 Sep 2024 08:00:00 -0400 https://jfrog.com/blog/revival-hijack-pypi-hijack-technique-exploited-22k-packages-at-risk/ /vulns/2024/2024-09-13-revival-hijack/
(source: https://ninjalab.io/eucleak/) ]]> Fri, 13 Sep 2024 08:00:00 -0400 https://ninjalab.io/eucleak/ /vulns/2024/2024-09-13-eucleak/
(source: https://decoder.cloud/2024/08/02/the-fake-potato/) ]]> Wed, 28 Aug 2024 08:00:00 -0400 https://decoder.cloud/2024/08/02/the-fake-potato/ /vulns/2024/2024-08-28-fake-potato/
(source: https://www.miggo.io/post/albeast-security-advisory-alb-vulnerability) ]]> Wed, 21 Aug 2024 08:00:00 -0400 https://www.miggo.io/post/albeast-security-advisory-alb-vulnerability /vulns/2024/2024-08-21-albeast/
(source: https://cloud.google.com/blog/topics/threat-intelligence/escalating-privileges-azure-kubernetes-services/) ]]> Mon, 19 Aug 2024 08:00:00 -0400 https://cloud.google.com/blog/topics/threat-intelligence/escalating-privileges-azure-kubernetes-services/ /vulns/2024/2024-08-19-wireserving/
(source: https://www.zerodayinitiative.com/blog/2024/8/14/cve-2024-38213-copy2pwn-exploit-evades-windows-web-protections) ]]> Sat, 17 Aug 2024 08:00:00 -0400 https://www.zerodayinitiative.com/blog/2024/8/14/cve-2024-38213-copy2pwn-exploit-evades-windows-web-protections /vulns/2024/2024-08-17-copy2pwn/
(source: https://unit42.paloaltonetworks.com/github-repo-artifacts-leak-tokens/) ]]> Sat, 17 Aug 2024 08:00:00 -0400 https://unit42.paloaltonetworks.com/github-repo-artifacts-leak-tokens/ /vulns/2024/2024-08-17-artipacked/
(source: https://www.aquasec.com/blog/bucket-monopoly-breaching-aws-accounts-through-shadow-resources/) ]]> Tue, 13 Aug 2024 08:00:00 -0400 https://www.aquasec.com/blog/bucket-monopoly-breaching-aws-accounts-through-shadow-resources/ /vulns/2024/2024-08-13-bucket-monopoly/
(source: https://blog.zolutal.io/aslrnt/) ]]> Mon, 12 Aug 2024 08:00:00 -0400 https://blog.zolutal.io/aslrnt/ /vulns/2024/2024-08-12-aslrnt/
(source: https://ghostwriteattack.com/) ]]> Fri, 09 Aug 2024 08:00:00 -0400 https://ghostwriteattack.com/ /vulns/2026/2026-03-19-ghostwrite/
(source: https://www.ioactive.com/event/def-con-talk-amd-sinkclose-universal-ring-2-privilege-escalation/) ]]> Fri, 09 Aug 2024 08:00:00 -0400 https://www.ioactive.com/event/def-con-talk-amd-sinkclose-universal-ring-2-privilege-escalation/ /vulns/2024/2024-08-09-sinkclose/
(source: https://sites.google.com/site/zhiniangpeng/blogs/MadLicense) ]]> Fri, 09 Aug 2024 08:00:00 -0400 https://sites.google.com/site/zhiniangpeng/blogs/MadLicense /vulns/2024/2024-08-09-madlicense/
(source: https://www.oligo.security/blog/0-0-0-0-day-exploiting-localhost-apis-from-the-browser) ]]> Fri, 09 Aug 2024 08:00:00 -0400 https://www.oligo.security/blog/0-0-0-0-day-exploiting-localhost-apis-from-the-browser /vulns/2024/2024-08-09-0-0-0-0-day/
(source: https://blackhat.com/us-24/briefings/schedule/#breaching-aws-accounts-through-shadow-resources-39706) ]]> Wed, 07 Aug 2024 08:00:00 -0400 https://blackhat.com/us-24/briefings/schedule/#breaching-aws-accounts-through-shadow-resources-39706 /vulns/2024/2024-08-07-shadow-resources/
(source: https://www.usenix.org/conference/usenixsecurity24/presentation/maar-slubstick) ]]> Mon, 05 Aug 2024 08:00:00 -0400 https://www.usenix.org/conference/usenixsecurity24/presentation/maar-slubstick /vulns/2024/2024-08-05-slubstick/
(source: https://www.infoblox.com/blog/threat-intelligence/who-knew-domain-hijacking-is-so-easy/) ]]> Fri, 02 Aug 2024 08:00:00 -0400 https://www.infoblox.com/blog/threat-intelligence/who-knew-domain-hijacking-is-so-easy/ /vulns/2024/2024-08-02-sitting-ducks/
(source: https://crocs.fi.muni.cz/public/papers/rsa_ccs17) ]]> Fri, 02 Aug 2024 08:00:00 -0400 https://crocs.fi.muni.cz/public/papers/rsa_ccs17 /vulns/2024/2024-08-02-roca/
(source: https://fermatattack.secvuln.info/) ]]> Fri, 02 Aug 2024 08:00:00 -0400 https://fermatattack.secvuln.info/ /vulns/2024/2024-08-02-fermat-attack/
(source: https://infosec.exchange/@SwiftOnSecurity/112871061960829494) ]]> Mon, 29 Jul 2024 08:00:00 -0400 https://infosec.exchange/@SwiftOnSecurity/112871061960829494 /vulns/2024/2024-07-29-esxith/
(source: https://tudoor.net/) ]]> Fri, 26 Jul 2024 08:00:00 -0400 https://tudoor.net/ /vulns/2024/2024-07-26-tudoor/
(source: https://research.checkpoint.com/2024/thread-name-calling-using-thread-name-for-offense/) ]]> Fri, 26 Jul 2024 08:00:00 -0400 https://research.checkpoint.com/2024/thread-name-calling-using-thread-name-for-offense/ /vulns/2024/2024-07-26-thread-name-calling/
(source: https://www.binarly.io/blog/pkfail-untrusted-platform-keys-undermine-secure-boot-on-uefi-ecosystem) ]]> Fri, 26 Jul 2024 08:00:00 -0400 https://www.binarly.io/blog/pkfail-untrusted-platform-keys-undermine-secure-boot-on-uefi-ecosystem /vulns/2024/2024-07-26-pkfail/
(source: https://www.tenable.com/blog/confusedfunction-a-privilege-escalation-vulnerability-impacting-gcp-cloud-functions) ]]> Thu, 25 Jul 2024 08:00:00 -0400 https://www.tenable.com/blog/confusedfunction-a-privilege-escalation-vulnerability-impacting-gcp-cloud-functions /vulns/2024/2024-07-25-confusedfunction/
(source: https://www.welivesecurity.com/en/eset-research/cursed-tapes-exploiting-evilvideo-vulnerability-telegram-android/) ]]> Mon, 22 Jul 2024 08:00:00 -0400 https://www.welivesecurity.com/en/eset-research/cursed-tapes-exploiting-evilvideo-vulnerability-telegram-android/ /vulns/2024/2024-07-22-evilvideo/
(source: https://www.wiz.io/blog/sapwned-sap-ai-vulnerabilities-ai-security) ]]> Thu, 18 Jul 2024 08:00:00 -0400 https://www.wiz.io/blog/sapwned-sap-ai-vulnerabilities-ai-security /vulns/2024/2024-07-18-sapwned/
(source: https://citizenlab.ca/vulnerabilities-in-vpns-paper-presented-at-the-privacy-enhancing-technologies-symposium-2024/) ]]> Thu, 18 Jul 2024 08:00:00 -0400 https://citizenlab.ca/vulnerabilities-in-vpns-paper-presented-at-the-privacy-enhancing-technologies-symposium-2024/ /vulns/2024/2024-07-18-port-shadow/
(source: https://www.blastradius.fail) ]]> Tue, 09 Jul 2024 08:00:00 -0400 https://www.blastradius.fail /vulns/2024/2024-07-09-blast-radius/
(source: https://wack0.github.io/dubiousdisk/) ]]> Sun, 07 Jul 2024 08:00:00 -0400 https://wack0.github.io/dubiousdisk/ /vulns/2024/2024-07-07-dubious-disk/
(source: https://kirin-attack.github.io/) ]]> Wed, 03 Jul 2024 08:00:00 -0400 https://kirin-attack.github.io/ /vulns/2024/2024-07-03-kirin/
(source: https://indirector.cpusec.org/) ]]> Tue, 02 Jul 2024 08:00:00 -0400 https://indirector.cpusec.org/ /vulns/2024/2024-07-02-indirector/
(source: https://blog.qualys.com/vulnerabilities-threat-research/2024/07/01/regresshion-remote-unauthenticated-code-execution-vulnerability-in-openssh-server) ]]> Mon, 01 Jul 2024 08:00:00 -0400 https://blog.qualys.com/vulnerabilities-threat-research/2024/07/01/regresshion-remote-unauthenticated-code-execution-vulnerability-in-openssh-server /vulns/2024/2024-07-01-regresshion/
(source: https://www.microsoft.com/en-us/security/blog/2024/06/26/mitigating-skeleton-key-a-new-type-of-generative-ai-jailbreak-technique/) ]]> Wed, 26 Jun 2024 08:00:00 -0400 https://www.microsoft.com/en-us/security/blog/2024/06/26/mitigating-skeleton-key-a-new-type-of-generative-ai-jailbreak-technique/ /vulns/2024/2024-06-26-skeleton-key/
(source: https://eclypsium.com/blog/ueficanhazbufferoverflow-widespread-impact-from-vulnerability-in-popular-pc-and-server-firmware/) ]]> Tue, 25 Jun 2024 08:00:00 -0400 https://eclypsium.com/blog/ueficanhazbufferoverflow-widespread-impact-from-vulnerability-in-popular-pc-and-server-firmware/ /vulns/2024/2024-06-25-ueficanhazbufferoverflow/
(source: https://www.snailload.com/) ]]> Mon, 24 Jun 2024 08:00:00 -0400 https://www.snailload.com/ /vulns/2024/2024-06-24-snailload/
(source: https://www.wiz.io/blog/probllama-ollama-vulnerability-cve-2024-37032) ]]> Mon, 24 Jun 2024 08:00:00 -0400 https://www.wiz.io/blog/probllama-ollama-vulnerability-cve-2024-37032 /vulns/2024/2024-06-24-probllama/
(source: https://www.elastic.co/security-labs/grimresource) ]]> Mon, 24 Jun 2024 08:00:00 -0400 https://www.elastic.co/security-labs/grimresource /vulns/2024/2024-06-24-grimresource/
(source: https://sansec.io/research/cosmicsting) ]]> Mon, 24 Jun 2024 08:00:00 -0400 https://sansec.io/research/cosmicsting /vulns/2024/2024-06-24-cosmicsting/
(source: https://blog.trailofbits.com/2024/06/11/exploiting-ml-models-with-pickle-file-attacks-part-1/) ]]> Tue, 11 Jun 2024 08:00:00 -0400 https://blog.trailofbits.com/2024/06/11/exploiting-ml-models-with-pickle-file-attacks-part-1/ /vulns/2024/2024-06-11-sleepy-pickle/
(source: https://www.slideshare.net/slideshow/derbycon-the-unintended-risks-of-trusting-active-directory/118363679#5) ]]> Tue, 04 Jun 2024 08:00:00 -0400 https://www.slideshare.net/slideshow/derbycon-the-unintended-risks-of-trusting-active-directory/118363679#5 /vulns/2024/2024-06-04-spoolsample/
(source: https://x.com/topotam77/status/1475701014204461056) ]]> Tue, 04 Jun 2024 08:00:00 -0400 https://x.com/topotam77/status/1475701014204461056 /vulns/2024/2024-06-04-shadowcoerce/
(source: https://github.com/Wh04m1001/DFSCoerce) ]]> Tue, 04 Jun 2024 08:00:00 -0400 https://github.com/Wh04m1001/DFSCoerce /vulns/2024/2024-06-04-dfscoerce/
(source: https://www.tenable.com/blog/linguistic-lumberjack-attacking-cloud-services-via-logging-endpoints-fluent-bit-cve-2024-4323) ]]> Mon, 20 May 2024 08:00:00 -0400 https://www.tenable.com/blog/linguistic-lumberjack-attacking-cloud-services-via-logging-endpoints-fluent-bit-cve-2024-4323 /vulns/2024/2024-05-20-linguistic-lumberjack/
(source: https://www.top10vpn.com/research/wifi-vulnerability-ssid/) ]]> Tue, 14 May 2024 08:00:00 -0400 https://www.top10vpn.com/research/wifi-vulnerability-ssid/ /vulns/2024/2024-05-14-ssid-confusion-attack/
(source: https://dl.acm.org/doi/10.1145/3620666.3651382) ]]> Wed, 08 May 2024 08:00:00 -0400 https://dl.acm.org/doi/10.1145/3620666.3651382 /vulns/2024/2024-05-08-pathfinder/
(source: https://www.tunnelvisionbug.com/) ]]> Mon, 06 May 2024 08:00:00 -0400 https://www.tunnelvisionbug.com/ /vulns/2024/2024-05-06-tunnelvision/
(source: https://github.com/TheOfficialFloW/PPPwn) ]]> Fri, 03 May 2024 08:00:00 -0400 https://github.com/TheOfficialFloW/PPPwn /vulns/2024/2024-05-03-pppwn/
(source: https://www.microsoft.com/en-us/security/blog/2024/05/01/dirty-stream-attack-discovering-and-mitigating-a-common-vulnerability-pattern-in-android-apps/) ]]> Fri, 03 May 2024 08:00:00 -0400 https://www.microsoft.com/en-us/security/blog/2024/05/01/dirty-stream-attack-discovering-and-mitigating-a-common-vulnerability-pattern-in-android-apps/ /vulns/2024/2024-05-03-dirty-stream/
(source: https://arxiv.org/abs/2404.16856) ]]> Mon, 29 Apr 2024 08:00:00 -0400 https://arxiv.org/abs/2404.16856 /vulns/2024/2024-04-29-hookchain/
(source: https://www.safebreach.com/blog/magicdot-a-hackers-magic-show-of-disappearing-dots-and-spaces/) ]]> Sun, 21 Apr 2024 08:00:00 -0400 https://www.safebreach.com/blog/magicdot-a-hackers-magic-show-of-disappearing-dots-and-spaces/ /vulns/2024/2024-04-21-magicdot/
(source: https://www.oligo.security/blog/shadowray-attack-ai-workloads-actively-exploited-in-the-wild) ]]> Wed, 17 Apr 2024 08:00:00 -0400 https://www.oligo.security/blog/shadowray-attack-ai-workloads-actively-exploited-in-the-wild /vulns/2024/2024-04-17-shadowray/
(source: https://orca.security/resources/blog/leakycli-aws-google-cloud-command-line-tools-can-expose-sensitive-credentials-build-logs/) ]]> Tue, 16 Apr 2024 08:00:00 -0400 https://orca.security/resources/blog/leakycli-aws-google-cloud-command-line-tools-can-expose-sensitive-credentials-build-logs/ /vulns/2024/2024-04-16-leakycli/
(source: https://cipherleaks.com/) ]]> Tue, 16 Apr 2024 08:00:00 -0400 https://cipherleaks.com/ /vulns/2024/2024-04-16-cipherleaks/
(source: https://www.usenix.org/system/files/usenixsecurity23-gierlings.pdf) ]]> Sun, 14 Apr 2024 08:00:00 -0400 https://www.usenix.org/system/files/usenixsecurity23-gierlings.pdf /vulns/2024/2024-04-14-demons/
(source: https://www.vusec.net/projects/native-bhi/) ]]> Tue, 09 Apr 2024 08:00:00 -0400 https://www.vusec.net/projects/native-bhi/ /vulns/2024/2024-04-09-native-bhi/
(source: https://lutrasecurity.com/en/articles/kobold-letters/) ]]> Tue, 09 Apr 2024 08:00:00 -0400 https://lutrasecurity.com/en/articles/kobold-letters/ /vulns/2024/2024-04-09-kobold-letters/
(source: https://flatt.tech/research/posts/batbadbut-you-cant-securely-execute-commands-on-windows/) ]]> Tue, 09 Apr 2024 08:00:00 -0400 https://flatt.tech/research/posts/batbadbut-you-cant-securely-execute-commands-on-windows/ /vulns/2024/2024-04-09-batbadbut/
(source: https://ahoi-attacks.github.io/wesee/) ]]> Sun, 07 Apr 2024 21:24:00 -0400 https://ahoi-attacks.github.io/wesee/ /vulns/2024/2024-04-07-wesee/
(source: https://ahoi-attacks.github.io/sigy/) ]]> Sun, 07 Apr 2024 21:24:00 -0400 https://ahoi-attacks.github.io/sigy/ /vulns/2024/2024-04-07-sigy/
(source: https://ahoi-attacks.github.io/heckler/) ]]> Sun, 07 Apr 2024 21:24:00 -0400 https://ahoi-attacks.github.io/heckler/ /vulns/2024/2024-04-07-heckler/
(source: https://crescendo-the-multiturn-jailbreak.github.io/) ]]> Fri, 05 Apr 2024 08:00:00 -0400 https://crescendo-the-multiturn-jailbreak.github.io/ /vulns/2024/2024-04-05-crescendo/
(source: https://nowotarski.info/http2-continuation-flood-technical-details/) ]]> Thu, 04 Apr 2024 08:00:00 -0400 https://nowotarski.info/http2-continuation-flood-technical-details/ /vulns/2024/2024-04-04-continuation-flood/
(source: https://floss.social/@jwf/112181835287436354) ]]> Sun, 31 Mar 2024 08:00:00 -0400 https://floss.social/@jwf/112181835287436354 /vulns/2024/2024-03-31-xzorcist/
(source: https://people.rit.edu/sjf5462/6831711781/wall_2_27_2024.txt) ]]> Wed, 27 Mar 2024 08:00:00 -0400 https://people.rit.edu/sjf5462/6831711781/wall_2_27_2024.txt /vulns/2024/2024-03-27-wall-escape/
(source: https://comsec.ethz.ch/research/dram/zenhammer/) ]]> Mon, 25 Mar 2024 08:00:00 -0400 https://comsec.ethz.ch/research/dram/zenhammer/ /vulns/2024/2024-03-25-zenhammer/
(source: https://unsaflok.com/) ]]> Thu, 21 Mar 2024 08:00:00 -0400 https://unsaflok.com/ /vulns/2024/2024-03-21-unsaflok/
(source: https://gofetch.fail/) ]]> Thu, 21 Mar 2024 08:00:00 -0400 https://gofetch.fail/ /vulns/2024/2024-03-21-gofetch/
(source: https://www.tenable.com/blog/flowfixation-aws-apache-airflow-service-takeover-vulnerability-and-why-neglecting-guardrails) ]]> Thu, 21 Mar 2024 08:00:00 -0400 https://www.tenable.com/blog/flowfixation-aws-apache-airflow-service-takeover-vulnerability-and-why-neglecting-guardrails /vulns/2024/2024-03-21-flowfixation/
(source: https://cispa.de/en/loop-dos) ]]> Wed, 20 Mar 2024 08:00:00 -0400 https://cispa.de/en/loop-dos /vulns/2024/2024-03-20-loop-dos/
(source: https://project-zero.issues.chromium.org/issues/42451497) ]]> Mon, 18 Mar 2024 08:00:00 -0400 https://project-zero.issues.chromium.org/issues/42451497 /vulns/2024/2024-03-18-macdirtycow/
(source: https://www.vusec.net/projects/ghostrace/) ]]> Wed, 13 Mar 2024 08:00:00 -0400 https://www.vusec.net/projects/ghostrace/ /vulns/2024/2024-03-13-ghostrace/
(source: https://arxiv.org/pdf/2402.11753) ]]> Mon, 04 Mar 2024 07:00:00 -0500 https://arxiv.org/pdf/2402.11753 /vulns/2024/2024-03-04-artprompt/
(source: https://www.semperis.com/blog/meet-silver-saml/) ]]> Fri, 01 Mar 2024 07:00:00 -0500 https://www.semperis.com/blog/meet-silver-saml/ /vulns/2024/2024-03-01-silver-saml/
(source: https://info.eclypsium.com/shim-shady-bootloader-vulnerability-story) ]]> Wed, 28 Feb 2024 07:00:00 -0500 https://info.eclypsium.com/shim-shady-bootloader-vulnerability-story /vulns/2024/2024-02-28-shim-shady/
(source: https://security.snyk.io/research/zip-slip-vulnerability) ]]> Tue, 27 Feb 2024 07:00:00 -0500 https://security.snyk.io/research/zip-slip-vulnerability /vulns/2024/2024-02-27-zip-slip/
(source: https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708) ]]> Fri, 23 Feb 2024 07:00:00 -0500 https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708 /vulns/2024/2024-02-23-slashandgrab/
(source: https://arxiv.org/pdf/2402.11423) ]]> Tue, 20 Feb 2024 07:00:00 -0500 https://arxiv.org/pdf/2402.11423 /vulns/2024/2024-02-20-voltschemer/
(source: https://checkmarx.com/blog/llama-drama-critical-vulnerability-cve-2024-34359-threatening-your-software-supply-chain/) ]]> Tue, 20 Feb 2024 07:00:00 -0500 https://checkmarx.com/blog/llama-drama-critical-vulnerability-cve-2024-34359-threatening-your-software-supply-chain/ /vulns/2024/2024-02-20-llama-drama/
(source: https://www.ndss-symposium.org/wp-content/uploads/2024-618-paper.pdf) ]]> Mon, 19 Feb 2024 07:00:00 -0500 https://www.ndss-symposium.org/wp-content/uploads/2024-618-paper.pdf /vulns/2024/2024-02-19-printlistener/
(source: https://www.ndss-symposium.org/wp-content/uploads/ndss2024_f552_paper-1.pdf) ]]> Sun, 18 Feb 2024 07:00:00 -0500 https://www.ndss-symposium.org/wp-content/uploads/ndss2024_f552_paper-1.pdf /vulns/2024/2024-02-18-em-eye/
(source: https://www.enea.com/insights/dusting-off-old-fingerprints-nso-groups-unknown-mms-hack/) ]]> Sat, 17 Feb 2024 07:00:00 -0500 https://www.enea.com/insights/dusting-off-old-fingerprints-nso-groups-unknown-mms-hack/ /vulns/2024/2024-02-17-mms-fingerprint/
(source: https://ctrlalt.medium.com/space-attack-spoofing-eids-password-authenticated-connection-establishment-11561e5657b1) ]]> Fri, 16 Feb 2024 07:00:00 -0500 https://ctrlalt.medium.com/space-attack-spoofing-eids-password-authenticated-connection-establishment-11561e5657b1 /vulns/2024/2024-02-16-space-attack/
(source: https://research.checkpoint.com/2024/the-risks-of-the-monikerlink-bug-in-microsoft-outlook-and-the-big-picture/) ]]> Wed, 14 Feb 2024 07:00:00 -0500 https://research.checkpoint.com/2024/the-risks-of-the-monikerlink-bug-in-microsoft-outlook-and-the-big-picture/ /vulns/2024/2024-02-14-monikerlink/
(source: https://www.presseportal.de/pm/173495/5713546) ]]> Mon, 12 Feb 2024 07:00:00 -0500 https://www.presseportal.de/pm/173495/5713546 /vulns/2024/2024-02-12-keytrap/
(source: https://github.com/floesen/EventLogCrasher) ]]> Sat, 10 Feb 2024 07:00:00 -0500 https://github.com/floesen/EventLogCrasher /vulns/2024/2024-02-10-eventlogcrasher/
(source: https://labs.snyk.io/resources/leaky-vessels-docker-runc-container-breakout-vulnerabilities/) ]]> Wed, 07 Feb 2024 07:00:00 -0500 https://labs.snyk.io/resources/leaky-vessels-docker-runc-container-breakout-vulnerabilities/ /vulns/2024/2024-02-07-leaky-vessels/
(source: https://www.rtpbleed.com) ]]> Thu, 25 Jan 2024 07:00:00 -0500 https://www.rtpbleed.com /vulns/2024/2024-01-25-rtp-bleed/
(source: https://orca.security/resources/blog/sys-all-google-kubernetes-engine-risk-example/) ]]> Wed, 24 Jan 2024 07:00:00 -0500 https://orca.security/resources/blog/sys-all-google-kubernetes-engine-risk-example/ /vulns/2024/2024-01-24-sysall/
(source: https://blog.oversecured.com/Introducing-MavenGate-a-supply-chain-attack-method-for-Java-and-Android-applications/) ]]> Tue, 23 Jan 2024 07:00:00 -0500 https://blog.oversecured.com/Introducing-MavenGate-a-supply-chain-attack-method-for-Java-and-Android-applications/ /vulns/2024/2024-01-23-mavengate/
(source: https://guard.io/labs/myflaw-cross-platform-0-day-rce-vulnerability-discovered-in-operas-browsers) ]]> Sun, 21 Jan 2024 07:00:00 -0500 https://guard.io/labs/myflaw-cross-platform-0-day-rce-vulnerability-discovered-in-operas-browsers /vulns/2024/2024-01-21-myflaw/ Thu, 18 Jan 2024 07:00:00 -0500 https://vulnerability.garden /vulns/2024/2024-01-18-winshock/
(source: https://smtpsmuggling.com/) ]]> Thu, 18 Jan 2024 07:00:00 -0500 https://smtpsmuggling.com/ /vulns/2024/2024-01-18-smtp-smuggling/
(source: https://trmm.net/Sleep_attack/) ]]> Thu, 18 Jan 2024 07:00:00 -0500 https://trmm.net/Sleep_attack/ /vulns/2024/2024-01-18-sleep-attack/
(source: https://www.volexity.com/blog/2024/01/10/active-exploitation-of-two-zero-day-vulnerabilities-in-ivanti-connect-secure-vpn/) ]]> Thu, 18 Jan 2024 07:00:00 -0500 https://www.volexity.com/blog/2024/01/10/active-exploitation-of-two-zero-day-vulnerabilities-in-ivanti-connect-secure-vpn/ /vulns/2024/2024-01-18-connectaround/
(source: https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html) ]]> Tue, 16 Jan 2024 07:00:00 -0500 https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html /vulns/2024/2024-01-16-pixiefail/
(source: https://blog.trailofbits.com/2024/01/16/leftoverlocals-listening-to-llm-responses-through-leaked-gpu-local-memory/) ]]> Tue, 16 Jan 2024 07:00:00 -0500 https://blog.trailofbits.com/2024/01/16/leftoverlocals-listening-to-llm-responses-through-leaked-gpu-local-memory/ /vulns/2024/2024-01-16-leftoverlocals/
(source: https://verichains.io/tsshock/) ]]> Mon, 15 Jan 2024 07:00:00 -0500 https://verichains.io/tsshock/ /vulns/2024/2024-01-15-tsshock/
(source: https://kyberslash.cr.yp.to/) ]]> Wed, 10 Jan 2024 07:00:00 -0500 https://kyberslash.cr.yp.to/ /vulns/2024/2024-01-10-kyberslash/
(source: https://defuse.ca/sockstress.htm) ]]> Sat, 06 Jan 2024 07:00:00 -0500 https://defuse.ca/sockstress.htm /vulns/2024/2024-01-06-sockstress/
(source: https://securelist.com/operation-triangulation-the-last-hardware-mystery/111669/) ]]> Thu, 28 Dec 2023 07:00:00 -0500 https://securelist.com/operation-triangulation-the-last-hardware-mystery/111669/ /vulns/2023/2023-12-28-triangulation/
(source: https://kylebot.net/papers/retspill.pdf) ]]> Sat, 23 Dec 2023 07:00:00 -0500 https://kylebot.net/papers/retspill.pdf /vulns/2023/2023-12-23-retspill/
(source: https://terrapin-attack.com/) ]]> Mon, 18 Dec 2023 07:00:00 -0500 https://terrapin-attack.com/ /vulns/2023/2023-12-18-terrapin-attack/
(source: https://thomaspaniagua.github.io/quadattack_web/) ]]> Thu, 14 Dec 2023 07:00:00 -0500 https://thomaspaniagua.github.io/quadattack_web/ /vulns/2023/2023-12-14-quadattack/
(source: https://www.forescout.com/research-labs/sierra21/) ]]> Thu, 07 Dec 2023 07:00:00 -0500 https://www.forescout.com/research-labs/sierra21/ /vulns/2023/2023-12-07-sierra21/
(source: https://asset-group.github.io/disclosures/5ghoul/) ]]> Thu, 07 Dec 2023 07:00:00 -0500 https://asset-group.github.io/disclosures/5ghoul/ /vulns/2023/2023-12-07-5ghoul/
(source: https://blackhat.com/eu-23/briefings/schedule/#autospill-zero-effort-credential-stealing-from-mobile-password-managers-34420) ]]> Wed, 06 Dec 2023 07:00:00 -0500 https://blackhat.com/eu-23/briefings/schedule/#autospill-zero-effort-credential-stealing-from-mobile-password-managers-34420 /vulns/2023/2023-12-06-autospill/
(source: https://www.vusec.net/projects/slam/) ]]> Tue, 05 Dec 2023 07:00:00 -0500 https://www.vusec.net/projects/slam/ /vulns/2023/2023-12-05-slam/
(source: https://www.binarly.io/blog/the-far-reaching-consequences-of-logofail) ]]> Thu, 30 Nov 2023 07:00:00 -0500 https://www.binarly.io/blog/the-far-reaching-consequences-of-logofail /vulns/2023/2023-11-30-logofail/
(source: https://github.com/Wack0/CVE-2022-21894) ]]> Thu, 30 Nov 2023 07:00:00 -0500 https://github.com/Wack0/CVE-2022-21894 /vulns/2023/2023-11-30-baton-drop/
(source: https://francozappa.github.io/post/2023/bluffs-ccs23/) ]]> Wed, 29 Nov 2023 07:00:00 -0500 https://francozappa.github.io/post/2023/bluffs-ccs23/ /vulns/2023/2023-11-29-bluffs/
(source: https://www.hunters.security/en/blog/delefriend-a-newly-discovered-design-flaw-in-domain-wide-delegation-could-leave-google-workspace-vulnerable-for-takeover) ]]> Tue, 28 Nov 2023 07:00:00 -0500 https://www.hunters.security/en/blog/delefriend-a-newly-discovered-design-flaw-in-domain-wide-delegation-could-leave-google-workspace-vulnerable-for-takeover /vulns/2023/2023-11-28-delefriend/
(source: https://brave.com/privacy-updates/13-pool-party-side-channels/) ]]> Fri, 24 Nov 2023 07:00:00 -0500 https://brave.com/privacy-updates/13-pool-party-side-channels/ /vulns/2023/2023-11-24-pool-party/
(source: https://gergelykalman.com/sqlol-CVE-2023-32422-a-macos-tcc-bypass.html) ]]> Thu, 16 Nov 2023 07:00:00 -0500 https://gergelykalman.com/sqlol-CVE-2023-32422-a-macos-tcc-bypass.html /vulns/2023/2023-11-16-sqlol/
(source: https://lock.cmpxchg8b.com/reptar.html) ]]> Tue, 14 Nov 2023 07:00:00 -0500 https://lock.cmpxchg8b.com/reptar.html /vulns/2023/2023-11-14-reptar/
(source: https://www.randstorm.com/) ]]> Tue, 14 Nov 2023 07:00:00 -0500 https://www.randstorm.com/ /vulns/2023/2023-11-14-randstorm/
(source: https://gergelykalman.com/lateralus-CVE-2023-32407-a-macos-tcc-bypass.html) ]]> Tue, 14 Nov 2023 07:00:00 -0500 https://gergelykalman.com/lateralus-CVE-2023-32407-a-macos-tcc-bypass.html /vulns/2023/2023-11-14-lateralus/
(source: https://cachewarpattack.com/) ]]> Tue, 14 Nov 2023 07:00:00 -0500 https://cachewarpattack.com/ /vulns/2023/2023-11-14-cachewarp/
(source: https://gergelykalman.com/no-CVE-batsignal-a-macos-lpe.html) ]]> Mon, 06 Nov 2023 07:00:00 -0500 https://gergelykalman.com/no-CVE-batsignal-a-macos-lpe.html /vulns/2023/2023-11-06-batsignal/
(source: https://lightcommands.com/) ]]> Thu, 26 Oct 2023 08:00:00 -0400 https://lightcommands.com/ /vulns/2023/2023-10-26-light-commands/
(source: https://ileakage.com/) ]]> Wed, 25 Oct 2023 08:00:00 -0400 https://ileakage.com/ /vulns/2023/2023-10-25-ileakage/
(source: https://www.assetnote.io/resources/research/citrix-bleed-leaking-session-tokens-with-cve-2023-4966) ]]> Tue, 24 Oct 2023 08:00:00 -0400 https://www.assetnote.io/resources/research/citrix-bleed-leaking-session-tokens-with-cve-2023-4966 /vulns/2023/2023-10-24-citrixbleed/
(source: https://portswigger.net/research/smashing-the-state-machine#single-packet-attack) ]]> Wed, 18 Oct 2023 08:00:00 -0400 https://portswigger.net/research/smashing-the-state-machine#single-packet-attack /vulns/2023/2023-10-18-single-packet-attack/
(source: https://sec1.dk/mde.html) ]]> Mon, 16 Oct 2023 08:00:00 -0400 https://sec1.dk/mde.html /vulns/2023/2023-10-16-shadowbunny/
(source: https://filippo.io/Ticketbleed/) ]]> Wed, 11 Oct 2023 08:00:00 -0400 https://filippo.io/Ticketbleed/ /vulns/2023/2023-10-11-ticketbleed/
(source: https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/) ]]> Tue, 10 Oct 2023 08:00:00 -0400 https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/ /vulns/2023/2023-10-10-rapid-reset/
(source: https://www.oligo.security/blog/shelltorch-torchserve-ssrf-vulnerability-cve-2023-43654) ]]> Fri, 06 Oct 2023 08:00:00 -0400 https://www.oligo.security/blog/shelltorch-torchserve-ssrf-vulnerability-cve-2023-43654 /vulns/2023/2023-10-06-shelltorch/
(source: https://people.redhat.com/~hkario/marvin/) ]]> Fri, 06 Oct 2023 08:00:00 -0400 https://people.redhat.com/~hkario/marvin/ /vulns/2023/2023-10-06-marvin/
(source: https://blog.qualys.com/vulnerabilities-threat-research/2023/10/03/cve-2023-4911-looney-tunables-local-privilege-escalation-in-the-glibcs-ld-so) ]]> Fri, 06 Oct 2023 08:00:00 -0400 https://blog.qualys.com/vulnerabilities-threat-research/2023/10/03/cve-2023-4911-looney-tunables-local-privilege-escalation-in-the-glibcs-ld-so /vulns/2023/2023-10-06-looney-tunables/
(source: https://blog.xpnsec.com/dirtynib/) ]]> Fri, 06 Oct 2023 08:00:00 -0400 https://blog.xpnsec.com/dirtynib/ /vulns/2023/2023-10-06-dirtynib/
(source: https://i.blackhat.com/us-18/Wed-August-8/us-18-Nafeez-Compression-Oracle-Attacks-On-Vpn-Networks.pdf) ]]> Tue, 26 Sep 2023 08:00:00 -0400 https://i.blackhat.com/us-18/Wed-August-8/us-18-Nafeez-Compression-Oracle-Attacks-On-Vpn-Networks.pdf /vulns/2023/2023-09-26-voracle/
(source: https://www.hertzbleed.com/gpu.zip/) ]]> Tue, 26 Sep 2023 08:00:00 -0400 https://www.hertzbleed.com/gpu.zip/ /vulns/2023/2023-09-26-gpu-zip/
(source: https://exploits.forsale/themebleed/) ]]> Fri, 15 Sep 2023 08:00:00 -0400 https://exploits.forsale/themebleed/ /vulns/2023/2023-09-15-themebleed/
(source: https://citizenlab.ca/blastpass-nso-group-iphone-zero-click-zero-day-exploit-captured-in-the-wild/) ]]> Sat, 09 Sep 2023 08:00:00 -0400 https://citizenlab.ca/blastpass-nso-group-iphone-zero-click-zero-day-exploit-captured-in-the-wild/ /vulns/2023/2023-09-09-blastpass/
(source: https://maginotdns.net/) ]]> Wed, 16 Aug 2023 08:00:00 -0400 https://maginotdns.net/ /vulns/2023/2023-08-16-maginotdns/
(source: https://infosec.exchange/@reverseics/110871926306809217) ]]> Fri, 11 Aug 2023 08:00:00 -0400 https://infosec.exchange/@reverseics/110871926306809217 /vulns/2023/2023-08-11-codechism/
(source: https://milksad.info/disclosure.html) ]]> Wed, 09 Aug 2023 08:00:00 -0400 https://milksad.info/disclosure.html /vulns/2023/2023-08-09-milk-sad/
(source: https://tunnelcrack.mathyvanhoef.com/) ]]> Tue, 08 Aug 2023 08:00:00 -0400 https://tunnelcrack.mathyvanhoef.com/ /vulns/2023/2023-08-08-tunnelcrack/
(source: https://comsec.ethz.ch/research/microarch/inception/) ]]> Tue, 08 Aug 2023 08:00:00 -0400 https://comsec.ethz.ch/research/microarch/inception/ /vulns/2023/2023-08-08-inception/
(source: https://downfall.page/) ]]> Tue, 08 Aug 2023 08:00:00 -0400 https://downfall.page/ /vulns/2023/2023-08-08-downfall/
(source: https://guard.io/labs/phishforce-vulnerability-uncovered-in-salesforces-email-services-exploited-for-phishing) ]]> Wed, 02 Aug 2023 08:00:00 -0400 https://guard.io/labs/phishforce-vulnerability-uncovered-in-salesforces-email-services-exploited-for-phishing /vulns/2023/2023-08-02-phishforce/
(source: https://collidepower.com/) ]]> Tue, 01 Aug 2023 08:00:00 -0400 https://collidepower.com/ /vulns/2023/2023-08-01-collide-power/
(source: https://blog.mmpa.info/posts/bleeding-pipe/) ]]> Tue, 01 Aug 2023 08:00:00 -0400 https://blog.mmpa.info/posts/bleeding-pipe/ /vulns/2023/2023-08-01-bleedingpipe/
(source: https://www.wiz.io/blog/ubuntu-overlayfs-vulnerability) ]]> Mon, 31 Jul 2023 08:00:00 -0400 https://www.wiz.io/blog/ubuntu-overlayfs-vulnerability /vulns/2023/2023-07-31-gameoverlay/
(source: https://lock.cmpxchg8b.com/zenbleed.html) ]]> Mon, 24 Jul 2023 08:00:00 -0400 https://lock.cmpxchg8b.com/zenbleed.html /vulns/2023/2023-07-24-zenbleed/
(source: https://www.midnightblue.nl/research/tetraburst) ]]> Mon, 24 Jul 2023 08:00:00 -0400 https://www.midnightblue.nl/research/tetraburst /vulns/2023/2023-07-24-tetra-burst/
(source: https://orca.security/resources/blog/bad-build-google-cloud-build-potential-supply-chain-attack-vulnerability/) ]]> Mon, 24 Jul 2023 08:00:00 -0400 https://orca.security/resources/blog/bad-build-google-cloud-build-potential-supply-chain-attack-vulnerability/ /vulns/2023/2023-07-24-badbuild/
(source: https://blogs.blackberry.com/en/2023/07/romcom-targets-ukraine-nato-membership-talks-at-nato-summit) ]]> Wed, 12 Jul 2023 08:00:00 -0400 https://blogs.blackberry.com/en/2023/07/romcom-targets-ukraine-nato-membership-talks-at-nato-summit /vulns/2023/2023-07-12-follina-2/
(source: https://yanglingxi1993.github.io/dirty_pagetable/dirty_pagetable.html) ]]> Mon, 10 Jul 2023 08:00:00 -0400 https://yanglingxi1993.github.io/dirty_pagetable/dirty_pagetable.html /vulns/2023/2023-07-10-dirty-pagetable/
(source: https://projectzero.google/2019/11/bad-binder-android-in-wild-exploit.html) ]]> Mon, 10 Jul 2023 08:00:00 -0400 https://projectzero.google/2019/11/bad-binder-android-in-wild-exploit.html /vulns/2023/2023-07-10-bad-binder/
(source: https://cyberplace.social/@GossiTheDog/110667416012211236) ]]> Thu, 06 Jul 2023 08:00:00 -0400 https://cyberplace.social/@GossiTheDog/110667416012211236 /vulns/2023/2023-07-06-tootroot/
(source: https://www.openwall.com/lists/oss-security/2023/07/05/1) ]]> Wed, 05 Jul 2023 08:00:00 -0400 https://www.openwall.com/lists/oss-security/2023/07/05/1 /vulns/2023/2023-07-05-stackrot/
(source: https://www.tarlogic.com/blog/bluetrust-bluetooth-vulnerability/) ]]> Thu, 29 Jun 2023 08:00:00 -0400 https://www.tarlogic.com/blog/bluetrust-bluetooth-vulnerability/ /vulns/2023/2023-06-29-bluetrust/
(source: https://people.inf.ethz.ch/omutlu/pub/RowPress_isca23.pdf) ]]> Mon, 26 Jun 2023 08:00:00 -0400 https://people.inf.ethz.ch/omutlu/pub/RowPress_isca23.pdf /vulns/2023/2023-06-26-rowpress/
(source: https://www.descope.com/blog/post/noauth) ]]> Wed, 21 Jun 2023 08:00:00 -0400 https://www.descope.com/blog/post/noauth /vulns/2023/2023-06-21-noauth/
(source: https://blog.lexfo.fr/xortigate-cve-2023-27997.html) ]]> Tue, 13 Jun 2023 08:00:00 -0400 https://blog.lexfo.fr/xortigate-cve-2023-27997.html /vulns/2023/2023-06-13-xortigate/
(source: https://badoption.eu/blog/2023/06/01/zipjar.html) ]]> Sat, 03 Jun 2023 08:00:00 -0400 https://badoption.eu/blog/2023/06/01/zipjar.html /vulns/2023/2023-06-03-zipjar/
(source: https://www.microsoft.com/en-us/security/blog/2023/05/30/new-macos-vulnerability-migraine-could-bypass-system-integrity-protection/) ]]> Tue, 30 May 2023 08:00:00 -0400 https://www.microsoft.com/en-us/security/blog/2023/05/30/new-macos-vulnerability-migraine-could-bypass-system-integrity-protection/ /vulns/2023/2023-05-30-migraine/
(source: https://blackhat.com/docs/us-17/thursday/us-17-Hypponen-The-Epocholypse-2038-Whats-In-Store-For-The-Next-20-Years.pdf) ]]> Tue, 30 May 2023 08:00:00 -0400 https://blackhat.com/docs/us-17/thursday/us-17-Hypponen-The-Epocholypse-2038-Whats-In-Store-For-The-Next-20-Years.pdf /vulns/2023/2023-05-30-epochalypse/
(source: https://arxiv.org/abs/2305.10791) ]]> Tue, 23 May 2023 08:00:00 -0400 https://arxiv.org/abs/2305.10791 /vulns/2023/2023-05-23-bruteprint/
(source: https://sternumiot.com/iot-blog/mini-smart-plug-v2-vulnerability-buffer-overflow/) ]]> Tue, 16 May 2023 08:00:00 -0400 https://sternumiot.com/iot-blog/mini-smart-plug-v2-vulnerability-buffer-overflow/ /vulns/2023/2023-05-16-friendlyname/
(source: https://i.blackhat.com/Asia-23/AS-23-Landau-PPLdump-Is-Dead-Long-Live-PPLdump.pdf) ]]> Sun, 14 May 2023 08:00:00 -0400 https://i.blackhat.com/Asia-23/AS-23-Landau-PPLdump-Is-Dead-Long-Live-PPLdump.pdf /vulns/2023/2023-05-14-pplfault/
(source: https://orca.security/resources/blog/super-fabrixss-azure-vulnerability/) ]]> Fri, 28 Apr 2023 08:00:00 -0400 https://orca.security/resources/blog/super-fabrixss-azure-vulnerability/ /vulns/2023/2023-04-28-super-fabrixss/
(source: https://www.wiz.io/blog/brokensesame-accidental-write-permissions-to-private-registry-allowed-potential-r) ]]> Fri, 28 Apr 2023 08:00:00 -0400 https://www.wiz.io/blog/brokensesame-accidental-write-permissions-to-private-registry-allowed-potential-r /vulns/2023/2023-04-28-brokensesame/
(source: https://astrix.security/learn/blog/ghosttoken-exploiting-gcp-application-infrastructure-to-create-invisible-unremovable-trojan-app-on-google-accounts/) ]]> Wed, 26 Apr 2023 08:00:00 -0400 https://astrix.security/learn/blog/ghosttoken-exploiting-gcp-application-infrastructure-to-create-invisible-unremovable-trojan-app-on-google-accounts/ /vulns/2023/2023-04-26-ghosttoken/
(source: https://research.checkpoint.com/2023/queuejumper-critical-unauthorized-rce-vulnerability-in-msmq-service/) ]]> Wed, 19 Apr 2023 08:00:00 -0400 https://research.checkpoint.com/2023/queuejumper-critical-unauthorized-rce-vulnerability-in-msmq-service/ /vulns/2023/2023-04-19-queuejumper/
(source: https://citizenlab.ca/research/nso-groups-pegasus-spyware-returns-in-2022/) ]]> Wed, 19 Apr 2023 08:00:00 -0400 https://citizenlab.ca/research/nso-groups-pegasus-spyware-returns-in-2022/ /vulns/2023/2023-04-19-PWNYOURHOME/
(source: https://citizenlab.ca/research/nso-groups-pegasus-spyware-returns-in-2022/) ]]> Wed, 19 Apr 2023 08:00:00 -0400 https://citizenlab.ca/research/nso-groups-pegasus-spyware-returns-in-2022/ /vulns/2023/2023-04-19-LATENTIMAGE/
(source: https://citizenlab.ca/research/nso-groups-pegasus-spyware-returns-in-2022/) ]]> Wed, 19 Apr 2023 08:00:00 -0400 https://citizenlab.ca/research/nso-groups-pegasus-spyware-returns-in-2022/ /vulns/2023/2023-04-19-FINDMYPWN/
(source: https://www.deepinstinct.com/blog/dirty-vanity-a-new-approach-to-code-injection-edr-bypass) ]]> Thu, 13 Apr 2023 08:00:00 -0400 https://www.deepinstinct.com/blog/dirty-vanity-a-new-approach-to-code-injection-edr-bypass /vulns/2023/2023-04-13-dirty-vanity/
(source: https://nebelwelt.net/files/23Oakland3.pdf) ]]> Mon, 10 Apr 2023 08:00:00 -0400 https://nebelwelt.net/files/23Oakland3.pdf /vulns/2023/2023-04-10-warpattack/
(source: https://github.com/twitter/the-algorithm/issues/1386) ]]> Mon, 10 Apr 2023 08:00:00 -0400 https://github.com/twitter/the-algorithm/issues/1386 /vulns/2023/2023-04-10-shadow-ban/
(source: https://www.canva.dev/blog/engineering/discovering-headroll-cve-2023-0704-in-chromium/) ]]> Thu, 06 Apr 2023 08:00:00 -0400 https://www.canva.dev/blog/engineering/discovering-headroll-cve-2023-0704-in-chromium/ /vulns/2023/2023-04-06-headroll/
(source: https://www.wiz.io/blog/azure-active-directory-bing-misconfiguration) ]]> Thu, 30 Mar 2023 08:00:00 -0400 https://www.wiz.io/blog/azure-active-directory-bing-misconfiguration /vulns/2023/2023-03-30-bingbang/
(source: https://q3k.org/wInd3x.html) ]]> Tue, 21 Mar 2023 08:00:00 -0400 https://q3k.org/wInd3x.html /vulns/2023/2023-03-21-wind3x/
(source: https://zengo.com/zengo-uncovers-security-vulnerabilities-in-popular-web3-transaction-simulation-solutions-the-red-pill-attack/) ]]> Tue, 21 Mar 2023 08:00:00 -0400 https://zengo.com/zengo-uncovers-security-vulnerabilities-in-popular-web3-transaction-simulation-solutions-the-red-pill-attack/ /vulns/2023/2023-03-21-red-pills-attack/
(source: https://acropalypse.info/) ]]> Sat, 18 Mar 2023 08:00:00 -0400 https://acropalypse.info/ /vulns/2023/2023-03-18-acropalypse/
(source: https://www.rnbo.gov.ua/files/%D0%9D%D0%9A%D0%A6%D0%9A/2023/APT28%20cyberattacks%20using%20the%20CVE-2023-23397%20vulnerability%20-%20report.pdf) ]]> Wed, 15 Mar 2023 08:00:00 -0400 https://www.rnbo.gov.ua/files/%D0%9D%D0%9A%D0%A6%D0%9A/2023/APT28%20cyberattacks%20using%20the%20CVE-2023-23397%20vulnerability%20-%20report.pdf /vulns/2023/2023-03-15-bad-appointment/
(source: https://mahaloz.re/2023/02/25/pwnagent-netgear.html) ]]> Wed, 08 Mar 2023 07:00:00 -0500 https://mahaloz.re/2023/02/25/pwnagent-netgear.html /vulns/2023/2023-03-08-pwnagent/
(source: https://www.aquasec.com/blog/jenkins-server-vulnerabilities/) ]]> Wed, 08 Mar 2023 07:00:00 -0500 https://www.aquasec.com/blog/jenkins-server-vulnerabilities/ /vulns/2023/2023-03-08-coreplague/
(source: https://kudelskisecurity.com/research/polynonce-a-tale-of-a-novel-ecdsa-attack-and-bitcoin-tears) ]]> Mon, 06 Mar 2023 07:00:00 -0500 https://kudelskisecurity.com/research/polynonce-a-tale-of-a-novel-ecdsa-attack-and-bitcoin-tears /vulns/2023/2023-03-06-polynonce/
(source: https://www.usenix.org/conference/usenixsecurity23/presentation/wang-zixuan) ]]> Sun, 05 Mar 2023 07:00:00 -0500 https://www.usenix.org/conference/usenixsecurity23/presentation/wang-zixuan /vulns/2023/2023-03-05-nvleak/
(source: https://github.com/SandboxEscaper/randomrepo/blob/master/Readfile.rar) ]]> Thu, 02 Mar 2023 07:00:00 -0500 https://github.com/SandboxEscaper/randomrepo/blob/master/Readfile.rar /vulns/2023/2023-03-02-readfile/
(source: https://github.com/SandboxEscaper/randomrepo/blob/master/angrypolarbearbug.rar) ]]> Thu, 02 Mar 2023 07:00:00 -0500 https://github.com/SandboxEscaper/randomrepo/blob/master/angrypolarbearbug.rar /vulns/2023/2023-03-02-angrypolarbearbug/
(source: https://web.archive.org/web/20230501000759/https://haqueers.com/@Rairii/109817927668949732) ]]> Mon, 06 Feb 2023 07:00:00 -0500 https://web.archive.org/web/20230501000759/https://haqueers.com/@Rairii/109817927668949732 /vulns/2023/2023-02-06-bitpixie/
(source: https://sh1mmer.me/) ]]> Mon, 30 Jan 2023 07:00:00 -0500 https://sh1mmer.me/ /vulns/2023/2023-01-30-sh1mmer/
(source: https://pentera.io/blog/vscalation-cve-2021-22015-local-privilege-escalation-in-vmware-vcenter-pentera-labs/) ]]> Sat, 28 Jan 2023 07:00:00 -0500 https://pentera.io/blog/vscalation-cve-2021-22015-local-privilege-escalation-in-vmware-vcenter-pentera-labs/ /vulns/2023/2023-01-28-vscalation/
(source: https://zt-chen.github.io/voltpillager/) ]]> Sat, 28 Jan 2023 07:00:00 -0500 https://zt-chen.github.io/voltpillager/ /vulns/2023/2023-01-28-voltpillager/
(source: http://voltjockey.com/) ]]> Sat, 28 Jan 2023 07:00:00 -0500 http://voltjockey.com/ /vulns/2023/2023-01-28-voltjockey/
(source: https://arxiv.org/pdf/2301.05538) ]]> Sat, 28 Jan 2023 07:00:00 -0500 https://arxiv.org/pdf/2301.05538 /vulns/2023/2023-01-28-pmfault/
(source: https://securityintelligence.com/posts/dissecting-exploiting-tcp-ip-rce-vulnerability-evilesp/) ]]> Sat, 28 Jan 2023 07:00:00 -0500 https://securityintelligence.com/posts/dissecting-exploiting-tcp-ip-rce-vulnerability-evilesp/ /vulns/2023/2023-01-28-evilesp/
(source: https://www.usenix.org/system/files/conference/usenixsecurity17/sec17-tang.pdf) ]]> Sat, 28 Jan 2023 07:00:00 -0500 https://www.usenix.org/system/files/conference/usenixsecurity17/sec17-tang.pdf /vulns/2023/2023-01-28-clkscrew/
(source: https://www.avanan.com/blog/sylkin-attack-bypassing-microsoft-365-security-risking-users) ]]> Thu, 19 Jan 2023 07:00:00 -0500 https://www.avanan.com/blog/sylkin-attack-bypassing-microsoft-365-security-risking-users /vulns/2023/2023-01-19-sylkin/
(source: https://www.avanan.com/blog/sitecloak-page-obfuscation) ]]> Thu, 19 Jan 2023 07:00:00 -0500 https://www.avanan.com/blog/sitecloak-page-obfuscation /vulns/2023/2023-01-19-sitecloak/
(source: https://www.legitsecurity.com/blog/dos-via-software-supply-chain-innumerable-projects-exposed-to-a-markdown-library-vulnerability) ]]> Thu, 19 Jan 2023 07:00:00 -0500 https://www.legitsecurity.com/blog/dos-via-software-supply-chain-innumerable-projects-exposed-to-a-markdown-library-vulnerability /vulns/2023/2023-01-19-markdowntime/
(source: https://www.tenable.com/blog/Emoji-Deploy-Smile-Your-Azure-web-service-just-got-Rced) ]]> Thu, 19 Jan 2023 07:00:00 -0500 https://www.tenable.com/blog/Emoji-Deploy-Smile-Your-Azure-web-service-just-got-Rced /vulns/2023/2023-01-19-emojideploy/
(source: https://www.avanan.com/blog/the-blank-image-attack) ]]> Thu, 19 Jan 2023 07:00:00 -0500 https://www.avanan.com/blog/the-blank-image-attack /vulns/2023/2023-01-19-blank-image/
(source: https://www.localpotato.com/) ]]> Wed, 11 Jan 2023 07:00:00 -0500 https://www.localpotato.com/ /vulns/2023/2023-01-11-localpotato/
(source: https://github.com/PabloMK7/ENLBufferPwn) ]]> Sat, 31 Dec 2022 07:00:00 -0500 https://github.com/PabloMK7/ENLBufferPwn /vulns/2022/2022-12-31-enlbufferpwn/
(source: https://www.mnemonic.io/resources/blog/acsessed-cross-tenant-network-bypass-in-azure-cognitive-search/) ]]> Thu, 22 Dec 2022 07:00:00 -0500 https://www.mnemonic.io/resources/blog/acsessed-cross-tenant-network-bypass-in-azure-cognitive-search/ /vulns/2022/2022-12-22-acsessed/
(source: https://cymulate.com/blog/blindside-a-new-technique-for-edr-evasion-with-hardware-breakpoints/) ]]> Tue, 20 Dec 2022 07:00:00 -0500 https://cymulate.com/blog/blindside-a-new-technique-for-edr-evasion-with-hardware-breakpoints/ /vulns/2022/2022-12-20-blindside/
(source: https://www.willsroot.io/2022/12/entrybleed.html) ]]> Mon, 19 Dec 2022 07:00:00 -0500 https://www.willsroot.io/2022/12/entrybleed.html /vulns/2022/2022-12-19-entrybleed/
(source: https://www.microsoft.com/en-us/security/blog/2022/12/19/gatekeepers-achilles-heel-unearthing-a-macos-vulnerability/) ]]> Mon, 19 Dec 2022 07:00:00 -0500 https://www.microsoft.com/en-us/security/blog/2022/12/19/gatekeepers-achilles-heel-unearthing-a-macos-vulnerability/ /vulns/2022/2022-12-19-achilles/
(source: https://arxiv.org/pdf/2212.03520) ]]> Sat, 10 Dec 2022 07:00:00 -0500 https://arxiv.org/pdf/2212.03520 /vulns/2022/2022-12-10-covid-bit/
(source: https://sensepost.com/blog/2022/certpotato-using-adcs-to-privesc-from-virtual-and-network-service-accounts-to-local-system/) ]]> Sat, 03 Dec 2022 07:00:00 -0500 https://sensepost.com/blog/2022/certpotato-using-adcs-to-privesc-from-virtual-and-network-service-accounts-to-local-system/ /vulns/2022/2022-12-03-certpotato/
(source: https://www.wiz.io/blog/hells-keychain-supply-chain-attack-in-ibm-cloud-databases-for-postgresql) ]]> Fri, 02 Dec 2022 07:00:00 -0500 https://www.wiz.io/blog/hells-keychain-supply-chain-attack-in-ibm-cloud-databases-for-postgresql /vulns/2022/2022-12-02-hells-keychain/
(source: https://www.semperis.com/blog/syncjacking-azure-ad-account-takeover/) ]]> Sun, 27 Nov 2022 07:00:00 -0500 https://www.semperis.com/blog/syncjacking-azure-ad-account-takeover/ /vulns/2022/2022-11-27-syncjacking/
(source: https://www.computer.org/csdl/proceedings-article/sp/2023/933600a572/1OXGZUghEnm) ]]> Wed, 16 Nov 2022 07:00:00 -0500 https://www.computer.org/csdl/proceedings-article/sp/2023/933600a572/1OXGZUghEnm /vulns/2022/2022-11-16-pcspoof/
(source: https://x.com/wdormann/status/1590044005395357697) ]]> Sun, 13 Nov 2022 07:00:00 -0500 https://x.com/wdormann/status/1590044005395357697 /vulns/2022/2022-11-13-zippyreads/
(source: https://blog.qualys.com/vulnerabilities-threat-research/2022/10/25/leeloo-multipath-authorization-bypass-and-symlink-attack-in-multipathd-cve-2022-41974-and-cve-2022-41973) ]]> Sun, 13 Nov 2022 07:00:00 -0500 https://blog.qualys.com/vulnerabilities-threat-research/2022/10/25/leeloo-multipath-authorization-bypass-and-symlink-attack-in-multipathd-cve-2022-41974-and-cve-2022-41973 /vulns/2022/2022-11-13-leeloo-multipath/
(source: https://dheatattack.com) ]]> Sun, 13 Nov 2022 07:00:00 -0500 https://dheatattack.com /vulns/2022/2022-11-13-dheat/
(source: https://rambo.codes/posts/2022-10-25-sirispy-ios-bug-allowed-apps-to-eavesdrop) ]]> Thu, 27 Oct 2022 08:00:00 -0400 https://rambo.codes/posts/2022-10-25-sirispy-ios-bug-allowed-apps-to-eavesdrop /vulns/2022/2022-10-27-sirispy/
(source: https://www.varonis.com/blog/the-logging-dead-two-windows-event-log-vulnerabilities) ]]> Tue, 25 Oct 2022 08:00:00 -0400 https://www.varonis.com/blog/the-logging-dead-two-windows-event-log-vulnerabilities /vulns/2022/2022-10-25-overlog/
(source: https://www.varonis.com/blog/the-logging-dead-two-windows-event-log-vulnerabilities) ]]> Tue, 25 Oct 2022 08:00:00 -0400 https://www.varonis.com/blog/the-logging-dead-two-windows-event-log-vulnerabilities /vulns/2022/2022-10-25-logcrusher/
(source: https://orca.security/resources/blog/fabrixss-vulnerability-azure-fabric-explorer/) ]]> Tue, 25 Oct 2022 08:00:00 -0400 https://orca.security/resources/blog/fabrixss-vulnerability-azure-fabric-explorer/ /vulns/2022/2022-10-25-fabrixss/
(source: https://blackhat.com/eu-22/briefings/schedule/#lcdpwn-breaking-enterprise-things-with-layer--discovery-protocol-vulnerabilities-again-29066) ]]> Thu, 20 Oct 2022 08:00:00 -0400 https://blackhat.com/eu-22/briefings/schedule/#lcdpwn-breaking-enterprise-things-with-layer--discovery-protocol-vulnerabilities-again-29066 /vulns/2022/2022-10-20-lcdpwn/
(source: https://blog.orange.tw/posts/2022-10-proxyrelay-a-new-attack-surface-on-ms-exchange-part-4/) ]]> Wed, 19 Oct 2022 08:00:00 -0400 https://blog.orange.tw/posts/2022-10-proxyrelay-a-new-attack-surface-on-ms-exchange-part-4/ /vulns/2022/2022-10-19-proxyrelay/
(source: https://x.com/pwntester/status/1582112787811434496?lang=fr) ]]> Mon, 17 Oct 2022 08:00:00 -0400 https://x.com/pwntester/status/1582112787811434496?lang=fr /vulns/2022/2022-10-17-text4shell/
(source: https://www.oxeye.io/blog/vm2-sandbreak-vulnerability-cve-2022-36067) ]]> Mon, 17 Oct 2022 08:00:00 -0400 https://www.oxeye.io/blog/vm2-sandbreak-vulnerability-cve-2022-36067 /vulns/2022/2022-10-17-sandbreak/
(source: https://gteltsc.vn/blog/warning-new-attack-campaign-utilized-a-new-0day-rce-vulnerability-on-microsoft-exchange-server-12715.html) ]]> Sun, 02 Oct 2022 08:00:00 -0400 https://gteltsc.vn/blog/warning-new-attack-campaign-utilized-a-new-0day-rce-vulnerability-on-microsoft-exchange-server-12715.html /vulns/2022/2022-10-02-proxynotshell/
(source: https://sites.cs.ucsb.edu/~chris/research/doc/ndss17_boomerang.pdf) ]]> Mon, 26 Sep 2022 08:00:00 -0400 https://sites.cs.ucsb.edu/~chris/research/doc/ndss17_boomerang.pdf /vulns/2022/2022-09-26-boomerang/
(source: https://gynvael.coldwind.pl/?id=752) ]]> Sun, 25 Sep 2022 08:00:00 -0400 https://gynvael.coldwind.pl/?id=752 /vulns/2022/2022-09-25-crowbleed/
(source: https://www.otto-js.com/news/article/chrome-and-edge-enhanced-spellcheck-features-expose-pii-even-your-passwords) ]]> Tue, 20 Sep 2022 08:00:00 -0400 https://www.otto-js.com/news/article/chrome-and-edge-enhanced-spellcheck-features-expose-pii-even-your-passwords /vulns/2022/2022-09-20-spell-jacking/
(source: https://www.wiz.io/blog/attachme-oracle-cloud-vulnerability-allows-unauthorized-cross-tenant-volume-access) ]]> Tue, 20 Sep 2022 08:00:00 -0400 https://www.wiz.io/blog/attachme-oracle-cloud-vulnerability-allows-unauthorized-cross-tenant-volume-access /vulns/2022/2022-09-20-attachme/
(source: https://medium.com/@bobbyrsec/gifshell-covert-attack-chain-and-c2-utilizing-microsoft-teams-gifs-1618c4e64ed7) ]]> Fri, 09 Sep 2022 08:00:00 -0400 https://medium.com/@bobbyrsec/gifshell-covert-attack-chain-and-c2-utilizing-microsoft-teams-gifs-1618c4e64ed7 /vulns/2022/2022-09-09-gifshell/
(source: https://whereisk0shl.top/post/break-me-out-of-sandbox-in-old-pipe-cve-2022-22715-windows-dirty-pipe) ]]> Tue, 23 Aug 2022 08:00:00 -0400 https://whereisk0shl.top/post/break-me-out-of-sandbox-in-old-pipe-cve-2022-22715-windows-dirty-pipe /vulns/2022/2022-08-23-windows-dirty-pipe/
(source: https://arxiv.org/pdf/2208.09975) ]]> Tue, 23 Aug 2022 08:00:00 -0400 https://arxiv.org/pdf/2208.09975 /vulns/2022/2022-08-23-etherled/
(source: https://zplin.me/papers/DirtyCred.pdf) ]]> Mon, 22 Aug 2022 08:00:00 -0400 https://zplin.me/papers/DirtyCred.pdf /vulns/2022/2022-08-22-dirtycred/
(source: https://stefangast.eu/papers/squip.pdf) ]]> Tue, 16 Aug 2022 08:00:00 -0400 https://stefangast.eu/papers/squip.pdf /vulns/2022/2022-08-16-squip/
(source: https://aepicleak.com/) ]]> Tue, 16 Aug 2022 08:00:00 -0400 https://aepicleak.com/ /vulns/2022/2022-08-16-aepic-leak/
(source: https://claroty.com/team82/research/evil-plc-attack-using-a-controller-as-predator-rather-than-prey) ]]> Mon, 15 Aug 2022 08:00:00 -0400 https://claroty.com/team82/research/evil-plc-attack-using-a-controller-as-predator-rather-than-prey /vulns/2022/2022-08-15-evil-plc/
(source: https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md) ]]> Fri, 12 Aug 2022 08:00:00 -0400 https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md /vulns/2022/2022-08-12-settings-flood/
(source: https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md) ]]> Fri, 12 Aug 2022 08:00:00 -0400 https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md /vulns/2022/2022-08-12-resource-loop/
(source: https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md) ]]> Fri, 12 Aug 2022 08:00:00 -0400 https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md /vulns/2022/2022-08-12-reset-flood/
(source: https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md) ]]> Fri, 12 Aug 2022 08:00:00 -0400 https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md /vulns/2022/2022-08-12-ping-flood/
(source: https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md) ]]> Fri, 12 Aug 2022 08:00:00 -0400 https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md /vulns/2022/2022-08-12-data-dribble/
(source: https://www.tripwire.com/state-of-security/zombie-poodle-goldendoodle) ]]> Thu, 11 Aug 2022 08:00:00 -0400 https://www.tripwire.com/state-of-security/zombie-poodle-goldendoodle /vulns/2022/2022-08-11-zombie-poodle/
(source: https://webexec.org/) ]]> Thu, 11 Aug 2022 08:00:00 -0400 https://webexec.org/ /vulns/2022/2022-08-11-webexec/
(source: https://www.tripwire.com/state-of-security/zombie-poodle-goldendoodle) ]]> Thu, 11 Aug 2022 08:00:00 -0400 https://www.tripwire.com/state-of-security/zombie-poodle-goldendoodle /vulns/2022/2022-08-11-goldendoodle/
(source: https://www.linkedin.com/posts/activity-6960990367269752832-oUrK) ]]> Thu, 04 Aug 2022 08:00:00 -0400 https://www.linkedin.com/posts/activity-6960990367269752832-oUrK /vulns/2022/2022-08-04-paracosme/
(source: https://www.oxeye.io/blog/golang-parameter-smuggling-attack) ]]> Tue, 02 Aug 2022 08:00:00 -0400 https://www.oxeye.io/blog/golang-parameter-smuggling-attack /vulns/2022/2022-08-02-parsethru/
(source: https://www.authomize.com/blog/okta-customers-risk-password-theft-impersonation-attacks/) ]]> Wed, 20 Jul 2022 08:00:00 -0400 https://www.authomize.com/blog/okta-customers-risk-password-theft-impersonation-attacks/ /vulns/2022/2022-07-20-passbleed/
(source: https://arxiv.org/abs/2207.07413) ]]> Mon, 18 Jul 2022 08:00:00 -0400 https://arxiv.org/abs/2207.07413 /vulns/2022/2022-07-18-satan/
(source: https://www.binarly.io/blog/firmwarebleed-the-industry-fails-to-adopt-return-stack-buffer-mitigations-in-smm) ]]> Mon, 18 Jul 2022 08:00:00 -0400 https://www.binarly.io/blog/firmwarebleed-the-industry-fails-to-adopt-return-stack-buffer-mitigations-in-smm /vulns/2022/2022-07-18-firmwarebleed/
(source: https://comsec.ethz.ch/research/microarch/retbleed/) ]]> Wed, 13 Jul 2022 08:00:00 -0400 https://comsec.ethz.ch/research/microarch/retbleed/ /vulns/2022/2022-07-13-retbleed/
(source: https://rollingpwn.github.io/rolling-pwn/) ]]> Tue, 12 Jul 2022 08:00:00 -0400 https://rollingpwn.github.io/rolling-pwn/ /vulns/2022/2022-07-12-rolling-pwn/
(source: https://unit42.paloaltonetworks.com/fabricscape-cve-2022-30137/) ]]> Wed, 29 Jun 2022 08:00:00 -0400 https://unit42.paloaltonetworks.com/fabricscape-cve-2022-30137/ /vulns/2022/2022-06-29-fabricscape/
(source: https://peterjson.medium.com/miracle-one-vulnerability-to-rule-them-all-c3aed9edeea2) ]]> Thu, 23 Jun 2022 08:00:00 -0400 https://peterjson.medium.com/miracle-one-vulnerability-to-rule-them-all-c3aed9edeea2 /vulns/2022/2022-06-23-the-miracle-exploit/
(source: https://www.forescout.com/research-labs/ot-icefall/) ]]> Tue, 21 Jun 2022 08:00:00 -0400 https://www.forescout.com/research-labs/ot-icefall/ /vulns/2022/2022-06-21-ot-icefall/
(source: https://www.halborn.com/disclosures/demonic-vulnerability) ]]> Mon, 20 Jun 2022 08:00:00 -0400 https://www.halborn.com/disclosures/demonic-vulnerability /vulns/2022/2022-06-20-demonic/
(source: https://www.hertzbleed.com/) ]]> Wed, 15 Jun 2022 08:00:00 -0400 https://www.hertzbleed.com/ /vulns/2022/2022-06-15-hertzbleed/
(source: https://gynvael.coldwind.pl/?id=748) ]]> Mon, 13 Jun 2022 08:00:00 -0400 https://gynvael.coldwind.pl/?id=748 /vulns/2022/2022-06-13-screams-of-power/
(source: https://pacmanattack.com/) ]]> Fri, 10 Jun 2022 08:00:00 -0400 https://pacmanattack.com/ /vulns/2022/2022-06-10-pacman/
(source: https://irsl.medium.com/the-trouble-with-microsofts-troubleshooters-6e32fc80b8bd) ]]> Wed, 08 Jun 2022 08:00:00 -0400 https://irsl.medium.com/the-trouble-with-microsofts-troubleshooters-6e32fc80b8bd /vulns/2022/2022-06-08-dogwalk/
(source: https://x.com/nao_sec/status/1530196847679401984) ]]> Mon, 30 May 2022 08:00:00 -0400 https://x.com/nao_sec/status/1530196847679401984 /vulns/2022/2022-05-30-follina/
(source: https://www.usenix.org/conference/usenixsecurity22/presentation/wang-kai) ]]> Fri, 27 May 2022 08:00:00 -0400 https://www.usenix.org/conference/usenixsecurity22/presentation/wang-kai /vulns/2022/2022-05-27-ghosttouch/
(source: https://www.flamingspork.com/blog/2019/01/23/cve-2019-6260:-gaining-control-of-bmc-from-the-host-processor/) ]]> Thu, 26 May 2022 08:00:00 -0400 https://www.flamingspork.com/blog/2019/01/23/cve-2019-6260:-gaining-control-of-bmc-from-the-host-processor/ /vulns/2022/2022-05-26-pantsdown/
(source: https://project-zero.issues.chromium.org/issues/42451378) ]]> Wed, 25 May 2022 08:00:00 -0400 https://project-zero.issues.chromium.org/issues/42451378 /vulns/2022/2022-05-25-xmpp-stanza-smuggling/
(source: https://ics-cert.kaspersky.com/publications/reports/2022/05/23/isapwn-research-on-the-security-of-isagraf-runtime/) ]]> Mon, 23 May 2022 08:00:00 -0400 https://ics-cert.kaspersky.com/publications/reports/2022/05/23/isapwn-research-on-the-security-of-isagraf-runtime/ /vulns/2022/2022-05-23-isapwn/
(source: https://www.sentinelone.com/labs/cratedepression-rust-supply-chain-attack-infects-cloud-ci-pipelines-with-go-malware/) ]]> Fri, 20 May 2022 08:00:00 -0400 https://www.sentinelone.com/labs/cratedepression-rust-supply-chain-attack-infects-cloud-ci-pipelines-with-go-malware/ /vulns/2022/2022-05-20-cratedepression/
(source: https://www.catalyst.net.nz/blog/stay-curious-lessons-doller-ticket-security-issue) ]]> Mon, 16 May 2022 08:00:00 -0400 https://www.catalyst.net.nz/blog/stay-curious-lessons-doller-ticket-security-issue /vulns/2022/2022-05-16-doller-ticket/
(source: https://research.ifcr.dk/certifried-active-directory-domain-privilege-escalation-cve-2022-26923-9e098fe298f4) ]]> Wed, 11 May 2022 08:00:00 -0400 https://research.ifcr.dk/certifried-active-directory-domain-privilege-escalation-cve-2022-26923-9e098fe298f4 /vulns/2022/2022-05-11-certifried/
(source: https://orca.security/resources/blog/azure-synapse-analytics-security-advisory/) ]]> Tue, 10 May 2022 08:00:00 -0400 https://orca.security/resources/blog/azure-synapse-analytics-security-advisory/ /vulns/2022/2022-05-10-synlapse/
(source: https://www.armis.com/blog/tlstorm-2-nanossl-tls-library-misuse-leads-to-vulnerabilities-in-common-switches/) ]]> Tue, 03 May 2022 15:27:00 -0400 https://www.armis.com/blog/tlstorm-2-nanossl-tls-library-misuse-leads-to-vulnerabilities-in-common-switches/ /vulns/2022/2022-05-03-tlstorm-2/
(source: https://www.prefetchers.info/) ]]> Sun, 01 May 2022 08:00:00 -0400 https://www.prefetchers.info/ /vulns/2022/2022-05-01-augury/
(source: https://www.wiz.io/blog/wiz-research-discovers-extrareplica-cross-account-database-vulnerability-in-azure-postgresql) ]]> Thu, 28 Apr 2022 08:00:00 -0400 https://www.wiz.io/blog/wiz-research-discovers-extrareplica-cross-account-database-vulnerability-in-azure-postgresql /vulns/2022/2022-04-28-extrareplica/
(source: https://www.aquasec.com/blog/npm-package-planting/) ]]> Wed, 27 Apr 2022 08:00:00 -0400 https://www.aquasec.com/blog/npm-package-planting/ /vulns/2022/2022-04-27-package-planting/
(source: https://www.microsoft.com/en-us/security/blog/2022/04/26/microsoft-finds-new-elevation-of-privilege-linux-vulnerability-nimbuspwn/) ]]> Wed, 27 Apr 2022 08:00:00 -0400 https://www.microsoft.com/en-us/security/blog/2022/04/26/microsoft-finds-new-elevation-of-privilege-linux-vulnerability-nimbuspwn/ /vulns/2022/2022-04-27-nimbuspwn/
(source: https://blackhat.com/asia-22/briefings/schedule/#explosion-the-hidden-mines-in-the-android-ion-driver-25848) ]]> Sun, 24 Apr 2022 08:00:00 -0400 https://blackhat.com/asia-22/briefings/schedule/#explosion-the-hidden-mines-in-the-android-ion-driver-25848 /vulns/2022/2022-04-24-explosion/
(source: https://zipperdown.org/) ]]> Fri, 22 Apr 2022 08:00:00 -0400 https://zipperdown.org/ /vulns/2022/2022-04-22-zipperdown/
(source: https://promon.io/resources/downloads/strandhogg-2-0-new-serious-android-vulnerability) ]]> Fri, 22 Apr 2022 08:00:00 -0400 https://promon.io/resources/downloads/strandhogg-2-0-new-serious-android-vulnerability /vulns/2022/2022-04-22-strandhogg-2/
(source: https://neilmadden.blog/2022/04/19/psychic-signatures-in-java/) ]]> Thu, 21 Apr 2022 08:00:00 -0400 https://neilmadden.blog/2022/04/19/psychic-signatures-in-java/ /vulns/2022/2022-04-21-psychic-signatures/
(source: https://blog.checkpoint.com/security/largest-mobile-chipset-manufacturers-used-vulnerable-audio-decoder-2-3-of-android-users-privacy-around-the-world-were-at-risk/) ]]> Thu, 21 Apr 2022 08:00:00 -0400 https://blog.checkpoint.com/security/largest-mobile-chipset-manufacturers-used-vulnerable-audio-decoder-2-3-of-android-users-privacy-around-the-world-were-at-risk/ /vulns/2022/2022-04-21-alhack/
(source: https://www.cynerio.com/jekyllbot-5-command-center) ]]> Wed, 13 Apr 2022 08:00:00 -0400 https://www.cynerio.com/jekyllbot-5-command-center /vulns/2022/2022-04-13-jekyllbot-5/
(source: https://blog.trailofbits.com/2022/04/13/part-1-coordinated-disclosure-of-vulnerabilities-affecting-girault-bulletproofs-and-plonk/) ]]> Wed, 13 Apr 2022 08:00:00 -0400 https://blog.trailofbits.com/2022/04/13/part-1-coordinated-disclosure-of-vulnerabilities-affecting-girault-bulletproofs-and-plonk/ /vulns/2022/2022-04-13-frozen-heart/
(source: https://www.notgitbleed.com/) ]]> Tue, 12 Apr 2022 08:00:00 -0400 https://www.notgitbleed.com/ /vulns/2022/2022-04-12-notgitbleed/
(source: https://www.brokenwire.fail/) ]]> Mon, 04 Apr 2022 08:00:00 -0400 https://www.brokenwire.fail/ /vulns/2022/2022-04-04-brokenwire/ Wed, 30 Mar 2022 08:00:00 -0400 https://vulnerability.garden /vulns/2022/2022-03-30-spring4shell/
(source: https://docs.ssh-mitm.at/user_guide/trivialauth.html) ]]> Tue, 22 Mar 2022 08:00:00 -0400 https://docs.ssh-mitm.at/user_guide/trivialauth.html /vulns/2021/2021-03-22-trivial-authentication/
(source: https://kb.mazebolt.com/knowledgebase/tors-hammer-attack/) ]]> Mon, 21 Mar 2022 08:00:00 -0400 https://kb.mazebolt.com/knowledgebase/tors-hammer-attack/ /vulns/2022/2022-03-21-tors-hammer/
(source: http://www.mitls.org/pages/attacks/SLOTH) ]]> Mon, 21 Mar 2022 08:00:00 -0400 http://www.mitls.org/pages/attacks/SLOTH /vulns/2022/2022-03-21-sloth/
(source: https://sha-mbles.github.io) ]]> Mon, 21 Mar 2022 08:00:00 -0400 https://sha-mbles.github.io /vulns/2022/2022-03-21-shambles/
(source: https://www.mitls.org/pages/attacks/SMACK#freak) ]]> Mon, 21 Mar 2022 08:00:00 -0400 https://www.mitls.org/pages/attacks/SMACK#freak /vulns/2022/2022-03-21-freak/
(source: https://media.blackhat.com/eu-13/briefings/Beery/bh-eu-13-a-perfect-crime-beery-wp.pdf) ]]> Mon, 21 Mar 2022 08:00:00 -0400 https://media.blackhat.com/eu-13/briefings/Beery/bh-eu-13-a-perfect-crime-beery-wp.pdf /vulns/2022/2022-03-21-crime-time/
(source: http://www.mitls.org/pages/attacks/VHC) ]]> Mon, 21 Mar 2022 08:00:00 -0400 http://www.mitls.org/pages/attacks/VHC /vulns/2022/2022-03-21-cookie-cutter/
(source: https://blackhat.com/presentations/bh-usa-09/KORTCHINSKY/BHUSA09-Kortchinsky-Cloudburst-PAPER.pdf) ]]> Mon, 21 Mar 2022 08:00:00 -0400 https://blackhat.com/presentations/bh-usa-09/KORTCHINSKY/BHUSA09-Kortchinsky-Cloudburst-PAPER.pdf /vulns/2022/2022-03-21-cloudburst/
(source: https://mrd0x.com/browser-in-the-browser-phishing-attack/) ]]> Mon, 21 Mar 2022 08:00:00 -0400 https://mrd0x.com/browser-in-the-browser-phishing-attack/ /vulns/2022/2022-03-21-browser-in-the-browser/
(source: https://breachattack.com) ]]> Mon, 21 Mar 2022 08:00:00 -0400 https://breachattack.com /vulns/2022/2022-03-21-breach/
(source: https://archiv.infsec.ethz.ch/education/fs08/secsem/bleichenbacher98.pdf) ]]> Mon, 21 Mar 2022 08:00:00 -0400 https://archiv.infsec.ethz.ch/education/fs08/secsem/bleichenbacher98.pdf /vulns/2022/2022-03-21-bleichenbacher/
(source: https://www.mitls.org/pages/attacks/Alert) ]]> Mon, 21 Mar 2022 08:00:00 -0400 https://www.mitls.org/pages/attacks/Alert /vulns/2022/2022-03-21-alert/
(source: https://www.mitls.org/pages/attacks/3SHAKE) ]]> Mon, 21 Mar 2022 08:00:00 -0400 https://www.mitls.org/pages/attacks/3SHAKE /vulns/2022/2022-03-21-3shake/
(source: http://shattered.io) ]]> Fri, 18 Mar 2022 08:00:00 -0400 http://shattered.io /vulns/2022/2022-03-18-shattered/
(source: https://www.usenix.org/conference/raid2020/presentation/bhattacharyya) ]]> Thu, 17 Mar 2022 08:00:00 -0400 https://www.usenix.org/conference/raid2020/presentation/bhattacharyya /vulns/2022/2022-03-17-specrop/
(source: https://www.crowdstrike.com/en-us/blog/cr8escape-new-vulnerability-discovered-in-cri-o-container-engine-cve-2022-0811/) ]]> Wed, 16 Mar 2022 08:00:00 -0400 https://www.crowdstrike.com/en-us/blog/cr8escape-new-vulnerability-discovered-in-cri-o-container-engine-cve-2022-0811/ /vulns/2022/2022-03-16-cr8escape/
(source: https://www.microsoft.com/en-us/security/blog/2022/01/10/new-macos-vulnerability-powerdir-could-lead-to-unauthorized-user-data-access/) ]]> Wed, 16 Mar 2022 08:00:00 -0400 https://www.microsoft.com/en-us/security/blog/2022/01/10/new-macos-vulnerability-powerdir-could-lead-to-unauthorized-user-data-access/ /vulns/2022/2022-01-10-powerdir/
(source: https://www.vusec.net/projects/bhi-spectre-bhb/) ]]> Thu, 10 Mar 2022 07:00:00 -0500 https://www.vusec.net/projects/bhi-spectre-bhb/ /vulns/2022/2022-03-10-branch-history-injection/
(source: https://www.akamai.com/blog/security/phone-home-ddos-attack-vector) ]]> Wed, 09 Mar 2022 07:00:00 -0500 https://www.akamai.com/blog/security/phone-home-ddos-attack-vector /vulns/2022/2022-03-09-tp240phonehome/
(source: https://www.armis.com/research/tlstorm/) ]]> Wed, 09 Mar 2022 07:00:00 -0500 https://www.armis.com/research/tlstorm/ /vulns/2022/2022-03-09-tlstorm/
(source: https://orca.security/resources/blog/autowarp-microsoft-azure-automation-service-vulnerability/) ]]> Tue, 08 Mar 2022 07:00:00 -0500 https://orca.security/resources/blog/autowarp-microsoft-azure-automation-service-vulnerability/ /vulns/2022/2022-03-08-autowarp/
(source: https://www.forescout.com/research-labs/access7/) ]]> Tue, 08 Mar 2022 07:00:00 -0500 https://www.forescout.com/research-labs/access7/ /vulns/2022/2022-03-08-access7/
(source: https://dirtypipe.cm4all.com/) ]]> Mon, 07 Mar 2022 07:00:00 -0500 https://dirtypipe.cm4all.com/ /vulns/2022/2022-03-07-dirty-pipe/
(source: https://research.ece.ncsu.edu/aaysu/wp-content/uploads/DATE_2022_camera_ready_file.pdf) ]]> Thu, 03 Mar 2022 07:00:00 -0500 https://research.ece.ncsu.edu/aaysu/wp-content/uploads/DATE_2022_camera_ready_file.pdf /vulns/2022/2022-03-03-reveal/
(source: https://blackhat.com/docs/us-16/materials/us-16-Kotler-Crippling-HTTPS-With-Unholy-PAC.pdf) ]]> Tue, 01 Mar 2022 07:00:00 -0500 https://blackhat.com/docs/us-16/materials/us-16-Kotler-Crippling-HTTPS-With-Unholy-PAC.pdf /vulns/2022/2022-03-01-unholy-PAC/
(source: https://www.isg.rhul.ac.uk/tls/TLStiming.pdf) ]]> Tue, 01 Mar 2022 07:00:00 -0500 https://www.isg.rhul.ac.uk/tls/TLStiming.pdf /vulns/2022/2022-03-01-lucky-thirteen/
(source: https://www.semperis.com/blog/golden-gmsa-attack/) ]]> Tue, 01 Mar 2022 07:00:00 -0500 https://www.semperis.com/blog/golden-gmsa-attack/ /vulns/2022/2022-03-01-golden-gmsa-attack/
(source: https://tonyarcieri.com/cream-the-scary-ssl-attack-youve-probably-never-heard-of) ]]> Tue, 01 Mar 2022 07:00:00 -0500 https://tonyarcieri.com/cream-the-scary-ssl-attack-youve-probably-never-heard-of /vulns/2022/2022-03-01-cream/
(source: https://project-zero.issues.chromium.org/issues/42450151) ]]> Tue, 01 Mar 2022 07:00:00 -0500 https://project-zero.issues.chromium.org/issues/42450151 /vulns/2022/2022-03-01-cloudbleed/ Tue, 01 Mar 2022 07:00:00 -0500 https://vulnerability.garden /vulns/2022/2022-03-01-berserk/
(source: https://sparkes.zone/blog/ios/2019/04/30/machswap-ios-12-kernel-exploit.html) ]]> Mon, 28 Feb 2022 07:00:00 -0500 https://sparkes.zone/blog/ios/2019/04/30/machswap-ios-12-kernel-exploit.html /vulns/2022/2022-02-28-machswap/
(source: https://research.nccgroup.com/2022/02/28/brokenprint-a-netgear-stack-overflow/) ]]> Mon, 28 Feb 2022 07:00:00 -0500 https://research.nccgroup.com/2022/02/28/brokenprint-a-netgear-stack-overflow/ /vulns/2022/2022-02-28-brokenprint/
(source: https://sutcliffe.it/posts/my_first_vuln/) ]]> Mon, 21 Feb 2022 07:00:00 -0500 https://sutcliffe.it/posts/my_first_vuln/ /vulns/2022/2022-02-21-talkative-marmot/
(source: https://www.microsoft.com/en-us/security/blog/2022/02/16/ice-phishing-on-the-blockchain/) ]]> Fri, 18 Feb 2022 07:00:00 -0500 https://www.microsoft.com/en-us/security/blog/2022/02/16/ice-phishing-on-the-blockchain/ /vulns/2022/2022-02-18-ice-phishing/
(source: https://www.saurik.com/optimism.html) ]]> Tue, 15 Feb 2022 07:00:00 -0500 https://www.saurik.com/optimism.html /vulns/2022/2022-02-15-unbridled-optimism/
(source: https://wwws.nightwatchcybersecurity.com/2022/02/11/gitbleed/) ]]> Fri, 11 Feb 2022 07:00:00 -0500 https://wwws.nightwatchcybersecurity.com/2022/02/11/gitbleed/ /vulns/2022/2022-02-11-gitbleed/
(source: https://research.ifcr.dk/spoolfool-windows-print-spooler-privilege-escalation-cve-2022-22718-bf7752b68d81) ]]> Tue, 08 Feb 2022 07:00:00 -0500 https://research.ifcr.dk/spoolfool-windows-print-spooler-privilege-escalation-cve-2022-22718-bf7752b68d81 /vulns/2022/2022-02-08-spoolfool/
(source: https://blog.qualys.com/vulnerabilities-threat-research/2022/01/25/pwnkit-local-privilege-escalation-vulnerability-discovered-in-polkits-pkexec-cve-2021-4034) ]]> Tue, 25 Jan 2022 07:00:00 -0500 https://blog.qualys.com/vulnerabilities-threat-research/2022/01/25/pwnkit-local-privilege-escalation-vulnerability-discovered-in-polkits-pkexec-cve-2021-4034 /vulns/2022/2022-01-25-pwnkit/
(source: https://orca.security/resources/blog/aws-glue-vulnerability/) ]]> Fri, 14 Jan 2022 07:00:00 -0500 https://orca.security/resources/blog/aws-glue-vulnerability/ /vulns/2022/2022-01-14-superglue/
(source: https://blog.zecops.com/research/persistence-without-persistence-meet-the-ultimate-persistence-bug-noreboot/) ]]> Wed, 05 Jan 2022 07:00:00 -0500 https://blog.zecops.com/research/persistence-without-persistence-meet-the-ultimate-persistence-bug-noreboot/ /vulns/2022/2022-01-05-noreboot/
(source: https://www.reddit.com/r/sysadmin/comments/rt91z6/comment/hqrnefz/) ]]> Sat, 01 Jan 2022 07:00:00 -0500 https://www.reddit.com/r/sysadmin/comments/rt91z6/comment/hqrnefz/ /vulns/2022/2022-01-01-y2k22/
(source: https://trevorspiniolas.com/doorlock/doorlock.html) ]]> Sat, 01 Jan 2022 07:00:00 -0500 https://trevorspiniolas.com/doorlock/doorlock.html /vulns/2022/2022-01-01-doorlock/
(source: https://www.wiz.io/blog/azure-app-service-source-code-leak) ]]> Mon, 27 Dec 2021 07:00:00 -0500 https://www.wiz.io/blog/azure-app-service-source-code-leak /vulns/2021/2021-12-27-notlegit/
(source: https://i.blackhat.com/USA-20/Thursday/us-20-Classen-Spectra-Breaking-Separation-Between-Wireless-Chips.pdf) ]]> Thu, 16 Dec 2021 07:00:00 -0500 https://i.blackhat.com/USA-20/Thursday/us-20-Classen-Spectra-Breaking-Separation-Between-Wireless-Chips.pdf /vulns/2021/2021-12-16-spectra/
(source: https://twitter.com/P0rZ9/status/1468949890571337731) ]]> Fri, 10 Dec 2021 07:00:00 -0500 https://twitter.com/P0rZ9/status/1468949890571337731 /vulns/2021/2021-12-10-log4shell/
(source: https://xsleaks.dev/) ]]> Fri, 03 Dec 2021 07:00:00 -0500 https://xsleaks.dev/ /vulns/2021/2021-12-03-xs-leaks/
(source: https://project-zero.issues.chromium.org/issues/42451359) ]]> Thu, 02 Dec 2021 07:00:00 -0500 https://project-zero.issues.chromium.org/issues/42451359 /vulns/2021/2021-12-02-bigsig/
(source: https://labs.f-secure.com/publications/printing-shellz) ]]> Tue, 30 Nov 2021 07:00:00 -0500 https://labs.f-secure.com/publications/printing-shellz /vulns/2021/2021-11-30-printing-shellz/
(source: https://github.com/klinix5/InstallerFileTakeOver) ]]> Sun, 28 Nov 2021 07:00:00 -0500 https://github.com/klinix5/InstallerFileTakeOver /vulns/2021/2021-11-28-installerfiletakeover/
(source: https://www.netspi.com/blog/technical-blog/cloud-penetration-testing/azure-cloud-vulnerability-credmanifest/) ]]> Thu, 18 Nov 2021 07:00:00 -0500 https://www.netspi.com/blog/technical-blog/cloud-penetration-testing/azure-cloud-vulnerability-credmanifest/ /vulns/2022/2022-11-18-credmanifest/
(source: https://www.forescout.com/research-labs/nucleus-13/) ]]> Tue, 09 Nov 2021 07:00:00 -0500 https://www.forescout.com/research-labs/nucleus-13/ /vulns/2021/2021-11-09-nucleus-13/
(source: https://movaxbx.ru/2021/11/04/blue-klotski-cve-2021-3573-and-the-story-for-fixing/) ]]> Thu, 04 Nov 2021 08:00:00 -0400 https://movaxbx.ru/2021/11/04/blue-klotski-cve-2021-3573-and-the-story-for-fixing/ /vulns/2021/2021-11-04-blue-klotski/
(source: https://trojansource.codes/) ]]> Mon, 01 Nov 2021 08:00:00 -0400 https://trojansource.codes/ /vulns/2021/2021-11-01-trojan-source/
(source: https://www.microsoft.com/en-us/security/blog/2021/10/28/microsoft-finds-new-macos-vulnerability-shrootless-that-could-bypass-system-integrity-protection/) ]]> Thu, 28 Oct 2021 08:00:00 -0400 https://www.microsoft.com/en-us/security/blog/2021/10/28/microsoft-finds-new-macos-vulnerability-shrootless-that-could-bypass-system-integrity-protection/ /vulns/2021/2021-10-28-shrootless/
(source: https://arxiv.org/pdf/2110.10129) ]]> Mon, 25 Oct 2021 08:00:00 -0400 https://arxiv.org/pdf/2110.10129 /vulns/2021/2021-10-25-gummy-browsers/
(source: https://www.kaspersky.com/blog/mysterysnail-cve-2021-40449/42448/) ]]> Mon, 25 Oct 2021 08:00:00 -0400 https://www.kaspersky.com/blog/mysterysnail-cve-2021-40449/42448/ /vulns/2021/2021-10-25-callbackhell/
(source: https://jasonyu1996.github.io/SmashEx/) ]]> Wed, 20 Oct 2021 08:00:00 -0400 https://jasonyu1996.github.io/SmashEx/ /vulns/2021/2021-10-20-smashex/
(source: https://arxiv.org/pdf/2110.00104) ]]> Thu, 14 Oct 2021 08:00:00 -0400 https://arxiv.org/pdf/2110.00104 /vulns/2021/2021-10-14-lantenna/
(source: https://www.wiz.io/blog/omigod-critical-vulnerabilities-in-omi-azure) ]]> Mon, 13 Sep 2021 08:00:00 -0400 https://www.wiz.io/blog/omigod-critical-vulnerabilities-in-omi-azure /vulns/2021/2021-09-14-omigod/
(source: https://citizenlab.ca/research/forcedentry-nso-group-imessage-zero-click-exploit-captured-in-the-wild/) ]]> Mon, 13 Sep 2021 08:00:00 -0400 https://citizenlab.ca/research/forcedentry-nso-group-imessage-zero-click-exploit-captured-in-the-wild/ /vulns/2021/2021-09-14-forcedentry/
(source: https://www.spookjs.com/) ]]> Mon, 13 Sep 2021 08:00:00 -0400 https://www.spookjs.com/ /vulns/2021/2021-09-13-spookjs/
(source: https://unit42.paloaltonetworks.com/azure-container-instances/) ]]> Thu, 09 Sep 2021 08:00:00 -0400 https://unit42.paloaltonetworks.com/azure-container-instances/ /vulns/2021/2021-09-09-azurescape/
(source: https://gynvael.coldwind.pl/?id=742) ]]> Mon, 06 Sep 2021 08:00:00 -0400 https://gynvael.coldwind.pl/?id=742 /vulns/2021/2021-09-06-seventh-inferno/
(source: https://gynvael.coldwind.pl/?id=741) ]]> Mon, 06 Sep 2021 08:00:00 -0400 https://gynvael.coldwind.pl/?id=741 /vulns/2021/2021-09-06-draconian-fear/
(source: https://gynvael.coldwind.pl/?id=740) ]]> Mon, 06 Sep 2021 08:00:00 -0400 https://gynvael.coldwind.pl/?id=740 /vulns/2021/2021-09-06-demons-cries/
(source: https://asset-group.github.io/disclosures/sweyntooth/) ]]> Fri, 03 Sep 2021 08:00:00 -0400 https://asset-group.github.io/disclosures/sweyntooth/ /vulns/2021/2021-09-03-sweyntooth/
(source: https://asset-group.github.io/disclosures/braktooth/) ]]> Fri, 03 Sep 2021 08:00:00 -0400 https://asset-group.github.io/disclosures/braktooth/ /vulns/2021/2021-09-03-braktooth/
(source: https://arxiv.org/abs/2108.12161) ]]> Wed, 01 Sep 2021 08:00:00 -0400 https://arxiv.org/abs/2108.12161 /vulns/2021/2021-09-01-sparrow/
(source: https://www.zerodayinitiative.com/blog/2021/8/30/proxytoken-an-authentication-bypass-in-microsoft-exchange-server) ]]> Mon, 30 Aug 2021 08:00:00 -0400 https://www.zerodayinitiative.com/blog/2021/8/30/proxytoken-an-authentication-bypass-in-microsoft-exchange-server /vulns/2021/2021-08-30-proxytoken/
(source: https://chaosdb.wiz.io) ]]> Thu, 26 Aug 2021 08:00:00 -0400 https://chaosdb.wiz.io /vulns/2021/2021-08-26-chaosdb/
(source: http://blog.senr.io/devilsivy.html) ]]> Mon, 16 Aug 2021 08:00:00 -0400 http://blog.senr.io/devilsivy.html /vulns/2021/2021-08-16-devils-ivy/
(source: https://www.nassiben.com/glowworm-attack) ]]> Fri, 13 Aug 2021 08:00:00 -0400 https://www.nassiben.com/glowworm-attack /vulns/2021/2021-08-14-glowworm-attack/
(source: https://www.spinics.net/lists/netdev/msg514742.html) ]]> Mon, 09 Aug 2021 08:00:00 -0400 https://www.spinics.net/lists/netdev/msg514742.html /vulns/2021/2021-08-09-segmentsmack/ Mon, 09 Aug 2021 08:00:00 -0400 https://vulnerability.garden /vulns/2021/2021-08-09-fragmentsmack/
(source: https://blog.orange.tw/posts/2021-08-proxyshell-a-new-attack-surface-on-ms-exchange-part-3/) ]]> Fri, 06 Aug 2021 08:00:00 -0400 https://blog.orange.tw/posts/2021-08-proxyshell-a-new-attack-surface-on-ms-exchange-part-3/ /vulns/2021/2021-08-06-proxyshell/
(source: https://blog.orange.tw/posts/2021-08-proxyoracle-a-new-attack-surface-on-ms-exchange-part-2/) ]]> Fri, 06 Aug 2021 08:00:00 -0400 https://blog.orange.tw/posts/2021-08-proxyoracle-a-new-attack-surface-on-ms-exchange-part-2/ /vulns/2021/2021-08-06-proxyoracle/
(source: https://www.sentinelone.com/labs/hotcobalt-new-cobalt-strike-dos-vulnerability-that-lets-you-halt-operations/) ]]> Thu, 05 Aug 2021 08:00:00 -0400 https://www.sentinelone.com/labs/hotcobalt-new-cobalt-strike-dos-vulnerability-that-lets-you-halt-operations/ /vulns/2021/2021-08-05-hotcobalt/
(source: https://www.forescout.com/research-labs/infra-halt/) ]]> Wed, 04 Aug 2021 08:00:00 -0400 https://www.forescout.com/research-labs/infra-halt/ /vulns/2021/2021-08-04-infra-halt/
(source: https://www.armis.com/research/pwnedpiper) ]]> Mon, 02 Aug 2021 08:00:00 -0400 https://www.armis.com/research/pwnedpiper /vulns/2021/2021-08-02-pwnedpiper/
(source: https://github.com/topotam/PetitPotam?tab=readme-ov-file) ]]> Mon, 26 Jul 2021 08:00:00 -0400 https://github.com/topotam/PetitPotam?tab=readme-ov-file /vulns/2021/2021-07-26-petitpotam/
(source: https://blog.qualys.com/vulnerabilities-threat-research/2021/07/20/sequoia-a-local-privilege-escalation-vulnerability-in-linuxs-filesystem-layer-cve-2021-33909) ]]> Wed, 21 Jul 2021 08:00:00 -0400 https://blog.qualys.com/vulnerabilities-threat-research/2021/07/20/sequoia-a-local-privilege-escalation-vulnerability-in-linuxs-filesystem-layer-cve-2021-33909 /vulns/2021/2021-07-21-sequoia/ Wed, 21 Jul 2021 08:00:00 -0400 https://vulnerability.garden /vulns/2021/2021-07-21-hivenightmare/
(source: https://blog.zecops.com/research/meet-wifidemon-ios-wifi-rce-0-day-vulnerability-and-a-zero-click-vulnerability-that-was-silently-patched/) ]]> Sun, 18 Jul 2021 08:00:00 -0400 https://blog.zecops.com/research/meet-wifidemon-ios-wifi-rce-0-day-vulnerability-and-a-zero-click-vulnerability-that-was-silently-patched/ /vulns/2021/2021-07-18-wifidemon/
(source: https://www.armis.com/research/modipwn/) ]]> Tue, 13 Jul 2021 08:00:00 -0400 https://www.armis.com/research/modipwn/ /vulns/2021/2021-07-13-modipwn/
(source: https://onapsis.com/recon-sap-cyber-security-vulnerability) ]]> Sun, 11 Jul 2021 08:00:00 -0400 https://onapsis.com/recon-sap-cyber-security-vulnerability /vulns/2021/2021-07-11-recon/
(source: https://github.com/zkenjar/v0ltpwn) ]]> Mon, 28 Jun 2021 08:00:00 -0400 https://github.com/zkenjar/v0ltpwn /vulns/2021/2021-06-28-v0ltpwn/
(source: https://trmm.net/Thunderstrike/) ]]> Mon, 28 Jun 2021 08:00:00 -0400 https://trmm.net/Thunderstrike/ /vulns/2021/2021-06-28-thunderstrike/
(source: https://trmm.net/Thunderstrike_2/) ]]> Mon, 28 Jun 2021 08:00:00 -0400 https://trmm.net/Thunderstrike_2/ /vulns/2021/2021-06-28-thunderstrike-2/
(source: https://archive.conference.hitb.org/hitbsecconf2014kul/wp-content/uploads/2014/08/HITB2014KUL-SENTER-Sandman.pdf) ]]> Mon, 28 Jun 2021 08:00:00 -0400 https://archive.conference.hitb.org/hitbsecconf2014kul/wp-content/uploads/2014/08/HITB2014KUL-SENTER-Sandman.pdf /vulns/2021/2021-06-28-senter-sandman/
(source: https://sepiocyber.com/blog/evil-maid-attack/) ]]> Mon, 28 Jun 2021 08:00:00 -0400 https://sepiocyber.com/blog/evil-maid-attack/ /vulns/2021/2021-06-28-evil-maid/
(source: https://arxiv.org/abs/2002.08437) ]]> Mon, 28 Jun 2021 08:00:00 -0400 https://arxiv.org/abs/2002.08437 /vulns/2021/2021-06-28-copycat/
(source: https://blog.exodusintel.com/2017/07/26/broadpwn/) ]]> Mon, 28 Jun 2021 08:00:00 -0400 https://blog.exodusintel.com/2017/07/26/broadpwn/ /vulns/2021/2021-06-28-broadpwn/
(source: https://www.cs.ucr.edu/~nael/pubs/asplos18.pdf) ]]> Mon, 28 Jun 2021 08:00:00 -0400 https://www.cs.ucr.edu/~nael/pubs/asplos18.pdf /vulns/2021/2021-06-28-branchscope/
(source: https://www.elastic.co/blog/process-ghosting-a-new-executable-image-tampering-attack) ]]> Wed, 16 Jun 2021 08:00:00 -0400 https://www.elastic.co/blog/process-ghosting-a-new-executable-image-tampering-attack /vulns/2021/2021-06-16-process-ghosting/
(source: https://codecolor.ist/mistune/) ]]> Tue, 15 Jun 2021 08:00:00 -0400 https://codecolor.ist/mistune/ /vulns/2021/2021-06-15-mistune/
(source: https://support.lenovo.com/us/en/product_security/ps500035-superfish-vulnerability) ]]> Fri, 11 Jun 2021 08:00:00 -0400 https://support.lenovo.com/us/en/product_security/ps500035-superfish-vulnerability /vulns/2021/2021-06-11-superfish/
(source: https://developer.arm.com/-/media/Arm%20Developer%20Community/PDF/Security%20Update%2008%20June%202020/Straight-line_Speculation-v1.0.pdf?revision=d7a69e60-1bb0-4dc0-b929-3685021e782a) ]]> Fri, 11 Jun 2021 08:00:00 -0400 https://developer.arm.com/-/media/Arm%20Developer%20Community/PDF/Security%20Update%2008%20June%202020/Straight-line_Speculation-v1.0.pdf?revision=d7a69e60-1bb0-4dc0-b929-3685021e782a /vulns/2021/2021-06-11-sls/
(source: https://windows-internals.com/faxing-your-way-to-system/) ]]> Fri, 11 Jun 2021 08:00:00 -0400 https://windows-internals.com/faxing-your-way-to-system/ /vulns/2021/2021-06-11-faxhell/
(source: https://ofirarkin.wordpress.com/wp-content/uploads/2008/11/atstake_etherleak_report.pdf) ]]> Thu, 10 Jun 2021 08:00:00 -0400 https://ofirarkin.wordpress.com/wp-content/uploads/2008/11/atstake_etherleak_report.pdf /vulns/2021/2021-06-10-etherleak/
(source: https://alpaca-attack.com) ]]> Thu, 10 Jun 2021 08:00:00 -0400 https://alpaca-attack.com /vulns/2021/2021-06-10-alpaca/
(source: https://sowhat.iit.cnr.it/pdf/IIT-20-2020.pdf) ]]> Sun, 06 Jun 2021 08:00:00 -0400 https://sowhat.iit.cnr.it/pdf/IIT-20-2020.pdf /vulns/2021/2021-06-06-koffee/
(source: https://x.com/shreyapohekar/status/1397969799305592832) ]]> Thu, 27 May 2021 08:00:00 -0400 https://x.com/shreyapohekar/status/1397969799305592832 /vulns/2021/2021-05-27-failstrike/
(source: https://m1racles.com/) ]]> Wed, 26 May 2021 08:00:00 -0400 https://m1racles.com/ /vulns/2021/2021-05-26-m1racles/
(source: https://security.googleblog.com/2021/05/introducing-half-double-new-hammering.html) ]]> Wed, 26 May 2021 08:00:00 -0400 https://security.googleblog.com/2021/05/introducing-half-double-new-hammering.html /vulns/2021/2021-05-26-half-double/
(source: https://www.fragattacks.com/) ]]> Wed, 12 May 2021 08:00:00 -0400 https://www.fragattacks.com/ /vulns/2021/2021-05-12-fragattacks/
(source: https://tsuname.io/) ]]> Sun, 09 May 2021 08:00:00 -0400 https://tsuname.io/ /vulns/2021/2021-05-09-tsuname/
(source: https://axelp.io/MouseTrap) ]]> Sun, 09 May 2021 08:00:00 -0400 https://axelp.io/MouseTrap /vulns/2021/2021-05-09-mousetrap/
(source: https://blog.qualys.com/vulnerabilities-threat-research/2021/05/04/21nails-multiple-vulnerabilities-in-exim-mail-server) ]]> Wed, 05 May 2021 08:00:00 -0400 https://blog.qualys.com/vulnerabilities-threat-research/2021/05/04/21nails-multiple-vulnerabilities-in-exim-mail-server /vulns/2021/2021-05-05-21nails/
(source: https://www.microsoft.com/en-us/msrc/blog/2021/04/badalloc-memory-allocation-vulnerabilities-could-affect-wide-range-of-iot-and-ot-devices-in-industrial-medical-and-enterprise-networks) ]]> Fri, 30 Apr 2021 08:00:00 -0400 https://www.microsoft.com/en-us/msrc/blog/2021/04/badalloc-memory-allocation-vulnerabilities-could-affect-wide-range-of-iot-and-ot-devices-in-industrial-medical-and-enterprise-networks /vulns/2021/2021-04-30-badalloc/
(source: https://foxglovesecurity.com/2016/09/26/rotten-potato-privilege-escalation-from-service-accounts-to-system/) ]]> Thu, 29 Apr 2021 08:00:00 -0400 https://foxglovesecurity.com/2016/09/26/rotten-potato-privilege-escalation-from-service-accounts-to-system/ /vulns/2021/2021-04-29-rotten-potato/
(source: https://doar-e.github.io/blog/2021/04/15/reverse-engineering-tcpipsys-mechanics-of-a-packet-of-the-death-cve-2021-24086/) ]]> Thu, 15 Apr 2021 08:00:00 -0400 https://doar-e.github.io/blog/2021/04/15/reverse-engineering-tcpipsys-mechanics-of-a-packet-of-the-death-cve-2021-24086/ /vulns/2021/2021-04-15-packet-of-the-death/
(source: https://www.vusec.net/projects/smash/) ]]> Wed, 14 Apr 2021 08:00:00 -0400 https://www.vusec.net/projects/smash/ /vulns/2021/2021-04-14-smash/
(source: https://shenaniganslabs.io/2021/04/13/Airstrike.html) ]]> Wed, 14 Apr 2021 08:00:00 -0400 https://shenaniganslabs.io/2021/04/13/Airstrike.html /vulns/2021/2021-04-14-airstrike-attack/
(source: https://www.forescout.com/research-labs/namewreck/) ]]> Tue, 13 Apr 2021 08:00:00 -0400 https://www.forescout.com/research-labs/namewreck/ /vulns/2021/2021-04-13-name-wreck/
(source: https://leethax0.rs/2021/04/ElectricChrome/) ]]> Tue, 13 Apr 2021 08:00:00 -0400 https://leethax0.rs/2021/04/ElectricChrome/ /vulns/2021/2021-04-13-electric-chrome/
(source: https://www.forescout.com/research-labs/amnesia33/) ]]> Tue, 13 Apr 2021 08:00:00 -0400 https://www.forescout.com/research-labs/amnesia33/ /vulns/2021/2021-04-13-amnesia-33/
(source: https://nebelwelt.net/blog/20190306-SMoTherSpectre.html) ]]> Sun, 11 Apr 2021 08:00:00 -0400 https://nebelwelt.net/blog/20190306-SMoTherSpectre.html /vulns/2021/2021-04-11-smotherspectre/
(source: https://www.smacktls.com#skip) ]]> Sun, 21 Mar 2021 08:00:00 -0400 https://www.smacktls.com#skip /vulns/2021/2021-03-21-skip-tls/
(source: https://proxylogon.com/) ]]> Fri, 12 Mar 2021 07:00:00 -0500 https://proxylogon.com/ /vulns/2021/2021-03-12-proxylogon/
(source: https://www.ndss-symposium.org/wp-content/uploads/ndss2021_1B-4_24117_paper.pdf) ]]> Tue, 23 Feb 2021 07:00:00 -0500 https://www.ndss-symposium.org/wp-content/uploads/ndss2021_1B-4_24117_paper.pdf /vulns/2021/2021-02-23-shadow-attacks/
(source: https://www.forescout.com/blog/numberjack-forescout-research-labs-finds-nine-isn-generation-vulnerabilities-affecting-tcpip-stacks/) ]]> Fri, 12 Feb 2021 07:00:00 -0500 https://www.forescout.com/blog/numberjack-forescout-research-labs-finds-nine-isn-generation-vulnerabilities-affecting-tcpip-stacks/ /vulns/2021/2021-02-12-number-jack/
(source: https://learn.microsoft.com/en-us/answers/questions/830233/patch-to-fix-printnightmare-vulnerability) ]]> Fri, 29 Jan 2021 07:00:00 -0500 https://learn.microsoft.com/en-us/answers/questions/830233/patch-to-fix-printnightmare-vulnerability /vulns/2021/2021-01-29-printnightmare/
(source: https://blog.qualys.com/vulnerabilities-threat-research/2021/01/26/cve-2021-3156-heap-based-buffer-overflow-in-sudo-baron-samedit) ]]> Wed, 27 Jan 2021 07:00:00 -0500 https://blog.qualys.com/vulnerabilities-threat-research/2021/01/26/cve-2021-3156-heap-based-buffer-overflow-in-sudo-baron-samedit /vulns/2021/2021-01-27-baron-samedit/
(source: https://medium.com/@baronyogev/kindledrip-from-your-kindles-email-address-to-using-your-credit-card-bb93dbfb2a08) ]]> Fri, 22 Jan 2021 07:00:00 -0500 https://medium.com/@baronyogev/kindledrip-from-your-kindles-email-address-to-using-your-credit-card-bb93dbfb2a08 /vulns/2021/2021-01-22-kindledrip/
(source: https://www.ash-king.co.uk/blog/Shazlocate-abusing-CVE-2019-8791-CVE-2019-8792) ]]> Wed, 20 Jan 2021 07:00:00 -0500 https://www.ash-king.co.uk/blog/Shazlocate-abusing-CVE-2019-8791-CVE-2019-8792 /vulns/2021/2021-01-20-shazlocate/
(source: https://www.jsof-tech.com/disclosures/dnspooq/) ]]> Tue, 19 Jan 2021 07:00:00 -0500 https://www.jsof-tech.com/disclosures/dnspooq/ /vulns/2021/2021-01-19-dnspooq/
(source: https://cablehaunt.com) ]]> Thu, 14 Jan 2021 07:00:00 -0500 https://cablehaunt.com /vulns/2020/2020-01-14-cablehaunt/
(source: https://www.netspi.com/blog/technical-blog/network-pentesting/cve-2020-17049-kerberos-bronze-bit-overview/) ]]> Thu, 10 Dec 2020 07:00:00 -0500 https://www.netspi.com/blog/technical-blog/network-pentesting/cve-2020-17049-kerberos-bronze-bit-overview/ /vulns/2020/2020-12-10-kerberos-bronze-bit/
(source: https://raccoon-attack.com/) ]]> Thu, 19 Nov 2020 07:00:00 -0500 https://raccoon-attack.com/ /vulns/2020/2020-11-19-raccoon/
(source: https://www.saddns.net/) ]]> Thu, 12 Nov 2020 07:00:00 -0500 https://www.saddns.net/ /vulns/2020/2020-11-12-sad-dns/
(source: https://platypusattack.com/) ]]> Wed, 11 Nov 2020 07:00:00 -0500 https://platypusattack.com/ /vulns/2020/2020-11-11-platypus/
(source: https://lviattack.eu) ]]> Sun, 08 Nov 2020 07:00:00 -0500 https://lviattack.eu /vulns/2020/2020-11-08-lvi/
(source: https://cymptom.com/gateway2hell-multiple-privilege-escalation-vulnerabilities-in-citrix-gateway-plug-in/2020/10/) ]]> Wed, 21 Oct 2020 08:00:00 -0400 https://cymptom.com/gateway2hell-multiple-privilege-escalation-vulnerabilities-in-citrix-gateway-plug-in/2020/10/ /vulns/2020/2020-10-21-gateway2hell/
(source: https://darkbit.io/blog/cve-2020-15157-containerdrip) ]]> Tue, 20 Oct 2020 08:00:00 -0400 https://darkbit.io/blog/cve-2020-15157-containerdrip /vulns/2020/2020-10-20-containerdrip/
(source: https://blog.br0vvnn.io/pages/blogpost.aspx?id=1&ln=0) ]]> Wed, 14 Oct 2020 08:00:00 -0400 https://blog.br0vvnn.io/pages/blogpost.aspx?id=1&ln=0 /vulns/2020/2020-10-24-dos2rce/
(source: https://blog.t8012.dev/plug-n-pwn/) ]]> Wed, 14 Oct 2020 08:00:00 -0400 https://blog.t8012.dev/plug-n-pwn/ /vulns/2020/2020-10-14-plug-n-pwn/
(source: https://msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16899) ]]> Wed, 14 Oct 2020 08:00:00 -0400 https://msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16899 /vulns/2020/2020-10-14-ping-of-death-2020/
(source: https://google.github.io/security-research/pocs/linux/bleedingtooth/writeup.html) ]]> Wed, 14 Oct 2020 08:00:00 -0400 https://google.github.io/security-research/pocs/linux/bleedingtooth/writeup.html /vulns/2020/2020-10-14-bleedingtooth/
(source: https://x.com/jonasLyk/status/1316104870987010048) ]]> Wed, 14 Oct 2020 08:00:00 -0400 https://x.com/jonasLyk/status/1316104870987010048 /vulns/2020/2020-10-14-bits-please/
(source: https://msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16898) ]]> Wed, 14 Oct 2020 08:00:00 -0400 https://msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16898 /vulns/2020/2020-10-14-bad-neighbor/
(source: https://blog.malwarebytes.com/malwarebytes-news/2020/10/kraken-attack-abuses-wer-service/) ]]> Mon, 12 Oct 2020 08:00:00 -0400 https://blog.malwarebytes.com/malwarebytes-news/2020/10/kraken-attack-abuses-wer-service/ /vulns/2020/2020-10-12-kraken/
(source: https://hexhive.epfl.ch/BLURtooth/) ]]> Wed, 30 Sep 2020 08:00:00 -0400 https://hexhive.epfl.ch/BLURtooth/ /vulns/2020/2020-09-30-blurtooth/
(source: https://cybersecurity.bureauveritas.com/blog/zero-logon) ]]> Fri, 18 Sep 2020 08:00:00 -0400 https://cybersecurity.bureauveritas.com/blog/zero-logon /vulns/2020/2020-09-18-zerologon/
(source: https://blog.virustotal.com/2019/01/distribution-of-malicious-jar-appended.html) ]]> Mon, 17 Aug 2020 08:00:00 -0400 https://blog.virustotal.com/2019/01/distribution-of-malicious-jar-appended.html /vulns/2020/2020-08-17-glueball/
(source: https://revolte-attack.net/) ]]> Thu, 13 Aug 2020 08:00:00 -0400 https://revolte-attack.net/ /vulns/2020/2020-08-13-revolte/
(source: https://windows-internals.com/printdemon-cve-2020-1048/) ]]> Tue, 11 Aug 2020 08:00:00 -0400 https://windows-internals.com/printdemon-cve-2020-1048/ /vulns/2020/2020-08-11-printdemon/
(source: https://www.armis.com/research/etheroops/) ]]> Fri, 07 Aug 2020 08:00:00 -0400 https://www.armis.com/research/etheroops/ /vulns/2020/2020-08-07-etheroops/
(source: https://www.armis.com/research/cdpwn/) ]]> Fri, 07 Aug 2020 08:00:00 -0400 https://www.armis.com/research/cdpwn/ /vulns/2020/2020-08-07-cdpwn/
(source: https://blog.checkpoint.com/security/achilles-small-chip-big-peril/) ]]> Fri, 07 Aug 2020 08:00:00 -0400 https://blog.checkpoint.com/security/achilles-small-chip-big-peril/ /vulns/2020/2020-08-07-achilles/
(source: https://objective-see.org/blog/blog_0x4D.html) ]]> Mon, 03 Aug 2020 08:00:00 -0400 https://objective-see.org/blog/blog_0x4D.html /vulns/2020/2020-08-03-unauthd/
(source: https://eclypsium.com/research/theres-a-hole-in-the-boot/) ]]> Wed, 29 Jul 2020 08:00:00 -0400 https://eclypsium.com/research/theres-a-hole-in-the-boot/ /vulns/2020/2020-07-29-boothole/
(source: https://yadi.sk/d/NJqzpqo_3GxZA4) ]]> Tue, 28 Jul 2020 08:00:00 -0400 https://yadi.sk/d/NJqzpqo_3GxZA4 /vulns/2020/2020-07-28-educatedscholar/
(source: https://xlab.tencent.com/cn/2020/07/16/badpower/) ]]> Tue, 21 Jul 2020 08:00:00 -0400 https://xlab.tencent.com/cn/2020/07/16/badpower/ /vulns/2020/2020-07-21-badpower/
(source: https://research.checkpoint.com/2020/resolving-your-way-into-domain-admin-exploiting-a-17-year-old-bug-in-windows-dns-servers/) ]]> Tue, 14 Jul 2020 08:00:00 -0400 https://research.checkpoint.com/2020/resolving-your-way-into-domain-admin-exploiting-a-17-year-old-bug-in-windows-dns-servers/ /vulns/2020/2020-07-14-sigred/
(source: https://www.eset.com/afr/kr00k/) ]]> Fri, 10 Jul 2020 08:00:00 -0400 https://www.eset.com/afr/kr00k/ /vulns/2020/2020-07-10-kr00k/
(source: https://www.0xsha.io/posts/zombievpn-breaking-that-internet-security) ]]> Wed, 01 Jul 2020 08:00:00 -0400 https://www.0xsha.io/posts/zombievpn-breaking-that-internet-security /vulns/2020/2020-07-01-zombievpn/
(source: https://insinuator.net/2020/02/critical-bluetooth-vulnerability-in-android-cve-2020-0022/) ]]> Thu, 18 Jun 2020 08:00:00 -0400 https://insinuator.net/2020/02/critical-bluetooth-vulnerability-in-android-cve-2020-0022/ /vulns/2020/2020-06-18-bluefrag/
(source: https://www.jsof-tech.com/ripple20/) ]]> Tue, 16 Jun 2020 08:00:00 -0400 https://www.jsof-tech.com/ripple20/ /vulns/2020/2020-06-16-ripple20/
(source: https://onapsis.com/blog/oracle-payday-vulnerabilities/) ]]> Tue, 16 Jun 2020 08:00:00 -0400 https://onapsis.com/blog/oracle-payday-vulnerabilities/ /vulns/2020/2020-06-16-payday/
(source: https://www.onapsis.com/oracle-bigdebit-vulnerabilities) ]]> Tue, 16 Jun 2020 08:00:00 -0400 https://www.onapsis.com/oracle-bigdebit-vulnerabilities /vulns/2020/2020-06-16-bigdebit/
(source: https://x.com/R3dF09/status/1271485928989528064) ]]> Mon, 15 Jun 2020 08:00:00 -0400 https://x.com/R3dF09/status/1271485928989528064 /vulns/2020/2020-06-15-evilprinter/
(source: https://airbus-cyber-security.com/diving-into-the-smblost-vulnerability-cve-2020-1301/) ]]> Wed, 10 Jun 2020 08:00:00 -0400 https://airbus-cyber-security.com/diving-into-the-smblost-vulnerability-cve-2020-1301/ /vulns/2020/2020-06-10-smblost/
(source: https://blog.zecops.com/vulnerabilities/smbleedingghost-writeup-chaining-smbleed-cve-2020-1206-with-smbghost/) ]]> Wed, 10 Jun 2020 08:00:00 -0400 https://blog.zecops.com/vulnerabilities/smbleedingghost-writeup-chaining-smbleed-cve-2020-1206-with-smbghost/ /vulns/2020/2020-06-10-smbleed/
(source: https://sgaxe.com) ]]> Wed, 10 Jun 2020 08:00:00 -0400 https://sgaxe.com /vulns/2020/2020-06-10-sgaxe/
(source: https://mdsattacks.com/#ridl-ng) ]]> Wed, 10 Jun 2020 08:00:00 -0400 https://mdsattacks.com/#ridl-ng /vulns/2020/2020-06-10-ridl/
(source: https://mdsattacks.com/) ]]> Wed, 10 Jun 2020 08:00:00 -0400 https://mdsattacks.com/ /vulns/2020/2020-06-10-fallout/
(source: https://www.vusec.net/projects/crosstalk/) ]]> Wed, 10 Jun 2020 08:00:00 -0400 https://www.vusec.net/projects/crosstalk/ /vulns/2020/2020-06-10-crosstalk/
(source: https://callstranger.com/) ]]> Mon, 08 Jun 2020 08:00:00 -0400 https://callstranger.com/ /vulns/2020/2020-06-08-callstranger/
(source: https://msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0796) ]]> Wed, 03 Jun 2020 08:00:00 -0400 https://msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0796 /vulns/2020/2020-06-03-smbghost/
(source: https://francozappa.github.io/about-bias/) ]]> Wed, 27 May 2020 08:00:00 -0400 https://francozappa.github.io/about-bias/ /vulns/2020/2020-05-27-bias/
(source: https://thunderspy.io/) ]]> Tue, 12 May 2020 08:00:00 -0400 https://thunderspy.io/ /vulns/2020/2020-05-12-thunderspy/
(source: https://www.chaitin.cn/en/ghostcat) ]]> Tue, 03 Mar 2020 07:00:00 -0500 https://www.chaitin.cn/en/ghostcat /vulns/2020/2020-03-03-ghostcat/
(source: https://cacheoutattack.com) ]]> Tue, 28 Jan 2020 07:00:00 -0500 https://cacheoutattack.com /vulns/2020/2020-01-28-cacheout/
(source: https://github.com/ly4k/BlueGate) ]]> Mon, 27 Jan 2020 07:00:00 -0500 https://github.com/ly4k/BlueGate /vulns/2020/2020-01-27-bluegate/
(source: https://msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0601) ]]> Fri, 17 Jan 2020 07:00:00 -0500 https://msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0601 /vulns/2020/2020-01-17-curveball/
(source: https://badpackets.net/over-25000-citrix-netscaler-endpoints-vulnerable-to-cve-2019-19781/) ]]> Tue, 14 Jan 2020 07:00:00 -0500 https://badpackets.net/over-25000-citrix-netscaler-endpoints-vulnerable-to-cve-2019-19781/ /vulns/2020/2020-01-14-shitrix/
(source: https://blade.tencent.com/magellan/index_en.html) ]]> Thu, 02 Jan 2020 07:00:00 -0500 https://blade.tencent.com/magellan/index_en.html /vulns/2020/2020-01-02-magellan/
(source: https://blade.tencent.com/en/advisories/sqlite_v2/) ]]> Thu, 02 Jan 2020 07:00:00 -0500 https://blade.tencent.com/en/advisories/sqlite_v2/ /vulns/2020/2020-01-02-magellan-2/
(source: https://kishan.org/airdos/) ]]> Mon, 16 Dec 2019 07:00:00 -0500 https://kishan.org/airdos/ /vulns/2019/2019-12-16-airdos/
(source: https://plundervolt.com) ]]> Tue, 10 Dec 2019 07:00:00 -0500 https://plundervolt.com /vulns/2019/2019-12-10-plundervolt/
(source: https://shenaniganslabs.io/2019/11/12/Ghost-Potato.html) ]]> Fri, 15 Nov 2019 07:00:00 -0500 https://shenaniganslabs.io/2019/11/12/Ghost-Potato.html /vulns/2019/2019-11-15-ghost-potato/
(source: https://github.com/axi0mX/alloc8) ]]> Mon, 21 Oct 2019 08:00:00 -0400 https://github.com/axi0mX/alloc8 /vulns/2019/2019-10-21-alloc8/
(source: https://project-zero.issues.chromium.org/issues/42451036) ]]> Fri, 18 Oct 2019 08:00:00 -0400 https://project-zero.issues.chromium.org/issues/42451036 /vulns/2019/2019-10-18-qu1ckr00t/
(source: https://www.vusec.net/projects/tlbleed/) ]]> Fri, 13 Sep 2019 08:00:00 -0400 https://www.vusec.net/projects/tlbleed/ /vulns/2019/2019-09-13-tlbleed/
(source: https://seclists.org/oss-sec/2018/q4/123) ]]> Fri, 13 Sep 2019 08:00:00 -0400 https://seclists.org/oss-sec/2018/q4/123 /vulns/2019/2019-09-13-portsmash/
(source: https://misc0110.net/web/files/netspectre.pdf) ]]> Fri, 13 Sep 2019 08:00:00 -0400 https://misc0110.net/web/files/netspectre.pdf /vulns/2019/2019-09-13-netspectre/
(source: https://www.vusec.net/projects/netcat/) ]]> Fri, 13 Sep 2019 08:00:00 -0400 https://www.vusec.net/projects/netcat/ /vulns/2019/2019-09-13-netcat/
(source: https://foreshadowattack.eu) ]]> Fri, 13 Sep 2019 08:00:00 -0400 https://foreshadowattack.eu /vulns/2019/2019-09-13-foreshadow/
(source: https://foreshadowattack.eu) ]]> Fri, 13 Sep 2019 08:00:00 -0400 https://foreshadowattack.eu /vulns/2019/2019-09-13-foreshadow-ng/
(source: https://project-zero.issues.chromium.org/issues/42450885#comment14) ]]> Thu, 22 Aug 2019 08:00:00 -0400 https://project-zero.issues.chromium.org/issues/42450885#comment14 /vulns/2019/2019-08-22-sockpuppet/
(source: https://knobattack.com) ]]> Wed, 14 Aug 2019 08:00:00 -0400 https://knobattack.com /vulns/2019/2019-08-14-knob/
(source: https://www.bitdefender.com/business/swapgs-attack.html) ]]> Tue, 13 Aug 2019 08:00:00 -0400 https://www.bitdefender.com/business/swapgs-attack.html /vulns/2019/2019-08-13-swapgs/
(source: https://wpa3.mathyvanhoef.com) ]]> Tue, 13 Aug 2019 08:00:00 -0400 https://wpa3.mathyvanhoef.com /vulns/2019/2019-08-13-dragonblood/
(source: https://www.microsoft.com/en-us/msrc/blog/2019/08/patch-new-wormable-vulnerabilities-in-remote-desktop-services-cve-2019-1181-1182) ]]> Tue, 13 Aug 2019 08:00:00 -0400 https://www.microsoft.com/en-us/msrc/blog/2019/08/patch-new-wormable-vulnerabilities-in-remote-desktop-services-cve-2019-1181-1182 /vulns/2019/2019-08-13-dejablue/
(source: https://www.armis.com/research/urgent-11/) ]]> Wed, 31 Jul 2019 08:00:00 -0400 https://www.armis.com/research/urgent-11/ /vulns/2019/2019-07-31-urgent11/
(source: https://www.armis.com/research/bleedingbit/) ]]> Mon, 08 Jul 2019 08:00:00 -0400 https://www.armis.com/research/bleedingbit/ /vulns/2019/2019-07-08-bleedingbit/
(source: https://zombieloadattack.com) ]]> Sat, 22 Jun 2019 08:00:00 -0400 https://zombieloadattack.com /vulns/2019/2019-06-22-zombieload/
(source: https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md) ]]> Tue, 18 Jun 2019 08:00:00 -0400 https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md /vulns/2019/2019-06-18-sack-panic/
(source: https://rambleed.com) ]]> Wed, 12 Jun 2019 08:00:00 -0400 https://rambleed.com /vulns/2019/2019-06-12-rambleed/
(source: https://i.blackhat.com/USA-19/Wednesday/us-19-Simakov-Finding-A-Needle-In-An-Encrypted-Haystack-Leveraging-Cryptographic-Abilities-To-Detect-The-Most-Prevalent-Attacks-On-Active-Directory.pdf) ]]> Wed, 12 Jun 2019 08:00:00 -0400 https://i.blackhat.com/USA-19/Wednesday/us-19-Simakov-Finding-A-Needle-In-An-Encrypted-Haystack-Leveraging-Cryptographic-Abilities-To-Detect-The-Most-Prevalent-Attacks-On-Active-Directory.pdf /vulns/2019/2019-06-12-drop-the-mic/
(source: https://i.blackhat.com/USA-19/Wednesday/us-19-Simakov-Finding-A-Needle-In-An-Encrypted-Haystack-Leveraging-Cryptographic-Abilities-To-Detect-The-Most-Prevalent-Attacks-On-Active-Directory.pdf) ]]> Wed, 12 Jun 2019 08:00:00 -0400 https://i.blackhat.com/USA-19/Wednesday/us-19-Simakov-Finding-A-Needle-In-An-Encrypted-Haystack-Leveraging-Cryptographic-Abilities-To-Detect-The-Most-Prevalent-Attacks-On-Active-Directory.pdf /vulns/2019/2019-06-12-drop-the-mic-2/
(source: https://dynoroot.ninja) ]]> Tue, 04 Jun 2019 08:00:00 -0400 https://dynoroot.ninja /vulns/2019/2019-06-04-dynoroot/
(source: https://venom.crowdstrike.com/) ]]> Fri, 31 May 2019 08:00:00 -0400 https://venom.crowdstrike.com/ /vulns/2019/2019-05-31-venom/
(source: https://sweet32.info) ]]> Fri, 31 May 2019 08:00:00 -0400 https://sweet32.info /vulns/2019/2019-05-31-sweet32/
(source: http://blog.zimperium.com/experts-found-a-unicorn-in-the-heart-of-android/) ]]> Fri, 31 May 2019 08:00:00 -0400 http://blog.zimperium.com/experts-found-a-unicorn-in-the-heart-of-android/ /vulns/2019/2019-05-31-stagefright/
(source: https://meltdownattack.com) ]]> Fri, 31 May 2019 08:00:00 -0400 https://meltdownattack.com /vulns/2019/2019-05-31-spectre/
(source: https://web.archive.org/web/20181126181150/http://thread.gmane.org/gmane.comp.shells.bash.bugs/22418) ]]> Fri, 31 May 2019 08:00:00 -0400 https://web.archive.org/web/20181126181150/http://thread.gmane.org/gmane.comp.shells.bash.bugs/22418 /vulns/2019/2019-05-31-shellshock/
(source: http://www.isightpartners.com/2014/10/cve-2014-4114/) ]]> Fri, 31 May 2019 08:00:00 -0400 http://www.isightpartners.com/2014/10/cve-2014-4114/ /vulns/2019/2019-05-31-sandworm/
(source: https://www.samba.org/samba/security/CVE-2017-7494.html) ]]> Fri, 31 May 2019 08:00:00 -0400 https://www.samba.org/samba/security/CVE-2017-7494.html /vulns/2019/2019-05-31-sambacry/ Fri, 31 May 2019 08:00:00 -0400 https://vulnerability.garden /vulns/2019/2019-05-31-rowhammer/
(source: https://robotattack.org) ]]> Fri, 31 May 2019 08:00:00 -0400 https://robotattack.org /vulns/2019/2019-05-31-robot/
(source: https://openssl-library.org/files/ssl-poodle.pdf) ]]> Fri, 31 May 2019 08:00:00 -0400 https://openssl-library.org/files/ssl-poodle.pdf /vulns/2019/2019-05-31-poodle/
(source: https://web.archive.org/web/20000303212433/http:/www.infowar.com/iwftp/iw_sec/iw_sec_01.txt) ]]> Fri, 31 May 2019 08:00:00 -0400 https://web.archive.org/web/20000303212433/http:/www.infowar.com/iwftp/iw_sec/iw_sec_01.txt /vulns/2019/2019-05-31-pizza-thief/
(source: https://blog.fuzzing-project.org/60-Optionsbleed-HTTP-OPTIONS-method-can-leak-Apaches-server-memory.html) ]]> Fri, 31 May 2019 08:00:00 -0400 https://blog.fuzzing-project.org/60-Optionsbleed-HTTP-OPTIONS-method-can-leak-Apaches-server-memory.html /vulns/2019/2019-05-31-optionsbleed/
(source: https://meltdownattack.com) ]]> Fri, 31 May 2019 08:00:00 -0400 https://meltdownattack.com /vulns/2019/2019-05-31-meltdown/
(source: https://www.mitls.org/pages/attacks/Logjam) ]]> Fri, 31 May 2019 08:00:00 -0400 https://www.mitls.org/pages/attacks/Logjam /vulns/2019/2019-05-31-logjam/
(source: https://www.krackattacks.com) ]]> Fri, 31 May 2019 08:00:00 -0400 https://www.krackattacks.com /vulns/2019/2019-05-31-krack/
(source: https://imagetragick.com) ]]> Fri, 31 May 2019 08:00:00 -0400 https://imagetragick.com /vulns/2019/2019-05-31-imagetragick/
(source: https://blackhat.com/docs/us-16/materials/us-16-VanGoethem-HEIST-HTTP-Encrypted-Information-Can-Be-Stolen-Through-TCP-Windows-wp.pdf) ]]> Fri, 31 May 2019 08:00:00 -0400 https://blackhat.com/docs/us-16/materials/us-16-VanGoethem-HEIST-HTTP-Encrypted-Information-Can-Be-Stolen-Through-TCP-Windows-wp.pdf /vulns/2019/2019-05-31-heist/
(source: https://heartbleed.com) ]]> Fri, 31 May 2019 08:00:00 -0400 https://heartbleed.com /vulns/2019/2019-05-31-heartbleed/
(source: https://gotofail.com/) ]]> Fri, 31 May 2019 08:00:00 -0400 https://gotofail.com/ /vulns/2019/2019-05-31-gotofail/
(source: https://www.qualys.com/research/security-advisories/GHOST-CVE-2015-0235.txt) ]]> Fri, 31 May 2019 08:00:00 -0400 https://www.qualys.com/research/security-advisories/GHOST-CVE-2015-0235.txt /vulns/2019/2019-05-31-ghost/
(source: https://yadi.sk/d/NJqzpqo_3GxZA4) ]]> Fri, 31 May 2019 08:00:00 -0400 https://yadi.sk/d/NJqzpqo_3GxZA4 /vulns/2019/2019-05-31-eternalromance/ Fri, 31 May 2019 08:00:00 -0400 https://vulnerability.garden /vulns/2019/2019-05-31-eternalblue/
(source: https://efail.de) ]]> Fri, 31 May 2019 08:00:00 -0400 https://efail.de /vulns/2019/2019-05-31-efail/
(source: https://duhkattack.com) ]]> Fri, 31 May 2019 08:00:00 -0400 https://duhkattack.com /vulns/2019/2019-05-31-duhk/
(source: https://www.drupal.org/project/drupalgeddon) ]]> Fri, 31 May 2019 08:00:00 -0400 https://www.drupal.org/project/drupalgeddon /vulns/2019/2019-05-31-drupalgeddon/
(source: https://www.drupal.org/sa-core-2018-002) ]]> Fri, 31 May 2019 08:00:00 -0400 https://www.drupal.org/sa-core-2018-002 /vulns/2019/2019-05-31-drupalgeddon-2/
(source: https://drownattack.com) ]]> Fri, 31 May 2019 08:00:00 -0400 https://drownattack.com /vulns/2019/2019-05-31-drown/
(source: https://dirtycow.ninja) ]]> Fri, 31 May 2019 08:00:00 -0400 https://dirtycow.ninja /vulns/2019/2019-05-31-dirty-cow/
(source: https://www.microsoft.com/en-us/msrc/blog/2019/05/prevent-a-worm-by-updating-remote-desktop-services-cve-2019-0708) ]]> Fri, 31 May 2019 08:00:00 -0400 https://www.microsoft.com/en-us/msrc/blog/2019/05/prevent-a-worm-by-updating-remote-desktop-services-cve-2019-0708 /vulns/2019/2019-05-31-bluekeep/
(source: https://www.armis.com/blueborne) ]]> Fri, 31 May 2019 08:00:00 -0400 https://www.armis.com/blueborne /vulns/2019/2019-05-31-blueborne/
(source: https://openssl-library.org/files/tls-cbc.txt) ]]> Fri, 31 May 2019 08:00:00 -0400 https://openssl-library.org/files/tls-cbc.txt /vulns/2019/2019-05-31-beast/
(source: https://blackhat.com/docs/asia-15/materials/asia-15-Mantin-Bar-Mitzvah-Attack-Breaking-SSL-With-13-Year-Old-RC4-Weakness.pdf) ]]> Fri, 31 May 2019 08:00:00 -0400 https://blackhat.com/docs/asia-15/materials/asia-15-Mantin-Bar-Mitzvah-Attack-Breaking-SSL-With-13-Year-Old-RC4-Weakness.pdf /vulns/2019/2019-05-31-barmitzvah/
(source: https://blackhat.com/us-14/video/badusb-on-accessories-that-turn-evil.html) ]]> Fri, 31 May 2019 08:00:00 -0400 https://blackhat.com/us-14/video/badusb-on-accessories-that-turn-evil.html /vulns/2019/2019-05-31-badusb/
(source: http://badlock.org/) ]]> Fri, 31 May 2019 08:00:00 -0400 http://badlock.org/ /vulns/2019/2019-05-31-badlock/