Back to Blog

Posts tagged Vulnerability Disclosure

CVE-2025-10573: Ivanti EPM Unauthenticated Stored Cross-Site Scripting (Fixed)

Vulnerabilities and Exploits

CVE-2025-10573: Ivanti EPM Unauthenticated Stored Cross-Site Scripting (Fixed)

Ryan Emmons's avatar

Ryan Emmons

CVE-2025-13315, CVE-2025-13316: Critical Twonky Server Authentication Bypass (NOT FIXED)

Vulnerabilities and Exploits

CVE-2025-13315, CVE-2025-13316: Critical Twonky Server Authentication Bypass (NOT FIXED)

Ryan Emmons's avatar

Ryan Emmons

CVE-2025-10184: OnePlus OxygenOS Telephony provider permission bypass (FIXED as of October 11, 2025)

Vulnerabilities and Exploits

CVE-2025-10184: OnePlus OxygenOS Telephony provider permission bypass (FIXED as of October 11, 2025)

Rapid7's avatar

Rapid7

Securden Unified PAM: Multiple Critical Vulnerabilities (FIXED)

Vulnerabilities and Exploits

Securden Unified PAM: Multiple Critical Vulnerabilities (FIXED)

Aaron Herndon's avatar
Marcus Chang's avatar

Aaron Herndon, Marcus Chang

CVE-2025-4365/CVE-2024-12284: NetScaler Console/SDX Authenticated Arbitrary File Read/Write (FIXED)

Vulnerabilities and Exploits

CVE-2025-4365/CVE-2024-12284: NetScaler Console/SDX Authenticated Arbitrary File Read/Write (FIXED)

Calum Hutton's avatar

Calum Hutton

Konica Minolta bizhub Multifunction Printer: Pass-Back Attack Vulnerability (NOT FIXED)

Vulnerabilities and Exploits

Konica Minolta bizhub Multifunction Printer: Pass-Back Attack Vulnerability (NOT FIXED)

Deral Heiland's avatar

Deral Heiland

CVE-2025-6759: Citrix Virtual Apps and Desktops - Local Privilege Escalation (FIXED)

Vulnerabilities and Exploits

CVE-2025-6759: Citrix Virtual Apps and Desktops - Local Privilege Escalation (FIXED)

Brandon Fisher's avatar

Brandon Fisher

Multiple Brother Devices: Multiple Vulnerabilities (FIXED)

Vulnerabilities and Exploits

Multiple Brother Devices: Multiple Vulnerabilities (FIXED)

Stephen Fewer's avatar

Stephen Fewer

CVE-2025-48045, CVE-2025-48046, CVE-2025-48047: MICI NetFax Server Product Vulnerabilities (NOT FIXED)

Vulnerabilities and Exploits

CVE-2025-48045, CVE-2025-48046, CVE-2025-48047: MICI NetFax Server Product Vulnerabilities (NOT FIXED)

Anna Katarina Quinn's avatar

Anna Katarina Quinn

Multiple vulnerabilities in SonicWall SMA 100 series (FIXED)

Threat Research

Multiple vulnerabilities in SonicWall SMA 100 series (FIXED)

Ryan Emmons's avatar

Ryan Emmons

Xerox Versalink C7025 Multifunction Printer: Pass-Back Attack Vulnerabilities (FIXED)

Vulnerabilities and Exploits

Xerox Versalink C7025 Multifunction Printer: Pass-Back Attack Vulnerabilities (FIXED)

Deral Heiland's avatar

Deral Heiland

CVE-2025-1094: PostgreSQL psql SQL injection (FIXED)

Threat Research

CVE-2025-1094: PostgreSQL psql SQL injection (FIXED)

Stephen Fewer's avatar

Stephen Fewer

Lorex 2K Indoor Wi-Fi Security Camera: Multiple Vulnerabilities (FIXED)

Vulnerabilities and Exploits

Lorex 2K Indoor Wi-Fi Security Camera: Multiple Vulnerabilities (FIXED)

Stephen Fewer's avatar

Stephen Fewer

Multiple Vulnerabilities in Wowza Streaming Engine (Fixed)

Threat Research

Multiple Vulnerabilities in Wowza Streaming Engine (Fixed)

Ryan Emmons's avatar

Ryan Emmons

CVE-2024-45195: Apache OFBiz Unauthenticated Remote Code Execution (Fixed)

Exposure Management

CVE-2024-45195: Apache OFBiz Unauthenticated Remote Code Execution (Fixed)

Ryan Emmons's avatar

Ryan Emmons

CVE-2024-6922: Automation Anywhere Automation 360 Server-Side Request Forgery

Exposure Management

CVE-2024-6922: Automation Anywhere Automation 360 Server-Side Request Forgery

Ryan Emmons's avatar

Ryan Emmons

CVE-2024-4978: Backdoored Justice AV Solutions Viewer Software Used in Apparent Supply Chain Attack

Vulnerabilities and Exploits

CVE-2024-4978: Backdoored Justice AV Solutions Viewer Software Used in Apparent Supply Chain Attack

Rapid7's avatar

Rapid7

CVE-2024-27198 and CVE-2024-27199: JetBrains TeamCity Multiple Authentication Bypass Vulnerabilities (FIXED)

Threat Research

CVE-2024-27198 and CVE-2024-27199: JetBrains TeamCity Multiple Authentication Bypass Vulnerabilities (FIXED)

Rapid7's avatar

Rapid7

CVE-2023-47218: QNAP QTS and QuTS Hero Unauthenticated Command Injection (FIXED)

Vulnerabilities and Exploits

CVE-2023-47218: QNAP QTS and QuTS Hero Unauthenticated Command Injection (FIXED)

Stephen Fewer's avatar

Stephen Fewer

CVE-2023-5950 Rapid7 Velociraptor Reflected XSS

Vulnerabilities and Exploits

CVE-2023-5950 Rapid7 Velociraptor Reflected XSS

Dr. Mike Cohen's avatar

Dr. Mike Cohen

Multiple Vulnerabilities in South River Technologies Titan MFT and Titan SFTP [FIXED]

Vulnerabilities and Exploits

Multiple Vulnerabilities in South River Technologies Titan MFT and Titan SFTP [FIXED]

Ron Bowes's avatar

Ron Bowes