poc
Windows Server emergency patches fix WSUS bug with PoC exploit
Microsoft has released out-of-band (OOB) security updates to patch a critical-severity Windows Server Update Service (WSUS) vulnerability with publicly available proof-of-concept exploit code. WSUS is a Microsoft product that enables IT administrators to manage and deliver Windows updates to computers within their network. Tracked as CVE-2025-59287, this remote code execution (RCE) security flaw affects only Windows […]
Researcher to release exploit for full auth bypass on FortiWeb
A security researcher has released a partial proof of concept exploit for a vulnerability in the FortiWeb web application firewall that allows a remote attacker to bypass authentication. The flaw was reported responsibly to Fortinet and is now tracked as CVE-2025-52970. Fortinet released a fix on August 12. Security researcher Aviv Y named the vulnerability FortMajeure and describes it as […]
Fortinet warns of FortiSIEM pre-auth RCE flaw with exploit in the wild
Fortinet is warning about a remote unauthenticated command injection flaw in FortiSIEM that has in-the-wild exploit code, making it critical for admins to apply the latest security updates. FortiSIEM is a central security monitoring and analytics system used for logging, network telemetry, and security incident alerts, serving as an integral part of security operation centers, where […]
Adobe issues emergency fixes for AEM Forms zero-days after PoCs released
Adobe released emergency updates for two zero-day flaws in Adobe Experience Manager (AEM) Forms on JEE after a PoC exploit chain was disclosed that can be used for unauthenticated, remote code execution on vulnerable instances. The flaws are tracked as CVE-2025-54253 and CVE-2025-54254: Adobe has fixed the flaws in the latest versions as described in this advisory. The vulnerabilities […]
Exploit available for critical Cisco ISE bug exploited in attacks
Security researcher Bobby Gould has published a blog post demonstrating a complete exploit chain for CVE-2025-20281, an unauthenticated remote code execution vulnerability in Cisco Identity Services Engine (ISE). The critical vulnerability was first disclosed on June 25, 2025, with Cisco warning that it impacts ISE and ISE-PIC versions 3.3 and 3.4, allowing unauthenticated, remote attackers to […]
CISA warns of attackers exploiting Linux flaw with PoC exploit
CISA has warned U.S. federal agencies about attackers targeting a high-severity vulnerability in the Linux kernel’s OverlayFS subsystem that allows them to gain root privileges. This local privilege escalation security flaw (CVE-2023-0386) is caused by a Linux kernel improper ownership management weakness and was patched in January 2023 and publicly disclosed two months later. Multiple proof-of-concept (PoC) exploits […]
Apache Parquet exploit tool detect servers vulnerable to critical flaw
A proof-of-concept exploit tool has been publicly released for a maximum severity Apache Parquet vulnerability, tracked as CVE-2025-30065, making it easy to find vulnerable servers. The tool was released by F5 Labs researchers who investigated the vulnerability after finding that multiple existing PoCs were either weak or completely non-functional. The tool serves as proof of […]
Samsung MagicINFO 9 Server RCE flaw now exploited in attacks
Hackers are exploiting an unauthenticated remote code execution (RCE) vulnerability in the Samsung MagicINFO 9 Server to hijack devices and deploy malware. Samsung MagicINFO Server is a centralized content management system (CMS) used to remotely manage and control digital signage displays made by Samsung. It is used by retail stores, airports, hospitals, corporate buildings, and […]
Critical Langflow RCE flaw exploited to hack AI app servers
The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has tagged a Langflow remote code execution vulnerability as actively exploited, urging organizations to apply security updates and mitigations as soon as possible. The vulnerability is tracked as CVE-2025-3248 and is a critical unauthenticated RCE flaw that allows any attacker on the internet to take full control of vulnerable […]
New Mirai botnet behind surge in TVT DVR exploitation
A significant spike in exploitation attempts targeting TVT NVMS9000 DVRs has been detected, peaking on April 3, 2025, with over 2,500 unique IPs scanning for vulnerable devices. The attacks attempt to exploit an information disclosure vulnerability first disclosed by an SSD Advisory in May 2024, which published the full exploitation details on retrieving admin credentials in cleartext using […]