Researchers from Doyensec, together with an independent author known as BitsByWill, have publicly demonstrated a working exploitation chain that enables remote execution of code in the Linux kernel via KSMBD — the in-kernel SMB3...
SAP has addressed two critical vulnerabilities in the NetWeaver Java application server that could allow attackers to execute arbitrary code and fully compromise affected systems. The security updates, released in September 2025, remediate CVE-2025-42922...
Researchers at Oligo Security have uncovered a vulnerability in Apple CarPlay that enables remote code execution with root privileges, granting attackers full control over a vehicle’s multimedia system. The flaw, registered as CVE-2025-24132, resides...
A critical vulnerability has been identified in Apache Jackrabbit, exposing systems to remote code execution and the potential compromise of corporate infrastructure. Tracked as CVE-2025-58782, the flaw impacts two key components — Jackrabbit Core...
Penelope is a powerful shell handler built as a modern netcat replacement for RCE exploitation, aiming to simplify, accelerate, and optimize post-exploitation workflows. Features Session Features Description Unix with Python>=2.3 Unix without Python>=2.3 Windows...
A critical vulnerability, CVE-2025-42957, has been identified in SAP S/4HANA, carrying a near-maximum CVSS score of 9.9. The flaw enables users with only minimal privileges to execute arbitrary code, effectively granting them full control...
TP-Link has confirmed the existence of a new zero-day vulnerability affecting several of its router models. The flaw was first identified by an independent security researcher operating under the alias Mehrun (ByteRay), who reported...
Mandiant researchers have uncovered an attack targeting legacy installations of the Sitecore platform. The attackers exploited a demonstration ASP.NET key that had been publicly included in official documentation until 2017. This flaw, tracked as...
Researchers at Armis Labs have uncovered ten severe vulnerabilities in Copeland’s E2 and E3 industrial controllers, widely deployed by the world’s largest retail chains and cold storage providers. These devices manage refrigeration systems, HVAC,...
Sangoma has issued an urgent alert regarding an actively exploited zero-day vulnerability in FreePBX installations where the Administrator Control Panel (ACP) is exposed to the internet. FreePBX, an open-source IP-PBX built on Asterisk, is...