-
CVE-2023-0669: Unauthenticated RCE in GoAnywhere MFT via Insecure Deserialization
A pre-auth insecure Java deserialization vulnerability in GoAnywhere MFT's LicenseResponseServlet allows unauthenticated attackers to achieve RCE via a crafted bundle parameter....
-
CVE-2023-24329: Bypassing URL Blacklists in Python urllib with a Leading Space
An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters. A single spa...
-
CVE-2023-32315: Path Traversal → RCE in Openfire XMPP Server
Openfire's authentication filter fails to handle Unicode-encoded path traversal sequences (%u002e), allowing unauthenticated access to any admin page. Combined with the built-in...
-
CVE-2023-27350: Authentication Bypass & RCE in PaperCut MF/NG
This vulnerability allows remote attackers to bypass authentication on PaperCut NG 22.0.5. The SetupCompleted class suffers from a session puzzling vulnerability — by invoking i...
-
CVE-2023-21752: Windows Backup Service LPE → SYSTEM via Arbitrary File Delete
The first local Windows kernel privilege escalation of 2023. By abusing a race condition (TOCTOU) in the Windows Backup Service, a low-privileged attacker can delete arbitrary f...
Latest Research