| Date | CVE | Topic | Details | |
|---|---|---|---|---|
| 14/01/2026 | CVE-2025-13175 | Insecure Password Storage in Y Soft SafeQ 6 | Link | |
| 15/12/2025 | CVE-2025-14714 | TCC Bypass via Inherited Permissions in Bundled Interpreter | Link | |
| 10/12/2025 | CVE-2025-64897 | Local Privilege Escalation due to world-writeable permissions in Adobe ColdFusion | Link | |
| 25/09/2025 | CVE-2025-36857 | Rapid7 Appspider Broken Access Control | Link | |
| 16/09/2025 | CVE-2025-10015 | TCC Bypass via Downloader XPC Service in Sparkle | Link | |
| 16/09/2025 | CVE-2025-10016 | Local Privilege Escalation in Sparkle Autoupdate Daemon | Link | |
| 16/09/2025 | CVE-2025-42945 | HTML Injection Vulnerability In SAP NetWeaver Application Server ABAP | Link | |
| 16/09/2025 | CVE-2025-42943 | SAP GUI - NTLM Hash Hijacking via UNC Paths | Link | |
| 26/08/2025 | CVE-2025-8700 | Privilege Escalation via get-task-allow entitlement in Invoice Ninja | Link | |
| 26/08/2025 | CVE-2025-8597 | Privilege Escalation via get-task-allow entitlement in MacVim | Link | |
| 26/08/2025 | CVE-2025-53813 | TCC Bypass via misconfigured Node fuses in Nozbe | Link | |
| 26/08/2025 | CVE-2025-9190 | TCC Bypass via misconfigured Node fuses in Cursor | Link | |
| 26/08/2025 | CVE-2025-53811 | TCC Bypass via misconfigured Node fuses in Mosh-Pro | Link | |
| 11/08/2025 | CVE-2025-8672 | TCC Bypass via Inherited Permissions in Bundled Interpreter in GIMP.app | Link | |
| 07/08/2025 | CVE-2025-8533 | Incorrect Authorization of XPC Service in Fantastical.app | Link | |
| 06/08/2025 | CVE-2024-52885 | Check Point Mobile Access File Share directory traversal attacks | Link | |
| 25/07/2025 | CVE-2025-22165 | Local Privilege Escalation in Sourcetree for Mac | Link | |
| 24/07/2025 | CVE-2024-33510 | SSLVPN WEB UI Text injection | Link | |
| 08/07/2025 | CVE-2025-42979 | SAP GUI - Insecure Key & Secret Management | Link | |
| 29/06/2025 | CVE-2024-24915 | Credential Exposure via Memory Dump in Check Point SmartConsole | Link | |
| 20/06/2025 | CVE-2025-5963 | TCC Bypass via Dylib Injection in Postbox | Link | |
| 20/06/2025 | CVE-2025-5255 | TCC Bypass via Dylib Injection in Phoenix Code | Link | |
| 19/06/2025 | CVE-2024-24916 | DLL HiJacking in SmartConsole for R82 | Link | |
| 28/05/2025 | CVE-2025-4081 | TCC Bypass via Dylib Substitution in DaVinci Resolve | Link | |
| 28/05/2025 | CVE-2025-3864 | Connection Pool Exhaustion In Hackney | Link | |
| 27/05/2025 | CVE-2025-4412 | TCC Bypass via Dylib Loading in Viscosity.app | Link | |
| 22/05/2025 | CVE-2025-4280 | TCC Bypass via Inherited Permissions in Bundled Interpreter in Poedit.app | Link | |
| 21/05/2025 | CVE-2025-1415 | Low-privileged Proget MDM users can access task and device details, including UUIDs, via brute-forced task IDs | Link | |
| 21/05/2025 | CVE-2025-1416 | Low-privileged Proget MDM users can retrieve device passwords using known UUIDs from CVE-2025-1415 or CVE-2025-1417 | Link | |
| 21/05/2025 | CVE-2025-1417 | Low-privileged Proget MDM users can view sensitive data from all device backups, including UUIDs, names, and emails | Link | |
| 21/05/2025 | CVE-2025-1418 | Low-privileged Proget MDM users can access MDM profiles listing allowed and blocked features | Link | |
| 21/05/2025 | CVE-2025-1419 | Improper sanitization in Proget Console comments enables stored XSS by high-privileged users | Link | |
| 21/05/2025 | CVE-2025-1420 | Unsanitized activation messages in Proget Console allow stored XSS attacks by high-privileged users | Link | |
| 21/05/2025 | CVE-2025-1421 | Activation data saved in Proget Console database may lead to remote code execution via malicious CSV opened in Excel | Link | |
| 20/05/2025 | CVE-2025-4951 | Stored Cross-Site Scripting in Rapid7 AppSpider Pro | Link | |
| 14/05/2025 | CVE-2024-10864 | SQL Injection in OpenText Advanced Authentication (NetIQ) | Link | |
| 14/05/2025 | CVE-2024-10865 | Cross-site Scripting in OpenText Advanced Authentication (NetIQ) | Link | |
| 27/04/2025 | CVE-2024-52887 | Check Point Mobile Access portal SNX bookmarks - Cross-Site Scripting (XSS) | Link | |
| 27/04/2025 | CVE-2024-52888 | Check Point Mobile Access portal File Share application - Cross-Site Scripting (XSS) | Link | |
| 18/04/2025 | CC-2390 | Local Privilege Escalation Due to Incorrect DLL Permissions in KeeperChat on macOS | Link | |
| 16/04/2025 | CVE-2025-1983 | Ready_ Symfonia eDokumenty - Cross Site Scripting | Link | |
| 16/04/2025 | CVE-2025-1982 | Ready_ Symfonia eDokumenty - Local File Inclusion | Link | |
| 16/04/2025 | CVE-2025-1981 | Ready_ Symfonia eDokumenty - SQL Injection | Link | |
| 16/04/2025 | CVE-2025-1980 | Ready_ Symfonia eDokumenty - Remote Code Execution | Link | |
| 14/04/2025 | CVE-2024-10087 | Reflected Cross-Site Scripting in SoftCOM iKSORIS Internet Starter Module | Link | |
| 14/04/2025 | CVE-2024-10088 | Reflected Cross-Site Scripting in SoftCOM iKSORIS Internet Starter Module | Link | |
| 14/04/2025 | CVE-2024-10089 | Stored Cross-Site Scripting in SoftCOM iKSORIS Internet Starter Module | Link | |
| 14/04/2025 | CVE-2024-10090 | Reflected Cross-Site Scripting in SoftCOM iKSORIS Internet Starter Module | Link | |
| 14/04/2025 | CVE-2024-13597 | Reflected Cross-Site Scripting in SoftCOM iKSORIS Internet Starter Module | Link | |
| 14/04/2025 | CVE-2024-13598 | Reflected Cross-Site Scripting in SoftCOM iKSORIS Internet Starter Module | Link | |
| 14/04/2025 | CVE-2024-49705 | Client-Side Denial of Service in SoftCOM iKSORIS Internet Starter Module | Link | |
| 14/04/2025 | CVE-2024-49706 | Open Redirect in SoftCOM iKSORIS Internet Starter Module | Link | |
| 14/04/2025 | CVE-2024-49707 | Reflected Cross-Site Scripting in SoftCOM iKSORIS Internet Starter Module | Link | |
| 14/04/2025 | CVE-2024-49708 | Stored Cross-Site Scripting in SoftCOM iKSORIS Internet Starter Module | Link | |
| 14/04/2025 | CVE-2024-49709 | Session Fixation in SoftCOM iKSORIS Internet Starter Module | Link | |
| 26/03/2025 | CVE-2025-2098 | Dylib Hijacking in Fast CAD Reader | Link | |
| 11/03/2025 | CVE-2025-25242 | SAP NetWeaver Application Server ABAP - Cross-Site Scripting (XSS) | Link | |
| 18/02/2025 | CVE-2025-24870 | SAP GUI - Insecure Key & Secret Management | Link | |
| 06/03/2025 | CVE-2024-13892 | Command Injection in Smartwares cameras | Link | |
| 06/03/2025 | CVE-2024-13893 | Shared credentials in Smartwares cameras | Link | |
| 06/03/2025 | CVE-2024-13894 | Path traversal in Smartwares cameras | Link | |
| 28/02/2025 | CVE-2025-22270 | Stored XSS in CyberArk Endpoint Privilege Manager | Link | |
| 28/02/2025 | CVE-2025-22271 | IP Spoofing in CyberArk Endpoint Privilege Manager | Link | |
| 28/02/2025 | CVE-2025-22272 | Self Reflected XSS in CyberArk Endpoint Privilege Manager | Link | |
| 28/02/2025 | CVE-2025-22273 | Lack of rate-limiting in password change mechanism in CyberArk Endpoint Privilege Manager | Link | |
| 28/02/2025 | CVE-2025-22274 | HTML injection in CyberArk Endpoint Privilege Manager | Link | |
| 28/02/2025 | CVE-2025-1413 | DaVinci Resolve Dylib Hijacking | Link | |
| 02/01/2025 | CVE-2024-12907 | Reflected Cross-Site Scripting in Kentico CMS | Link | |
| 17/10/2024 | CVE-2024-50312 | Information Disclosure via GraphQL Introspection in OpenShift | Link | |
| 17/10/2024 | CVE-2024-50311 | OpenShift Denial of Service (DoS) | Link | |
| 31/07/2024 | CVE-2024-41955 | Open Redirect in Login Redirect in MobSF <= 4.0.4 | Link | |
| 28/06/2024 | CVE-2024-28797 | Stored Cross-Site Scripting in IBM InfoSphere DataStage Designer < 11.7.4 | Link | |
| 28/06/2024 | CVE-2024-28795 | Stored Cross-Site Scripting in IBM InfoSphere Information Server < 11.7 | Link | |
| 28/06/2024 | CVE-2024-28794 | Stored Cross-Site Scripting in IBM InfoSphere Information Server < 11.7 | Link | |
| 28/06/2024 | CVE-2024-5737 | AdmirorFrames Joomla! Extension < 5.0 - HTML Injection | Link | |
| 28/06/2024 | CVE-2024-5736 | AdmirorFrames Joomla! Extension < 5.0 - Server-Side Request Forgery | Link | |
| 28/06/2024 | CVE-2024-5735 | AdmirorFrames Joomla! Extension < 5.0 - Full Path Disclosure | Link | |
| 24/05/2024 | CVE-2024-2218 | LuckyWP Table of Contents <= 2.1.4 - Admin+ Stored XSS | Link | |
| 08/05/2024 | CVE-2024-3050 | Site Reviews < 7.0.0 - IP Spoofing | Link | |
| 09/05/2024 | CVE-2024-3459 | KioWare for Windows environment escape | Link | |
| 09/05/2024 | CVE-2024-3460 | KioWare for Windows security control bypass | Link | |
| 09/05/2024 | CVE-2024-3461 | KioWare for Windows PIN brute force | Link | |
| 18/03/2024 | CVE-2024-1606 | HTML injection in BMC Control-M | Link | |
| 18/03/2024 | CVE-2024-1605 | DLL side-loading in BMC Control-M | Link | |
| 18/03/2024 | CVE-2024-1604 | Incorrect authorization in BMC Control-M | Link | |
| 14/02/2024 | CVE-2024-0010 | PAN-OS: Reflected Cross-Site Scripting (XSS) Vulnerability in GlobalProtect Portal | Link | |
| 07/02/2024 | CVE-2024-24816 | Cross-site scripting (XSS) in CKEditor4 samples with the preview feature enabled | Link | |
| 31/01/2024 | CVE-2022-47072 | Sparx Systems - Enterprise Architect SQL Injection | Link | |
| 11/01/2024 | CVE-2023-5118 | Stored XSS in Kofax Capture software | Link | |
| 21/12/2023 | CVE-2023-4925 | Easy Forms for Mailchimp <= 6.8.10 - Admin+ Stored Cross-Site Scripting | Link | |
| 12/12/2023 | CVE-2023-45184 | Decryption key disclosure in IBM i Access Client Solutions due to improper authority checks | Link | |
| 12/12/2023 | CVE-2023-45182 | Possibility to decrypt password-encryption key in IBM i Access Client Solutions allowing an attacker to obtain passwords to other systems | Link | |
| 12/12/2023 | CVE-2023-45185 | Remote Code Execution in IBM i Access Client Solutions | Link | |
| 12/12/2023 | CVE-2023-4932 | Reflected Cross-Site Scripting in SAS 9.4 | Link | |
| 06/11/2023 | CVE-2023-5958 | POST SMTP Mailer < 2.7.1 - Unauthenticated Cross-site Scripting | Link | |
| 06/11/2023 | CVE-2023-5209 | Bookly < 22.5 - Admin+ Stored XSS | Link | |
| 08/08/2023 | CVE-2023-35359 | Windows Kernel Elevation of Privilege Vulnerability | Link | |
| 25/07/2023 | CVE-2023-39062 | Cross-Site Scripting vulnerability in Spipu HTML2PDF before v.5.2.8 | Link | |
| 02/10/2023 | CVE-2023-38419 | Denial of Service of Big-IQ iControl SOAP daemon by an attacker with guest privileges | Link | |
| 02/10/2023 | CVE-2023-38138 | Reflected Cross-site Scripting in BIG-IP Configuration utility | Link | |
| 13/06/2023 | CVE-2023-35840 | elFinder < 2.1.62 - Path Traversal vulnerability in PHP LocalVolumeDriver connector | Link | |
| 20/03/2023 | CVE-2023-1478 | Hummingbird < 3.4.2 - Unauthenticated Path Traversal | Link | |
| 16/03/2023 | CVE-2023-28530 | IBM Cognos Analytics - Stored cross-site scripting caused by improper validation of SVG Files in Custom Visualizations | Link | |
| 18/10/2022 | CVE-2022-40746 | OwnCloud URL spoofing in password reset mail | Link | |
| 16/09/2022 | CVE-2022-40746 | IBM i Access Client Solutions is vulnerable to DLL hijacking when run on a Windows operating system | Link | |
| 25/07/2022 | CVE-2022-36433 | Cross-site Scripting (XSS) in blog-post creation functionality in Amasty Blog Pro for Magento 2 | Link | |
| 25/07/2022 | CVE-2022-36432 | Cross-site Scripting (XSS) in Preview functionality in Amasty Blog Pro for Magento 2 | Link | |
| 11/07/2022 | CVE-2022-35501 | Stored Cross-site Scripting (XSS) in blog-post creation functionality in Amasty Blog Pro for Magento 2 | Link | |
| 11/07/2022 | CVE-2022-35500 | Stored Cross-site Scripting (XSS) in leave comment functionality in Amasty Blog Pro for Magento 2 | Link | |
| 11/07/2022 | CVE-2022-35642 | IBM InfoSphere Information Server is vulnerable to stored cross-site scripting | Link | |
| 12/05/2022 | CVE-2022-30615 | IBM InfoSphere Information Server is vulnerable to cross-site scripting | Link | |
| 28/06/2021 | CVE-2021-34254 | Open Redirection (OurUmbraco) | Link | |
| 16/06/2021 | CVE-2021-3584 | Server-side remote code execution (Foreman) | Link | |
| 08/06/2021 | CVE-2021-1675 | Windows Print Spooler Elevation of Privilege Vulnerability | Link | |
| 07/06/2021 | CVE-2021-24378 | Authenticated Stored XSS (Autoptimize) | Link | |
| 07/06/2021 | CVE-2021-24377 | Race Condition leading to RCE (Autoptimize) | Link | |
| 07/06/2021 | CVE-2021-24376 | Arbitrary File Upload (Autoptimize) | Link | |
| 13/05/2021 | CVE-2021-21559 | Dell EMC NetWorker Security Update for Multiple Vulnerabilities | Link | |
| 13/05/2021 | CVE-2021-21558 | Dell EMC NetWorker Security Update for Multiple Vulnerabilities | Link | |
| 25/09/2020 | CVE-2020-25130 | SQL Injection (Observium) | Link | |
| 25/09/2020 | CVE-2020-25131 | Cross-Site Scripting (Observium) | Link | |
| 25/09/2020 | CVE-2020-25132 | SQL Injection (Observium) | Link | |
| 25/09/2020 | CVE-2020-25133 | Authenticated Directory Traversal And Local File Inclusion (Observium) | Link | |
| 25/09/2020 | CVE-2020-25134 | Authenticated Directory Traversal And Local File Inclusion (Observium) | Link | |
| 25/09/2020 | CVE-2020-25135 | Cross-Site Scripting (Observium) | Link | |
| 25/09/2020 | CVE-2020-25136 | Authenticated Directory Traversal And Local File Inclusion (Observium) | Link | |
| 25/09/2020 | CVE-2020-25137 | Cross Site Scripting (Observium) | Link | |
| 25/09/2020 | CVE-2020-25138 | Cross Site Scripting (Observium) | Link | |
| 25/09/2020 | CVE-2020-25139 | Cross Site Scripting (Observium) | Link | |
| 25/09/2020 | CVE-2020-25140 | Cross Site Scripting (Observium) | Link | |
| 25/09/2020 | CVE-2020-25141 | Cross Site Scripting (Observium) | Link | |
| 25/09/2020 | CVE-2020-25142 | Cross Site Request Forgery (CSRF) (Observium) | Link | |
| 25/09/2020 | CVE-2020-25143 | SQL Injection (Observium) | Link | |
| 25/09/2020 | CVE-2020-25144 | Authenticated Directory Traversal And Local File Inclusion (Observium) | Link | |
| 25/09/2020 | CVE-2020-25145 | Authenticated Directory Traversal And Local File Inclusion (Observium) | Link | |
| 25/09/2020 | CVE-2020-25146 | Cross Site Scripting (Observium) | Link | |
| 25/09/2020 | CVE-2020-25147 | SQL Injection (Observium) | Link | |
| 25/09/2020 | CVE-2020-25148 | Cross Site Scripting (Observium) | Link | |
| 25/09/2020 | CVE-2020-25149 | Authenticated Directory Traversal And Local File Inclusion (Observium) | Link | |
| 03/09/2020 | CVE-2020-25102 | Cross-Site Scripting (SilverStripe Advanced Reports Module) | Link | |
| 26/08/2020 | CVE-2020-5920 | F5 BIG-IP AFM SQL Injection | Link | |
| 11/08/2020 | CVE-2020-1569 | Microsoft Edge Memory Corruption | Link | |
| 17/07/2020 | CVE-2020-15596 | Touchpad driver DLL Hijacking | Link | |
| 29/05/2020 | CVE-2020-13700 | wp plugin acf-to-rest-api Insecure direct object reference via permalinks manipulation | Link | |
| 25/05/2020 | CVE-2020-13484 | Bitrix CRM unauthenticated server side request forgery | Link | |
| 25/05/2020 | CVE-2020-13483 | Bitrix CRM XSS / WAF bypass | Link | |
| 24/05/2020 | CVE-2020-13443 | ExpressionEngine Remote Command Execution via unrestricted file upload | Link | |
| 21/04/2020 | CVE-2020-11976 | Apache Wicket Directory traversal due to guard protection bypass - read wicket markup file source | Link | |
| 13/01/2020 | CVE-2020-6856 | JOC Cockpit, Jobscheduler, XML External Entity | Link | |
| 13/01/2020 | CVE-2020-6855 | JOC Cockpit, Jobscheduler, Denial of Service | Link | |
| 13/01/2020 | CVE-2020-6854 | JOC Cockpit, Jobscheduler, Multiple Stored Cross Site Scripting | Link | |
| 20/11/2019 | CVE-2019-19129 | Afterlogic WebMail Pro 8.3.11 Remote Stored XSS via an attachment name. | Link | |
| 05/08/2019 | CVE-2019-14521 | Arbitrary File Upload leading to RCE (Energy Logserver) | Link | |
| 17/07/2019 | CVE-2020-5907 | TMOS Shell privilege escalation vulnerability | Link | |
| 26/03/2019 | CVE-2019-10070 | Apache Atlas, Stored Cross Site Scripting | Link | |
Visit our blog to read our articles about penetration testing and cybersecurity.
| Date | Topic | Details | |
|---|---|---|---|
| 09/04/2021 | 🎥 | Smart Web Fuzzing, czyli jakie powierzchnie ataku możemy półautomatyzować — Łukasz Mikuła, Warszawskie Dni Informatyki | Link |
| 11/09/2020 | 🎥 | Współczesna infrastruktura Red Teamowa — Łukasz Mikuła, Piotr Madej, Security Case Study | Link |
| 27/02/2020 | 🎥 | Phishing - jak malware trafia do Twojej organizacji — Piotr Madej, OWASP Katowice | Link |
| 29/01/2020 | 🎥 | O pracy pentestera — Piotr Madej, 17 53c - Gliwice Cybersecurity Meetup Group | Link |
| 14/12/2019 | 🎥 | COM to me, baby — Łukasz Mikuła, WTH Conference | Link |
| 14/12/2019 | 🎥 | Logiczne podatności w systemie Windows — Michał Bazyli, WTH Conference | Link |