PoC

Chinese state-sponsored cyber group APT40 is amazingly fast at adapting public proof-of-concept (PoC) exploits for vulnerabilities in widely used software, an advisory …

A critical SQL injection vulnerability in Fortra FileCatalyst Workflow (CVE-2024-5276) has been patched; a PoC exploit is already available online. While there’s …

Progress Software has patched one critical (CVE-2024-5805) and one high-risk (CVE-2024-5806) vulnerability in MOVEit, its widely used managed file transfer (MFT) software …

Zyxel has released patches for three critical vulnerabilities (CVE-2024-29972, CVE-2024-29973, and CVE-2024-29974) affecting two network-attached storage (NAS) devices that …

Ethical hacker Alexander Hagenah has created TotalRecall, a tool that demonstrates how malicious individuals could abuse Windows’ newly announced Recall feature to steal …

Security researchers have published a proof-of-concept (PoC) exploit that chains together two vulnerabilities (CVE-2024-4358, CVE-2024-1800) to achieve unauthenticated remote …

If you’re self-hosting an Atlassian Confluence Server or Data Center installation, you should upgrade to the latest available version to fix a high-severity RCE flaw …

Horizon3.ai researches have released proof-of-concept (PoC) exploits for CVE-2024-23108 and CVE-2023-34992, vulnerabilities that allow remote, unauthenticated command …

Researchers have found 15 vulnerabilities in QNAP’s network attached storage (NAS) devices, and have released a proof-of-concept for one: an unauthenticated stack …

Technical details about and a proof-of-concept (PoC) exploit for CVE-2024-22026, a privilege escalation bug affecting Ivanti EPMM, has been released by the …

There are proof-of-concept techniques allowing attackers to achieve persistence on Palo Alto Networks firewalls after CVE-2024-3400 has been exploited, the company has …

More details of and a proof-of-concept exploit for an unauthenticated OS command injection vulnerability (CVE-2024-2389) in Flowmon, Progress Software’s network …