👋
🚀 Featured Articles
-
CVE‑2025‑24801 – GLPI Pre-Authentication RCE
A critical remote code execution (RCE) vulnerability affecting GLPI version 10.0.17. An unauthenticated attacker can upload a malicious PHP file through a vulnerable endpoint and execute it, leading to full system compromise.
📄 Details: [→ Document] -
CVE‑2025‑29927 – Next.js v12–v15 Middleware Bypass
Middleware controls can be bypassed by forging the
x-middleware-subrequestheader in Next.js versions 12 through 15.
📄 Details: [→ Document] -
CVE‑2025‑24813 – Tomcat Session Deserialization RCE
Chained RCE achieved through partial PUT of
.sessionfiles and subsequent deserialization in Apache Tomcat.
📄 Details: [→ Document] -
CVE‑2020‑17530 – Apache Struts2 OGNL Expression RCE
Critical RCE vulnerability in Apache Struts2 caused by improper handling of OGNL expressions.
📄 Details: [→Document] -
CVE‑2022‑24112 – Apache APISIX Batch-Requests RCE
IP-based access control can be bypassed by spoofing
X-Real-IP: 127.0.0.0.1, leading to unauthorized RCE via the batch-requests plugin.
📄 Details: [→ Document] -
CVE‑2025‑27590 – Oxidized Web RCE
Remote command execution through
multipart/form-datainput passed directly to the OS without validation.
📄 Details: [→ Document]