CVE-2024-9264 banner

CVE-2024-9264: Command Injection and Local File Inclusion in Grafana

CVE-2024-9264 is a critical security vulnerability that affects Grafana. This vulnerability, stemming from the newly introduced SQL Expressions feature, allows for remote code execution (RCE) and local file inclusion (LFI) attacks.

CVE-2024-9264: Command Injection and LFI in Grafana

CVE-2024-48914

CVE-2024-48914: Arbitrary File Read Vulnerability in Vendure

CVE-2024-48914 is a critical security vulnerability that affects older versions of Vendure, an open-source headless commerce platform. This vulnerability allows attackers to exploit a flaw in the asset server plugin to read arbitrary files on the server.

CVE-2022-44268 banner

CVE-2022-44268: Arbitrary File Disclosure in ImageMagick

CVE-2022-44268 is a critical vulnerability residing within ImageMagick, a popular open-source image processing library. This vulnerability exposes systems running affected versions of ImageMagick to information disclosure attacks.

CVE-2021-43798 banner

CVE-2021-43798: Path Traversal in Grafana

In this blog, we will dissect the technical details, impact potential and a proof of concept of CVE-2021-43798 (Grafana path traversal vulnerability) using an exploit script.

CVE-2021-3129 banner

CVE-2021-3129: Remote Code Execution in Laravel

In the ever-evolving landscape of web security, the 2021 discovery of CVE-2021-3129, a critical remote code execution (RCE) vulnerability in Laravel's Ignition debugging tool, sent shivers down the spines of developers worldwide.

CVE-2024-28116 banner

CVE-2024-28116: Server-Side Template Injection in Grav CMS

This blog post dives into CVE-2024-28116, a recently discovered vulnerability in Grav CMS versions prior to 1.7.45. This vulnerability allows an attacker with editor permissions to achieve Remote Code Execution (RCE) on the underlying server.

cve-2022-42889 banner

CVE-2022-42889: Remote Code Execution in Apache Commons Text

Apache Commons Text, a widely-used library for text manipulation, found itself facing such a threat in late 2022 with the discovery of CVE-2022-42889, a critical flaw enabling arbitrary code execution (ACE).

Ethical Hacking

Ethical Hacking