Iulian Tita

Posts by this author

• 

  Security research

  When severity scores mislead - the case against single-metric risk models

  Are you still chasing high CVSS scores? Learn how multi-dimensional risk models reveal what attackers really target.

  

  Author(s)

  • Iulian Tita

  Published at

  25 Jun 2025

  Updated at

  25 Jun 2025

• 

  Security research

  Next.js security alert - how to attack and fix CVE-2025-29927

  A single header bypass can compromise your entire Next.js application. Are you at risk? Find out how to fix CVE-2025-29927.

  

  Author(s)

  • Iulian Tita

  Published at

  24 Mar 2025

  Updated at

  29 Jul 2025

• 

  Security research

  Buffer Overflows and Authentication Bypasses - exploiting CVE-2025-0282 and CVE-2024-55591

  A critical Ivanti flaw lets attackers bypass defenses faster than you can patch. But that's not all. A silent vulnerability lurks in Fortinet, too.

  

  Author(s)

  • Iulian Tita

  Published at

  28 Feb 2025

  Updated at

  28 Feb 2025

• 

  Security research

  Unpacking LDAPNightmare (CVE-2024-49113 and CVE-2024-49112)

  Uncover the secrets of LDAPNightmare - crash domain controllers, exploit AD weaknesses, and sharpen your pentesting skills

  

  Author(s)

  • David Bors,
  • Catalin Iovita,
  • Iulian Tita

  Published at

  28 Jan 2025

  Updated at

  28 Jan 2025

• 

  Security research

  How supply chain attacks work and 7 ways to mitigate them

  Your organization is a connected network of vendors, software, and people that keep your business operational. Each of these elements has various degrees of access to sensitive information which a bad actor can use as entry points in supply chain attacks.

  

  Author(s)

  • Iulian Tita

  Published at

  20 Feb 2023

  Updated at

  09 Apr 2024

• 

  Security research

  How to exploit a Remote Code Execution vulnerability in Laravel (CVE-2021-3129)

  I discovered this vulnerability for the first time in the Horizontall machine from Hack The Box, and the conditions in which it’s triggered pushed me to understand it in more detail. CVE-2021-3129 reminds me about a log poisoning vulnerability, but with a different flavor.

  

  Author(s)

  • Iulian Tita

  Published at

  03 Mar 2022

  Updated at

  30 Apr 2024

• 

  Security research

  How to detect and exploit CVE-2021-26084, the Confluence Server RCE

  Thinking like an attacker is the right mindset that can help you better cope with this staggering growth of RCE vulnerabilities. As a pentester, you know it better than anyone. You’re also the best positioned to use your experience and know-how to detect exposed critical assets before malicious actors do. To help you help others, I’ll explore a critical RCE vulnerability in the Atlassian Confluence server across Linux and Windows in this practical guide packed with detection tactics and mitigation methods.

  

  Author(s)

  • Iulian Tita

  Published at

  31 Jan 2022

  Updated at

  24 Mar 2023