Categories
Security research
Here’s where our security researchers analyze and share insights about the latest vulnerabilities, providing details on how they work, or how to exploit them.
DotNetNuke: XSS to RCE (CVE-2026-40321)
DotNetNuke (DNN) might be a leading CMS in the Microsoft ecosystem, but a routine test on an older version accidentally led us straight to a brand-new 0-day. In this write-up, we escalate a simple Stored XSS vulnerability into a full Remote Code Execution (RCE) chain (CVE-2026-40321). Read the full article to see how we smuggled payloads inside SVG files, weaponized DNN's internal messaging to spear-phish admins, and seamlessly dropped an ASPX backdoor right into the server root
- Author(s)
- Published at
- Updated at
Throwing a spark into FuelCMS
FuelCMS v1.5.2 might be an older, largely unmaintained project, but its codebase is still highly combustible. In our latest research sprint, we uncovered seven new vulnerabilities lurking under the hood. Read the full article to see the raw HTTP requests, learn how we bypassed brute-force rate limits, and watch us turn simple template syntax into a full system compromise.
- Author(s)
- Published at
- Updated at
cPanel - The valid, the suspect, and the 3rd party (Part 1)
Ever wondered what you can still do with 25-year-old code in a modern hosting environment? PTT-2025-021 was quite the journey! Unpack this (potentially Remote) Code Execution vulnerability we discovered and disclosed, which lets you bypass restricted environments like cPanel's jailshell. In part 1 of 3, we break down how an unsafe Perl "open" function became our ticket to a executing arbitrary system commands - and how the exploit works.
- Author(s)
- Published at
- Updated at
A comprehensive deep dive into React2Shell (CVE-2025-55182)
React2Shell (CVE-2025-55182) is a CVSS 10.0, pre-auth remote code execution flaw in the React Server Components Flight protocol. This deep dive maps affected React and Next.js versions, explains the deterministic exploit chain, summarizes in-the-wild abuse, and lays out detection, mitigation, and validation steps you can apply in real environments.
- Author(s)
- Published at
- Updated at
How we built an exploit for SessionReaper, CVE-2025-54236 in Magento 2 & Adobe Commerce
Here's how we weaponized SessionReaper (CVE-2025-54236) against Magento 2, chaining ServiceInputProcessor quirks and a session proxy setter to forge customer sessions and hijack accounts. Our lab-tested PoC exposes attack surface, a possible preauth RCE, and an automated exploit - a practical walkthrough for researchers who like coffee strong and bugs reliable.
- Published at
- Updated at
What is CVE-2024-6387? Understand RegreSSHion, the OpenSSH vulnerability
CVE-2024-6387, aka regreSSHion, is a new critical vulnerability affecting OpenSSH which remote, unauthenticated attackers can use to execute remote code. But there's more to this CVE than meets the eye
- Author(s)
- Published at
- Updated at
How these vulnerabilities pushed offensive security forward
Not all vulnerabilities are alike. Some are true game-changers, uncovering new possibilities, and more layers of complexity to explore. Let’s look at what five of the most notorious vulnerabilities from the past decade taught us - and how they shaped the infosec community.
- Author(s)
- Published at
- Updated at
