Overview
Description
Statistics
- 1 Post
Bluesky
Overview
- Elastic
- Kibana
Description
Statistics
- 1 Post
Bluesky
Overview
Description
Statistics
- 1 Post
Fediverse
⚠️ CVE-2026-3377 (HIGH): Buffer overflow in Tenda F453 v1.0.0.3 via /goform/SafeUrlFilter. Public exploit available, no patch yet. Restrict device access & monitor traffic. Details: https://radar.offseq.com/threat/cve-2026-3377-buffer-overflow-in-tenda-f453-c140c206 #OffSeq #Vulnerability #Tenda #Infosec
Overview
- OpenStack
- Vitrage
Description
Statistics
- 1 Post
Overview
- itsourcecode
- University Management System
Description
Statistics
- 1 Post
Fediverse
CVE-2026-3412: Medium XSS in itsourcecode University Management System v1.0. 'dt' param in /att_single_view.php is vulnerable. Public exploit available — patch or mitigate to prevent session hijack & data theft. Details: https://radar.offseq.com/threat/cve-2026-3412-cross-site-scripting-in-itsourcecode-e5baf82a #OffSeq #XSS #Vuln
Overview
- Microsoft
- Windows 10 Version 1809
Description
Statistics
- 1 Post
Fediverse
@tiraniddo Finally, the post I waited for. Back in 2023 I searched for a UAC bypass that is compatible with "always notify" and Windows 10 upwards to complete my chain for any Windows UAC bypass. I used your token reading UAC bypass as a base for older Windows systems. Then I just found CVE-2023-41772 by accident. So this route was burned or at least I thought it was. Then I tried to find a UIAccess bypass and it worked again. That was the moment where I knew not auto-elevate but UIAccess is (and will be) the biggest weakness of UAC. Even without GetProcessHandleFromHwnd there are more options like CSRSS activation cache poisoning, COM injection, abusing WER, ...
As far as I have seen the newest version of administrator protection still has at least one bug, that let's you bypass it, but after the chaos of the first "release", I will rather wait for the full release.
Anyway the PPL bypass might be fixed, but I have another PPL bypass that is "fixed" in 24H2 but still works on 25H2 and preview. The bug is simple, but (unique) exploitation is so dumb, I don't know what to say ... 😅
Overview
Description
Statistics
- 1 Post
Fediverse
🛡️ CVE-2026-3400 (HIGH, CVSS 8.7): Stack-based buffer overflow in Tenda AC15 routers (≤v15.13.07.13) allows unauthenticated remote code execution. PoC code is public. Restrict access & monitor for patches! https://radar.offseq.com/threat/cve-2026-3400-stack-based-buffer-overflow-in-tenda-c665b93a #OffSeq #Infosec #CVE #Vulnerability
Overview
Description
Statistics
- 1 Post
Fediverse
🔎 CVE-2026-3408 (MEDIUM): Open Babel 3.1.0/3.1.1 vulnerable to DoS via null pointer dereference in CDXML handler. Exploit public, patch available (commit e23a224b8fd9…). Update now to prevent app crashes! https://radar.offseq.com/threat/cve-2026-3408-null-pointer-dereference-in-open-bab-da0da361 #OffSeq #OpenBabel #VulnAlert
Overview
- itsourcecode
- News Portal Project
Description
Statistics
- 1 Post
Overview
- Red Hat
- Red Hat Enterprise Linux 10
- libsoup3
Description
Statistics
- 1 Post