24h | 7d | 30d

CVE-2021-33044

Overview

  • Some Dahua IP Camera, Video Intercom, PTZ Dome Camera, Thermal Camera devices
15 Sep 2021
Published
12 Jan 2026
Updated
CVSS
Pending
EPSS
94.27%
KEV

Description

The identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can bypass device identity authentication by constructing malicious data packets.

Statistics

  • 1 Post
Last activity: 7 hours ago

Bluesky

Profile picture fallback
piggo @pigondrugs.bsky.social
~Checkpoint~ Iranian actors are exploiting Hikvision and Dahua IP cameras in the Middle East for missile battle damage assessment. - IOCs: CVE-2017-7921, CVE-2021-36260, CVE-2021-33044 - #CyberWarfare #Iran #ThreatIntel
  • 0
  • 0
  • 0
  • 7h ago

CVE-2021-36260

Overview

  • Pending
22 Sep 2021
Published
21 Oct 2025
Updated
CVSS
Pending
EPSS
94.44%
KEV

Description

A command injection vulnerability in the web server of some Hikvision product. Due to the insufficient input validation, attacker can exploit the vulnerability to launch a command injection attack by sending some messages with malicious commands.

Statistics

  • 1 Post
Last activity: 7 hours ago

Bluesky

Profile picture fallback
piggo @pigondrugs.bsky.social
~Checkpoint~ Iranian actors are exploiting Hikvision and Dahua IP cameras in the Middle East for missile battle damage assessment. - IOCs: CVE-2017-7921, CVE-2021-36260, CVE-2021-33044 - #CyberWarfare #Iran #ThreatIntel
  • 0
  • 0
  • 0
  • 7h ago

CVE-2017-7921

Overview

  • Hikvision Cameras
06 May 2017
Published
27 Dec 2024
Updated
CVSS
Pending
EPSS
94.10%
KEV

Description

An Improper Authentication issue was discovered in Hikvision DS-2CD2xx2F-I Series V5.2.0 build 140721 to V5.4.0 build 160530, DS-2CD2xx0F-I Series V5.2.0 build 140721 to V5.4.0 Build 160401, DS-2CD2xx2FWD Series V5.3.1 build 150410 to V5.4.4 Build 161125, DS-2CD4x2xFWD Series V5.2.0 build 140721 to V5.4.0 Build 160414, DS-2CD4xx5 Series V5.2.0 build 140721 to V5.4.0 Build 160421, DS-2DFx Series V5.2.0 build 140805 to V5.4.5 Build 160928, and DS-2CD63xx Series V5.0.9 build 140305 to V5.3.5 Build 160106 devices. The improper authentication vulnerability occurs when an application does not adequately or correctly authenticate users. This may allow a malicious user to escalate his or her privileges on the system and gain access to sensitive information.

Statistics

  • 1 Post
Last activity: 7 hours ago

Bluesky

Profile picture fallback
piggo @pigondrugs.bsky.social
~Checkpoint~ Iranian actors are exploiting Hikvision and Dahua IP cameras in the Middle East for missile battle damage assessment. - IOCs: CVE-2017-7921, CVE-2021-36260, CVE-2021-33044 - #CyberWarfare #Iran #ThreatIntel
  • 0
  • 0
  • 0
  • 7h ago

CVE-2026-24061

Overview

  • GNU
  • Inetutils
21 Jan 2026
Published
26 Feb 2026
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
77.92%
KEV

Description

telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for the USER environment variable.

Statistics

  • 1 Post
Last activity: 21 hours ago

Fediverse

Profile picture fallback
pentest-tools.com @pentesttools

February was about moving from detection to proof.

Here are the top updates in Pentest-Tools.com:

๐Ÿงช New research hub - we launched the Offensive Security Research Hub to share original 0-day research, working PoCs, and technical exploit chains built by our own team.

๐Ÿ” ISO 27001 certified - we are officially ISO/IEC 27001:2022 certified, providing verified assurance for your sensitive findings.

๐ŸŽฏ One-click RCE validation - Sniper: Auto-Exploiter now supports controlled exploitation for Telnet (CVE-2026-24061) and Ivanti EPMM (CVE-2026-1281) for confirmed proof-of-impact.

๐Ÿ›ก๏ธ New detection: Redis RCE - identify exploitable Redis instances (CVE-2025-62507) across internet-facing and internal segments.

๐Ÿงญ Granular scan logs - Website and API Scanners now display discoveries in the console output in real-time.

Catch the full breakdown in the video or in this link: pentest-tools.com/change-log

Until next time: Stay sharp. Stay human.

  • 0
  • 0
  • 0
  • 21h ago

CVE-2025-62507

Overview

  • redis
  • redis
04 Nov 2025
Published
26 Feb 2026
Updated
CVSS v4.0
HIGH (7.7)
EPSS
0.12%
KEV

Description

Redis is an open source, in-memory database that persists on disk. In versions 8.2.0 and above, a user can run the XACKDEL command with multiple ID's and trigger a stack buffer overflow, which may potentially lead to remote code execution. This issue is fixed in version 8.2.3. To workaround this issue without patching the redis-server executable is to prevent users from executing XACKDEL operation. This can be done using ACL to restrict XACKDEL command.

Statistics

  • 1 Post
Last activity: 21 hours ago

Fediverse

Profile picture fallback
pentest-tools.com @pentesttools

February was about moving from detection to proof.

Here are the top updates in Pentest-Tools.com:

๐Ÿงช New research hub - we launched the Offensive Security Research Hub to share original 0-day research, working PoCs, and technical exploit chains built by our own team.

๐Ÿ” ISO 27001 certified - we are officially ISO/IEC 27001:2022 certified, providing verified assurance for your sensitive findings.

๐ŸŽฏ One-click RCE validation - Sniper: Auto-Exploiter now supports controlled exploitation for Telnet (CVE-2026-24061) and Ivanti EPMM (CVE-2026-1281) for confirmed proof-of-impact.

๐Ÿ›ก๏ธ New detection: Redis RCE - identify exploitable Redis instances (CVE-2025-62507) across internet-facing and internal segments.

๐Ÿงญ Granular scan logs - Website and API Scanners now display discoveries in the console output in real-time.

Catch the full breakdown in the video or in this link: pentest-tools.com/change-log

Until next time: Stay sharp. Stay human.

  • 0
  • 0
  • 0
  • 21h ago

CVE-2026-1281

Overview

  • Ivanti
  • Endpoint Manager Mobile
29 Jan 2026
Published
26 Feb 2026
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
64.79%
KEV

Description

A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution.

Statistics

  • 1 Post
Last activity: 21 hours ago

Fediverse

Profile picture fallback
pentest-tools.com @pentesttools

February was about moving from detection to proof.

Here are the top updates in Pentest-Tools.com:

๐Ÿงช New research hub - we launched the Offensive Security Research Hub to share original 0-day research, working PoCs, and technical exploit chains built by our own team.

๐Ÿ” ISO 27001 certified - we are officially ISO/IEC 27001:2022 certified, providing verified assurance for your sensitive findings.

๐ŸŽฏ One-click RCE validation - Sniper: Auto-Exploiter now supports controlled exploitation for Telnet (CVE-2026-24061) and Ivanti EPMM (CVE-2026-1281) for confirmed proof-of-impact.

๐Ÿ›ก๏ธ New detection: Redis RCE - identify exploitable Redis instances (CVE-2025-62507) across internet-facing and internal segments.

๐Ÿงญ Granular scan logs - Website and API Scanners now display discoveries in the console output in real-time.

Catch the full breakdown in the video or in this link: pentest-tools.com/change-log

Until next time: Stay sharp. Stay human.

  • 0
  • 0
  • 0
  • 21h ago
Showing 61 to 66 of 66 CVEs