Pre-Auth Root RCE Vulnerability in CyberPanel: Deep Dive Exploit Analysis
A technical analysis of a vulnerability in CyberPanel, a Pre-Auth Root RCE, including confirmed exploitation paths, investigated components, and research methodology findings.
Wed 30 October 2024
Revamped Search, new detection capabilities, actively exploited CVEs and much more.
The latest releases introduces a revamped search UI, new detection capabilities, attack surface & inventory performance improvements, plus much more.
Tue 22 October 2024
Defending Against GraphQL Attacks: A Deep Dive into Common Vulnerabilities
This article is an in-depth look at the most common GraphQL vulnerabilities, why they occur, and how they can be mitigated.
Mon 21 October 2024
Assessing the Large-Scale Exposure of CUPS Vulnerabilities: Chained CVEs Leading to Remote Code Execution
This article assesses the large-scale exposure of systems to multiple CVEs affecting the CUPS printing service, which can be chained together to achieve unauthenticated remote code execution (RCE). We provide an overview of how these vulnerabilities, including CVE-2024-47176, work in tandem, walking through the exploit flow. Additionally, we analyze how many systems are potentially vulnerable and highlight a unique behavior observed during testing.
Wed 16 October 2024
Threat Center v2: 🚨 Staying Ahead of Vulnerabilities 🛡️
The Threat Center provides essential updates for organizations to stay informed about security threats, offering actionable intelligence and detailed asset information to help users proactively protect their systems.
Deep Dive: Stored XSS Vulnerability in LiteSpeed Cache Plugin for WordPress (CVE-2024-47374)
An in-depth look at the CVE-2024-47374 vulnerability affecting LiteSpeed Cache plugin for WordPress, its impact, and a technical breakdown of our detection method.
Latest posts
HTTP2, Private Custom Checks, actively exploited CVE and much more.
The latest releases introduce HTTP/2 support, improve UI and detection, enhance privacy and security measures, and update custom checks and analysis environments for better performance.
Mon 07 October 2024
Actively Exploited CVE-2022-21445, Deep Dive
The article delves into the technical details of this CVE, its potential impact, and the methods used to detect and exploit it.
Wed 25 September 2024
Unraveling the VigorConnect Vulnerability: A Journey of Discovery and Correction
The article uncovers an Arbitrary File Read vulnerability in VigorConnect that lets attackers access sensitive files. The issue originates from improper input validation in file handling methods.
Thu 12 September 2024
Enhanced Vulnerability Detection, Expanded Features, and Critical Fixes
This update introduces enhanced vulnerability detection with AI improvements, new UI features, expanded support for asset types, upgraded network interception, and broader CVE coverage, alongside several bug fixes and optimizations across scanning, fingerprinting, and GitHub Actions.
Mon 09 September 2024
OXO Titan, Support for CVSS4, and Attack Surface search with certificates
Our latest release features a new OnPrem UI, better PDF Reports with insightful graphs, support for CVSS4, plus much more.
Wed 28 August 2024
OXO Titan UI: Simplifying Security Scanning for Everyone
OXO Titan UI encapsulates OXO's capabilities within an accessible interface, democratizing advanced security scanning techniques. This article explores OXO Titan's journey from concept to reality, highlighting its key features and presenting a practical user workflow example.
Mon 26 August 2024
Privacy Compliance Testing, Fingerprint detection, and User Experience Enhancements
Dive into our latest release featuring the introduction of Privacy Compliance Testing, new detection of several fingerprints, and User Experience Enhancements.
Mon 12 August 2024
Threat Center, Account Security Enhancements, and added detection
Dive into our latest release featuring the introduction of a Threat Center, enhanced account security, and new detection.
Mon 05 August 2024
Changelog
View all changesHTTP2, Private Custom Checks, actively exploited CVE and much more.
Mon 07 October 2024
Enhanced Vulnerability Detection, Expanded Features, and Critical Fixes
Mon 09 September 2024
OXO Titan, Support for CVSS4, and Attack Surface search with certificates
Wed 28 August 2024