Dolibarr ERP and CRM version 13.0.2 suffer from a remote code execution vulnerability.

This Metasploit module demonstrates that by removing the authentication exchange, an attacker can issue requests to the local OMI management socket that will cause it to execute an operating system…

A use after free vulnerability exists in the NtGdiResetDC() function of Win32k which can be leveraged by an attacker to escalate privileges to those of NT AUTHORITYSYSTEM. The flaw exists…

FormaLMS versions 2.4.4 and below suffer from an authentication bypass vulnerability.

YeaLink SIP-TXXXP version 53.84.0.15 suffers from a remote command injection vulnerability.

AbsoluteTelnet version 11.24 suffers from multiple denial of service vulnerabilities.

This is another variant of the Apache HTTP server version 2.4.50 remote code execution exploit.

The WSAQuerySocketSecurity API returns full anonymous impersonation tokens for connected peers in an AppContainer leading to a sandbox escape.

A use after free vulnerability exists in the NtGdiResetDC() function of Win32k which can be leveraged by an attacker to escalate privileges to those of NT AUTHORITY\SYSTEM. The flaw exists…