A technical deep dive into the discovery of an unauthenticated zero-day vulnerability in the Ninja Forms - File Uploads WordPress extension, which allows arbitrary file uploads, remote code execution, and full server compromise.

Uncovering bypasses, RCE, SSRF, CSRF, and account-takeover vulnerabilities in WSO2 products.

Exploitation of multiple vulnerabilities in GLPI to gain remote code execution from unauthenticated privileges.

In this blog post, we will explore how we can exploit CNEXT, but blind, covering the cases where we have a file read primitive, but cannot get the output.

An authentication bypass vulnerability was found on Jupiter X Core Plugin <= 4.7.5 (CVE-2024-7781).

A pre-authentication remote code execution vulnerability was found on Jupiter X Core Plugin <= 4.6.5 (CVE-2024-7772).