Vulnerabilities

Security vulnerabilities, exploit techniques, vulnerability analysis, and penetration testing methodologies.

All Articles General Vulnerabilities Full-Stack Security Network Security

September 16, 2025

CVE-2023-44487 - HTTP/2 Rapid Reset Denial of Service

A remote unauthenticated attacker can exploit the HTTP/2 Rapid Reset vulnerability to perform a high-impact denial-of-service attack by rapidly opening and resetting streams, exhausting server resources.

#CVE-2023-44487#HTTP/2#DDoS+1

CVE-2025-41228 - VMware vSphere Client 8.0.3.0 XSS

Vulnerabilities

August 11, 2025

CVE-2025-41228 - VMware vSphere Client 8.0.3.0 XSS

Reflected XSS in VMware vSphere Client 8.0.3.0 via unsanitized query string on /folder endpoint.

#CVE-2025-41228#VMware#XSS

CVE-2023-43320 Proxmox VE - TOTP Brute Force

Vulnerabilities

January 31, 2024

CVE-2023-43320 Proxmox VE - TOTP Brute Force

Defensive advisory and mitigation guidance for reported Proxmox VE TOTP brute-force activity. PoC code omitted for safety.

#Proxmox#TOTP#Brute Force+2

CVE-2023-6553 - WordPress Backup Migration Plugin Remote Code Execution

Vulnerabilities

December 11, 2023

CVE-2023-6553 - WordPress Backup Migration Plugin Remote Code Execution

Unauthenticated remote code execution in WordPress Backup Migration plugin (≤1.3.7) via PHP filter chain injection through Content-Dir header manipulation. Critical web application vulnerability enabling complete server compromise.

#CVE-2023-6553#WordPress#Backup Migration+5

CVE-2019-3924 - MikroTik RouterOS Firewall and NAT Bypass

Vulnerabilities

February 21, 2019

CVE-2019-3924 - MikroTik RouterOS Firewall and NAT Bypass

Remote unauthenticated proxying of traffic through MikroTik RouterOS via agent binary probes. Demonstrates WAN-to-LAN access and firewall/NAT bypass.

#CVE-2019-3924#MikroTik#RouterOS+4

Looking for Professional Support?

Work with our expert team on Vulnerabilities. Contact us for security assessment and consulting services.

Get In Touch