/r/netsec - Information Security News & Discussion

New Vulnerabilities in Foscam X5

By: ／u／SSDisclosure — May 20^th 2025 at 11:59

Multiple vulnerabilities were discovered in Foscam X5. These vulnerabilities allow a remote attacker to trigger code execution vulnerabilities in the product.

submitted by /u/SSDisclosure
[link] [comments]

/r/netsec - Information Security News & Discussion

New writeup: a vulnerability in PHP's extract() function allows attackers to trigger a double-free, which in turn allows arbitrary code execution (native code)

By: ／u／SSDisclosure — April 17^th 2025 at 07:17

submitted by /u/SSDisclosure
[link] [comments]

/r/netsec - Information Security News & Discussion

How a critical RCE vulnerability in Calix's CWMP service allows attackers to execute system commands as root due to improper input sanitization, leading to full system compromise.

By: ／u／SSDisclosure — April 10^th 2025 at 13:39

submitted by /u/SSDisclosure
[link] [comments]

/r/netsec - Information Security News & Discussion

Learn how an out-of-bounds write vulnerability in the Linux kernel can be exploited to achieve an LPE (CVE-2025-0927)

By: ／u／SSDisclosure — March 18^th 2025 at 12:35

submitted by /u/SSDisclosure
[link] [comments]

/r/netsec - Information Security News & Discussion

An independent security researcher collaborating with SSD Secure Disclosure has identified a critical RCE vulnerability in Palo Alto Expedition.

By: ／u／SSDisclosure — January 15^th 2025 at 11:20

submitted by /u/SSDisclosure
[link] [comments]

/r/netsec - Information Security News & Discussion

New Windows Privilege Escalation Vulnerability!

By: ／u／SSDisclosure — December 19^th 2024 at 16:32

submitted by /u/SSDisclosure
[link] [comments]

/r/netsec - Information Security News & Discussion

A vulnerability in the Common Log File System (CLFS) driver allows a local user to gain elevated privileges on Windows 11

By: ／u／SSDisclosure — October 25^th 2024 at 09:23

submitted by /u/SSDisclosure
[link] [comments]

/r/netsec - Information Security News & Discussion

A vulnerability in the Nortek Linear eMerge E3 allows remote unauthenticated attackers to cause the device to execute arbitrary commands

By: ／u／SSDisclosure — September 25^th 2024 at 12:02

submitted by /u/SSDisclosure
[link] [comments]

/r/netsec - Information Security News & Discussion

A vulnerability in LANCOM LCOS web interface (usually listening on port 443) allows a remote attacker to trigger a heap overflow in the service listening on this port

By: ／u／SSDisclosure — September 17^th 2024 at 09:43

submitted by /u/SSDisclosure
[link] [comments]

/r/netsec - Information Security News & Discussion

How a vulnerability in WifiKey's AC Gateway allows remote attackers to trigger a pre-auth RCE

By: ／u／SSDisclosure — January 22^nd 2024 at 16:54

submitted by /u/SSDisclosure
[link] [comments]

/r/netsec - Information Security News & Discussion

New advisory: File History Service (fhsvc.dll) Elevation of Privilege - SSD Secure Disclosure

By: ／u／SSDisclosure — September 3^rd 2023 at 14:19

submitted by /u/SSDisclosure
[link] [comments]

/r/netsec - Information Security News & Discussion

EdgeRouters's & AirCube's vulnerability allows LAN attackers to cause the service to overflow an internal heap and potentially execute arbitrary code

By: ／u／SSDisclosure — July 9^th 2023 at 08:20

submitted by /u/SSDisclosure
[link] [comments]

/r/netsec - Information Security News & Discussion

A vulnerability in Roundcube’s markasjunk plugin allows attackers that send a specially crafted identity email address to cause the plugin to execute arbitrary code.

By: ／u／SSDisclosure — June 6^th 2023 at 09:07

submitted by /u/SSDisclosure
[link] [comments]