#securityadvisories — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #securityadvisories, aggregated by home.social.
-
The pentest professionals at #usdHeroLab identified a vulnerability in #EntraID during a cloud #pentest that allows the circumvention of conditional access policies for privileged identities.
Two additional vulnerabilities were identified during a web application pentest of #Tenable Nessus Manager, which allow low-privileged users to read arbitrary files at the operating system level.
All #vulnerabilities were reported to the vendors as part of our Responsible Disclosure policy.
🔎 You can find detailed information on the #SecurityAdvisories here: https://www.usd.de/en/security-advisories-entra-id-tenable-nessus-manager/
#SecurityResearch #SecurityAdvisory #moresecurity #NessusManager #Pentesting #Hacking #CVE_2026_3493 #AppSec #InfoSec #CyberSecurity
-
The pentest professionals at #usdHeroLab identified a vulnerability in #EntraID during a cloud #pentest that allows the circumvention of conditional access policies for privileged identities.
Two additional vulnerabilities were identified during a web application pentest of #Tenable Nessus Manager, which allow low-privileged users to read arbitrary files at the operating system level.
All #vulnerabilities were reported to the vendors as part of our Responsible Disclosure policy.
🔎 You can find detailed information on the #SecurityAdvisories here: https://www.usd.de/en/security-advisories-entra-id-tenable-nessus-manager/
#SecurityResearch #SecurityAdvisory #moresecurity #NessusManager #Pentesting #Hacking #CVE_2026_3493 #AppSec #InfoSec #CyberSecurity
-
The pentest professionals at #usdHeroLab identified a vulnerability in #EntraID during a cloud #pentest that allows the circumvention of conditional access policies for privileged identities.
Two additional vulnerabilities were identified during a web application pentest of #Tenable Nessus Manager, which allow low-privileged users to read arbitrary files at the operating system level.
All #vulnerabilities were reported to the vendors as part of our Responsible Disclosure policy.
🔎 You can find detailed information on the #SecurityAdvisories here: https://www.usd.de/en/security-advisories-entra-id-tenable-nessus-manager/
#SecurityResearch #SecurityAdvisory #moresecurity #NessusManager #Pentesting #Hacking #CVE_2026_3493 #AppSec #InfoSec #CyberSecurity
-
The pentest professionals at #usdHeroLab identified a vulnerability in #EntraID during a cloud #pentest that allows the circumvention of conditional access policies for privileged identities.
Two additional vulnerabilities were identified during a web application pentest of #Tenable Nessus Manager, which allow low-privileged users to read arbitrary files at the operating system level.
All #vulnerabilities were reported to the vendors as part of our Responsible Disclosure policy.
🔎 You can find detailed information on the #SecurityAdvisories here: https://www.usd.de/en/security-advisories-entra-id-tenable-nessus-manager/
#SecurityResearch #SecurityAdvisory #moresecurity #NessusManager #Pentesting #Hacking #CVE_2026_3493 #AppSec #InfoSec #CyberSecurity
-
The pentest professionals at #usdHeroLab identified a vulnerability in #EntraID during a cloud #pentest that allows the circumvention of conditional access policies for privileged identities.
Two additional vulnerabilities were identified during a web application pentest of #Tenable Nessus Manager, which allow low-privileged users to read arbitrary files at the operating system level.
All #vulnerabilities were reported to the vendors as part of our Responsible Disclosure policy.
🔎 You can find detailed information on the #SecurityAdvisories here: https://www.usd.de/en/security-advisories-entra-id-tenable-nessus-manager/
#SecurityResearch #SecurityAdvisory #moresecurity #NessusManager #Pentesting #Hacking #CVE_2026_3493 #AppSec #InfoSec #CyberSecurity
-
Our pentest professionals at #usdHeroLab identified several vulnerabilities in #KofaxCommunicationServer (KCS) and in the #ArcGIS scripting language Arcade ranging from path traversal to XSS.
All #vulnerabilities were responsibly reported to the vendors.
👉 Details on our #SecurityAdvisories can be found here: https://www.usd.de/en/security-advisories-kofax-communication-server-arcgis-arcade/
-
Our pentest professionals at #usdHeroLab identified several vulnerabilities in #KofaxCommunicationServer (KCS) and in the #ArcGIS scripting language Arcade ranging from path traversal to XSS.
All #vulnerabilities were responsibly reported to the vendors.
👉 Details on our #SecurityAdvisories can be found here: https://www.usd.de/en/security-advisories-kofax-communication-server-arcgis-arcade/
-
Our pentest professionals at #usdHeroLab identified several vulnerabilities in #KofaxCommunicationServer (KCS) and in the #ArcGIS scripting language Arcade ranging from path traversal to XSS.
All #vulnerabilities were responsibly reported to the vendors.
👉 Details on our #SecurityAdvisories can be found here: https://www.usd.de/en/security-advisories-kofax-communication-server-arcgis-arcade/
-
Our pentest professionals at #usdHeroLab identified several vulnerabilities in #KofaxCommunicationServer (KCS) and in the #ArcGIS scripting language Arcade ranging from path traversal to XSS.
All #vulnerabilities were responsibly reported to the vendors.
👉 Details on our #SecurityAdvisories can be found here: https://www.usd.de/en/security-advisories-kofax-communication-server-arcgis-arcade/
-
Our pentest professionals at #usdHeroLab identified several vulnerabilities in #KofaxCommunicationServer (KCS) and in the #ArcGIS scripting language Arcade ranging from path traversal to XSS.
All #vulnerabilities were responsibly reported to the vendors.
👉 Details on our #SecurityAdvisories can be found here: https://www.usd.de/en/security-advisories-kofax-communication-server-arcgis-arcade/
-
Want to know how to write and distribute #SecurityAdvisories that can be parsed and processed automatically?
Freshly announced are this years workshops for the Common Security Advisory Framework (#CSAF). They will be held in Nuremberg, Germany, November 10th to 12th.
See https://www.csaf.io/workshops/2025/
(right after this are the CSAF Community-Days). -
Unauthenticated RCE in Agorum Core Open!
During their regular security analyses, our pentest professionals from #usdHeroLab examined the open source software #AgorumCoreOpen.
They discovered multiple #vulnerabilities that, when chained together, allow an unauthenticated attacker to achieve full remote code execution with root privileges. This critical flaw enables complete system compromise without prior authentication.
📰👉 Detailed information on the published #SecurityAdvisories can be found here: https://www.usd.de/en/security-advisories-on-agorum-core-open/
#Pentest #Pentesting #moresecurity #RCE #CyberSecurity #InfoSec
-
Unauthenticated RCE in Agorum Core Open!
During their regular security analyses, our pentest professionals from #usdHeroLab examined the open source software #AgorumCoreOpen.
They discovered multiple #vulnerabilities that, when chained together, allow an unauthenticated attacker to achieve full remote code execution with root privileges. This critical flaw enables complete system compromise without prior authentication.
📰👉 Detailed information on the published #SecurityAdvisories can be found here: https://www.usd.de/en/security-advisories-on-agorum-core-open/
#Pentest #Pentesting #moresecurity #RCE #CyberSecurity #InfoSec
-
Unauthenticated RCE in Agorum Core Open!
During their regular security analyses, our pentest professionals from #usdHeroLab examined the open source software #AgorumCoreOpen.
They discovered multiple #vulnerabilities that, when chained together, allow an unauthenticated attacker to achieve full remote code execution with root privileges. This critical flaw enables complete system compromise without prior authentication.
📰👉 Detailed information on the published #SecurityAdvisories can be found here: https://www.usd.de/en/security-advisories-on-agorum-core-open/
#Pentest #Pentesting #moresecurity #RCE #CyberSecurity #InfoSec
-
Unauthenticated RCE in Agorum Core Open!
During their regular security analyses, our pentest professionals from #usdHeroLab examined the open source software #AgorumCoreOpen.
They discovered multiple #vulnerabilities that, when chained together, allow an unauthenticated attacker to achieve full remote code execution with root privileges. This critical flaw enables complete system compromise without prior authentication.
📰👉 Detailed information on the published #SecurityAdvisories can be found here: https://www.usd.de/en/security-advisories-on-agorum-core-open/
#Pentest #Pentesting #moresecurity #RCE #CyberSecurity #InfoSec
-
🔍 Our professionals at the usd HeroLab have closely examined the software #Vtiger. They discovered two vulnerabiltiies that allow low-privileged authorized users to upload files and thereby execute arbitrary code.
👉 You can find more information in the full security advisories: https://www.usd.de/en/security-advisories-vtiger/
#SecurityAdvisories #Pentest #Pentesting #moresecurity -
Here’s a collection of the #SecurityAdvisories that I’ve published over the years:
https://github.com/0xdea/advisories
If you’re interested in #VulnerabilityResearch and #ExploitDevelopment, on @github and on the @hnsec blog you can also find a trilogy of talks on these topics that I delivered between 2019 and 2021:
https://github.com/0xdea/raptor_infiltrate19
https://github.com/0xdea/raptor_infiltrate20
https://github.com/0xdea/raptor_romhack21
I hope you’ll enjoy them!
-
Does anyone know if it's possible to sign up to get CISA's Directives? I'm already signed up for the daily Advisories and weekly Bulletins, but there are lots of them, and I'd like to get a separate feed of just industry-wide critical responses.
#cisa #incidentresponse #SecurityAdvisories -
📢#CVE202237955: The #usdHeroLab analysts identified a vulnerability in Microsoft Windows Group Policy Updates that leads to Improper Link Resolution Before File Access (Privilege Escalation CWE-59)
👇💻
https://herolab.usd.de/security-advisories/usd-2022-0034/#itsecurity #cve #SecurityAdvisories #zeroday #Microsoft #cybersecurity
-
Hello Fediverse! We protect companies against Hacker and Criminals. Our work is as dynamic and diverse as the threat itself. #moresecurity is our mission which underlines every step we take. The exchange of knowledge with the Community is important to us. Because #moresecurity can
reach its full potential with many comrades joining the mission.Follow us for exciting IT security Content.
#EthicalHacking #Pentesting #SecurityAdvisories #ZeroDayExploits #HackingEvents #CTFs #Compliance #PentestingTools #OpenSourceTools #SecurityAudits #PaymentSecurity
-
Hello Fediverse! We protect companies against Hacker and Criminals. Our work is as dynamic and diverse as the threat itself. #moresecurity is our mission which underlines every step we take. The exchange of knowledge with the Community is important to us. Because #moresecurity can
reach its full potential with many comrades joining the mission.Follow us for exciting IT security Content.
#EthicalHacking #Pentesting #SecurityAdvisories #ZeroDayExploits #HackingEvents #CTFs #Compliance #PentestingTools #OpenSourceTools #SecurityAudits #PaymentSecurity
-
Hello Fediverse! We protect companies against Hacker and Criminals. Our work is as dynamic and diverse as the threat itself. #moresecurity is our mission which underlines every step we take. The exchange of knowledge with the Community is important to us. Because #moresecurity can
reach its full potential with many comrades joining the mission.Follow us for exciting IT security Content.
#EthicalHacking #Pentesting #SecurityAdvisories #ZeroDayExploits #HackingEvents #CTFs #Compliance #PentestingTools #OpenSourceTools #SecurityAudits #PaymentSecurity
-
Hello Fediverse! We protect companies against Hacker and Criminals. Our work is as dynamic and diverse as the threat itself. #moresecurity is our mission which underlines every step we take. The exchange of knowledge with the Community is important to us. Because #moresecurity can
reach its full potential with many comrades joining the mission.Follow us for exciting IT security Content.
#EthicalHacking #Pentesting #SecurityAdvisories #ZeroDayExploits #HackingEvents #CTFs #Compliance #PentestingTools #OpenSourceTools #SecurityAudits #PaymentSecurity
-
Hello Fediverse! We protect companies against Hacker and Criminals. Our work is as dynamic and diverse as the threat itself. #moresecurity is our mission which underlines every step we take. The exchange of knowledge with the Community is important to us. Because #moresecurity can
reach its full potential with many comrades joining the mission.Follow us for exciting IT security Content.
#EthicalHacking #Pentesting #SecurityAdvisories #ZeroDayExploits #HackingEvents #CTFs #Compliance #PentestingTools #OpenSourceTools #SecurityAudits #PaymentSecurity